Skip to main content

Information Technology Strategy Team

Enable the strategic value of IT within ESDC by reducing its risks to accelerate business flexibility.

Granting More Open Access to the Internet for IITB Employees

Summary

Departments are leveraging Web tools or Software as a Service (SaaS) to collaborate and engage with citizens and public administrations both in Canada and across the globe. For example, the latest Open Government Plan and Service and Digital Target Architecture from TBS were shared as drafts for consultation and comments on Google Docs. Many teams are also using Slack or GCmessage to communicate internally and across departments. The GC Digital Academy and Free Agents, as well as other groups, frequently use Google Forms for registration.

In order to improve ESDC’s ability to leverage current Web tools, a more open access to Web tools or Software as a Service (SaaS) for IITB employees is recommended, as a step toward broader open access to the Internet for more ESDC employees.

IITB employees produce the software and tools needed by ESDC Staff to perform their duties. IITB employees work description does not require them to process client files like ESDC front staff do. Producing the software and tools require important amount of collaboration between teams in order to remain responsive to client’s need. In addition, the benefits should bring great value such as enhancing collaboration and efficiency, increasing job satisfaction and helping attract and retain IT talent. It would also avoid having to use workarounds or alternative sites.

Appendix B lists Web tools already accessible on the ESDC network and used by employees.

Background

The Government of Canada recognizes that Security must be handled with user experience in mind, and that public servants require the right tools to do their work. Otherwise the government is at risk of falling behind citizen’s expectations. This is highlighted in the 2018 Direction on Enabling Web Access to Web Services: Policy Implementation Notice that provides direction to departments on enabling access to web services, in accordance with the Policy on Acceptable Network and Device Use (PANDU). The upcoming Policy and Directive on Service and Digital replaces the PANDU but keeps the intent to “provide open access to Internet tools and services to support public servants in their work duties, enhance collaboration and networking with their peers”. See the Appendix C: Examples of Acceptable Network and Device Use.

This is also supported by the Values and ethics of the public service.

Current Status

ESDC is currently blocking access to some popular and useful collaboration Web tools and SaaS like Google Docs, Google Hangouts and OneDrive (see Appendix A). The rationale for blocking them is primarily to prevent an accidental leak of protected information by employees.

A proposed mitigation item to reduce this risk is to augment the Data Loss Prevention (DLP) capability with a tool that enforces classification of documents and emails. However, implementation is not being considered for the short term.

A firewall upgrade is underway and configuration for categories and sites blocked or unblocked will be documented and reviewed.

Recommendations

To support the adoption of the new Policy on Service and Digital, ESDC needs to:

  • Grant access to the following Web site categories (or related categories) for IITB employees: Instant Messaging, Document Editing, Web Conferencing and Email and File Storage;
  • Ensure IITB employees’ understanding of document classification and that Web tools available on the Internet are only to be used with unclassified data and information;
  • Perform an evaluation of security monitoring and classification tools to mitigate future risks associated with broader open access to the Internet; and
  • Review access rights to data and information.

Appendix A - Web Tools Currently Blocked

Instant Messaging

Benefit: Access and search more than 10k messages (limitation of Slack free plan), Encrypt storage of messages, Get real-time updates on website (e.g. notifications)

Name URL Notes
Hack Chat https://hack.chat  
   

Document Editing

Benefit: Share, review and co-create documents with stakeholders (e.g. other departments, governments, private sector)

Name URL Notes
   

Web Conferencing

Benefit: Meet virtually with external stakeholders without installing or running a plugin (with sometimes limited success)

Name URL Notes
   

Email

Benefit: Improve work–life balance (without having to find workarounds)

Name URL Notes
Fastmail https://www.fastmail.com  
Google Mail https://mail.google.com  
Mailbox.org https://mailbox.org  
Outlook https://outlook.live.com Personal accounts
Yahoo Mail https://mail.yahoo.com  
   

File Storage

Benefit: Share and collaborate on documents with external stakeholders

Name URL Notes
Dropbox https://www.dropbox.com  
Google Drive https://drive.google.com  
OneDrive https://onedrive.live.com Personal accounts
pCloud https://www.pcloud.com  
   

Appendix B - Web Tools Already Accessible

Note: 3rd party cookies blocked and SSH blocked

Instant Messaging

Name URL Notes
Element https://element.io Web client for Matrix homeserver
Librem One Chat https://chat.librem.one Homeserver only, requires client (Element)
Matrix.org https://matrix.org Homeserver only, requires client (Element)
Slack https://slack.com  
RocketChat https://open.rocket.chat  
Gitter https://gitter.im  
Zulip https://zulipchat.com  
   

Document Editing

Name URL Notes
Microsoft 365 (Word, Excel, PowerPoint, OneNote) https://www.office.com  
Google Docs (Docs, Sheets, Slides, Forms) https://docs.google.com  
Framapad https://framapad.org  
Wikimedia Etherpad https://etherpad.wikimedia.org  
Zoho https://www.zoho.com  
   

Web Conferencing

Name URL Notes
Microsoft 365 (Teams) https://www.office.com  
Jitsi Meet https://meet.jit.si  
Google Meet https://meet.google.com  
Google Hangouts https://hangouts.google.com  
BlueJeans https://www.bluejeans.com  
Zoom https://zoom.us  
   

File Storage

Name URL Notes
Framadrop https://framadrop.org/lufi  
   

Version Control System (VCS) and Project Management

Name URL Notes
Bitbucket https://bitbucket.org  
Framagit https://framagit.org  
GitHub https://github.com SSH blocked
GitLab https://gitlab.com  
   

Project Management and Kanban

Name URL Notes
Smartsheets https://www.smartsheet.com  
Taiga https://taiga.io  
Trello https://trello.com  
ZenHub https://www.zenhub.com  
Zube https://zube.io  
   

Online Learning and Sandbox

Name URL Notes
Coursera https://www.coursera.org  
Docker Classroom https://training.play-with-docker.com  
Docker Playground https://labs.play-with-docker.com  
Edx https://www.edx.org  
Udacity https://www.udacity.com/  
Udemy https://www.udemy.com/  
   

Package/Image Registry

Name URL Notes
Composer https://getcomposer.org  
Docker Hub https://hub.docker.com  
NPM JS https://www.npmjs.com  
Ruby Gems https://rubygems.org  
   

Social Networks

Name URL Notes
Facebook https://www.facebook.com  
Librem One https://social.librem.one  
Linkedin https://www.linkedin.com  
Twitter https://twitter.com  
Mastodon https://mastodon.online  
   

Streaming

Name URL Notes
Vimeo https://vimeo.com  
YouTube https://www.youtube.com  
   

Other

Name URL Notes
Doodle https://www.doodle.com  
Eventbrite https://www.eventbrite.ca  
Slido https://www.sli.do  
Survey Monkey https://www.surveymonkey.com  
   
View this page on GitHub