Granting More Open Access to the Internet for IITB Employees
Summary
Departments are leveraging Web tools or Software as a Service (SaaS) to collaborate and engage with citizens and public administrations both in Canada and across the globe. For example, the latest Open Government Plan and Service and Digital Target Architecture from TBS were shared as drafts for consultation and comments on Google Docs. Many teams are also using Slack or GCmessage to communicate internally and across departments. The GC Digital Academy and Free Agents, as well as other groups, frequently use Google Forms for registration.
In order to improve ESDC’s ability to leverage current Web tools, a more open access to Web tools or Software as a Service (SaaS) for IITB employees is recommended, as a step toward broader open access to the Internet for more ESDC employees.
IITB employees produce the software and tools needed by ESDC Staff to perform their duties. IITB employees work description does not require them to process client files like ESDC front staff do. Producing the software and tools require important amount of collaboration between teams in order to remain responsive to client’s need. In addition, the benefits should bring great value such as enhancing collaboration and efficiency, increasing job satisfaction and helping attract and retain IT talent. It would also avoid having to use workarounds or alternative sites.
Appendix B lists Web tools already accessible on the ESDC network and used by employees.
Background
The Government of Canada recognizes that Security must be handled with user experience in mind, and that public servants require the right tools to do their work. Otherwise the government is at risk of falling behind citizen’s expectations. This is highlighted in the 2018 Direction on Enabling Web Access to Web Services: Policy Implementation Notice that provides direction to departments on enabling access to web services, in accordance with the Policy on Acceptable Network and Device Use (PANDU). The upcoming Policy and Directive on Service and Digital replaces the PANDU but keeps the intent to “provide open access to Internet tools and services to support public servants in their work duties, enhance collaboration and networking with their peers”. See the Appendix C: Examples of Acceptable Network and Device Use.
This is also supported by the Values and ethics of the public service.
Current Status
ESDC is currently blocking access to some popular and useful collaboration Web tools and SaaS like Google Docs, Google Hangouts and OneDrive (see Appendix A). The rationale for blocking them is primarily to prevent an accidental leak of protected information by employees.
A proposed mitigation item to reduce this risk is to augment the Data Loss Prevention (DLP) capability with a tool that enforces classification of documents and emails. However, implementation is not being considered for the short term.
A firewall upgrade is underway and configuration for categories and sites blocked or unblocked will be documented and reviewed.
Recommendations
To support the adoption of the new Policy on Service and Digital, ESDC needs to:
- Grant access to the following Web site categories (or related categories) for IITB employees: Instant Messaging, Document Editing, Web Conferencing and Email and File Storage;
- Ensure IITB employees’ understanding of document classification and that Web tools available on the Internet are only to be used with unclassified data and information;
- Perform an evaluation of security monitoring and classification tools to mitigate future risks associated with broader open access to the Internet; and
- Review access rights to data and information.
Appendix A - Web Tools Currently Blocked
Instant Messaging
Benefit: Access and search more than 10k messages (limitation of Slack free plan), Encrypt storage of messages, Get real-time updates on website (e.g. notifications)
Name | URL | Notes |
---|---|---|
Hack Chat | https://hack.chat | |
… |
Document Editing
Benefit: Share, review and co-create documents with stakeholders (e.g. other departments, governments, private sector)
Name | URL | Notes |
---|---|---|
… |
Web Conferencing
Benefit: Meet virtually with external stakeholders without installing or running a plugin (with sometimes limited success)
Name | URL | Notes |
---|---|---|
… |
Benefit: Improve work–life balance (without having to find workarounds)
Name | URL | Notes |
---|---|---|
Fastmail | https://www.fastmail.com | |
Google Mail | https://mail.google.com | |
Mailbox.org | https://mailbox.org | |
Outlook | https://outlook.live.com | Personal accounts |
Yahoo Mail | https://mail.yahoo.com | |
… |
File Storage
Benefit: Share and collaborate on documents with external stakeholders
Name | URL | Notes |
---|---|---|
Dropbox | https://www.dropbox.com | |
Google Drive | https://drive.google.com | |
OneDrive | https://onedrive.live.com | Personal accounts |
pCloud | https://www.pcloud.com | |
… |
Appendix B - Web Tools Already Accessible
Note: 3rd party cookies blocked and SSH blocked
Instant Messaging
Name | URL | Notes |
---|---|---|
Element | https://element.io | Web client for Matrix homeserver |
Librem One Chat | https://chat.librem.one | Homeserver only, requires client (Element) |
Matrix.org | https://matrix.org | Homeserver only, requires client (Element) |
Slack | https://slack.com | |
RocketChat | https://open.rocket.chat | |
Gitter | https://gitter.im | |
Zulip | https://zulipchat.com | |
… |
Document Editing
Name | URL | Notes |
---|---|---|
Microsoft 365 (Word, Excel, PowerPoint, OneNote) | https://www.office.com | |
Google Docs (Docs, Sheets, Slides, Forms) | https://docs.google.com | |
Framapad | https://framapad.org | |
Wikimedia Etherpad | https://etherpad.wikimedia.org | |
Zoho | https://www.zoho.com | |
… |
Web Conferencing
Name | URL | Notes |
---|---|---|
Microsoft 365 (Teams) | https://www.office.com | |
Jitsi Meet | https://meet.jit.si | |
Google Meet | https://meet.google.com | |
Google Hangouts | https://hangouts.google.com | |
BlueJeans | https://www.bluejeans.com | |
Zoom | https://zoom.us | |
… |
File Storage
Name | URL | Notes |
---|---|---|
Framadrop | https://framadrop.org/lufi | |
… |
Version Control System (VCS) and Project Management
Name | URL | Notes |
---|---|---|
Bitbucket | https://bitbucket.org | |
Framagit | https://framagit.org | |
GitHub | https://github.com | SSH blocked |
GitLab | https://gitlab.com | |
… |
Project Management and Kanban
Name | URL | Notes |
---|---|---|
Smartsheets | https://www.smartsheet.com | |
Taiga | https://taiga.io | |
Trello | https://trello.com | |
ZenHub | https://www.zenhub.com | |
Zube | https://zube.io | |
… |
Online Learning and Sandbox
Name | URL | Notes |
---|---|---|
Coursera | https://www.coursera.org | |
Docker Classroom | https://training.play-with-docker.com | |
Docker Playground | https://labs.play-with-docker.com | |
Edx | https://www.edx.org | |
Udacity | https://www.udacity.com/ | |
Udemy | https://www.udemy.com/ | |
… |
Package/Image Registry
Name | URL | Notes |
---|---|---|
Composer | https://getcomposer.org | |
Docker Hub | https://hub.docker.com | |
NPM JS | https://www.npmjs.com | |
Ruby Gems | https://rubygems.org | |
… |
Social Networks
Name | URL | Notes |
---|---|---|
https://www.facebook.com | ||
Librem One | https://social.librem.one | |
https://www.linkedin.com | ||
https://twitter.com | ||
Mastodon | https://mastodon.online | |
… |
Streaming
Name | URL | Notes |
---|---|---|
Vimeo | https://vimeo.com | |
YouTube | https://www.youtube.com | |
… |
Other
Name | URL | Notes |
---|---|---|
Doodle | https://www.doodle.com | |
Eventbrite | https://www.eventbrite.ca | |
Slido | https://www.sli.do | |
Survey Monkey | https://www.surveymonkey.com | |
… |