What is a Code of Connection?
By David Bryant, Managing Director Hytec Information Security Limited

Many organisations are now mandating adherence to a Code of Connection before allowing internal departments or external third parties to connect to the corporate IT infrastructure. So what is a Code of Connection and why are they so important?

The majority of large organisations, whether in business or delivering public services, face a common dilemma: how do you permit individual units to have operational self-sufficiency yet still preserve the security of information throughout the organisation?

De-centralisation often results in IT security solutions that are inconsistent at best and high-risk at worst. The organisation may develop common security policies and standards, however dispersed units often exercise considerable flexibility in adopting them.

When one element of the organisation falls behind on its security, all parties connected to the network are exposed to potentially devastating infection or attack. Once a worm enters an infrastructure through a vulnerable point, the infection can spread freely.

An essential part of any security solution is to develop a Code of Connection – effectively a contract between those responsible for safeguarding information security and the individual units or third parties connecting to the network. The Code of Connection sets out the minimum requirements for connection that must be achieved and maintained by the connecting organisation.

Before connecting to the corporate network, and benefiting from the improved support and cost savings that centrally delivered services usually provide, individual units or departments must first agree to implement a centrally determined security policy.

Connecting parties, as a condition of connection, have to demonstrate that they are not the weak link in the security chain. In return, they can rely on a secure IT infrastructure - one that will provide corporate services, information access and distribution - without putting the confidentiality of their own data at risk. The Code of Connection is an agreement with users that the central security function will have an accreditation role, validating their processes before they can connect to the network.