Data Governance – Part 4: Scalable Remote Access Infrastructure

Designation Number:
CAN/CIOSC 100-4:20XX
Standard Type:
National Standard of Canada - Domestic
Standard Development Activity:
New Standard
ICS code(s):
35.020; 35.030
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:

Scope:

Scope
Note: CIO Strategy Council announced an organizational name change to the Digital Governance Council (DGC), effective January 30, 2023 and the creation of a new standards development division, Digital Governance Standards Institute (DGSI). This standard presents a set of requirements to help organizations mitigate security risks associated with, and scalability demands upon, enterprise technologies used for remote access. The standard also provides guidance to organizations needing to react to unprecedented and unplanned shifts in their workforce to support work-from-home mandates. This standard applies to all organizations, including public and private companies, government entities, and not-for-profit organizations.

Project need:

Project Need
Technical Committee has determined maintenance of an already existing CIO Strategy Council Publicly Available Specification, to convert to a National Standard of Canada. The world in which we live, and the way people work everyday has been certainly changed by the COVID-19 pandemic. Businesses, governments and CIOs everywhere are forced to explore new methods to effectively scale-up their remote access protocols, while at the same time manage costs and controls over the inherent security risks associated with remote connectivity into their information technology infrastructure assets. Remote workers typically use either a company-provided endpoint device (laptop) or a personal device connected from home networks via VPN to the corporate network. It’s this infrastructure that cannot scale at the speeds by which the work-from-home movement has shifted. It’s this remote connectivity model that has been directly attributed to network intrusions affecting large multi-national firms and many others as reported over the years. The standard would provide a framework and set of characteristics which, when adopted, enable the secure and rapid scale-up of the infrastructure needed to support the remote work requirements and directly addresses the weaknesses of the current security model which has directly led to these network intrusions. The access technology in place today is supported by physical remote access and VPN servers placing remote worker endpoint devices directly onto corporate networks. The access technology in place today is far less secure than many realize. This standard would present a set of requirements which, when followed, yield an operational IT environment which allows enterprises to rapidly scale up and down to meet the dynamic and unpredictable demands of employees needing to shift their work habits to a work-from-home (WFH) model, and continue to meet the enterprise security needs. This set of requirements is vendor-agnostic and does not prescribe specific tooling, rather general practices which once met, achieves the scalability and security requirements.

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.