We sat down with Mark O'Leary, Head of Network Access at Jisc to discuss federated roaming in the UK, and the benefits of a joined-up, standardised approach.
Being able to connect to the internet wherever you are is fast becoming a societal expectation, how does Govroam achieve this?
The UK’s rapidly evolving needs are pushing digital transformation in the public sector. Govroam aims to help these organisations adapt to the more agile ways of working of an increasingly mobile workforce by making connectivity effortless, a ‘zero touch’ experience. Once their device is configured, public sector workers connect automatically as they arrive at a participating site. This frictionless experience means that end users don’t have to think about connectivity – it becomes something they can rely on, allowing them to focus on meaningful work.
In essence, govroam makes it easier for organisations to provide robust guest network access to visiting staff. When a user tries to connect, govroam conveys their authentication request securely to their employer, which confirms their identity and whether they should be granted access. The visited location is relieved of the need to provide short-term credentials, and the employer has the confidence that their staff member is connecting to a network deployed to best practice standards under the terms of the govroam service.
The service is built on a proven roaming model, utilising the same tried-and-tested technologies as eduroam, our equivalent service for education. Through eduroam, we have over 15 years’ experience of operating a national roaming service, and we are therefore confident that govroam will continue to prove a secure and scalable solution for the wider public sector.
What are the main benefits of federated roaming for the public sector?
By connecting to govroam you provide your staff with seamless access to thousands of participating hotspots at hundreds of organisations across the UK. Here’s our map of live sites: https://map.govroam.uk/govroammap.html.
In practice, many organisations also see culture change as a result. It becomes easier to collaborate between organisations and indeed between sectors, supporting for instance the improved integration of health and social care. Because it sets a shared standard for staff roaming, the service can be particularly useful when setting up multidisciplinary meetings, or multi-tenanted spaces such as hotdesking hubs.
With staff becoming ever more mobile, it’s essential to provide visitors with secure access to Wi-Fi. Govroam simplifies guest connectivity. Users have a single profile, regardless of location, so the service reduces the need for temporary accounts and customer-facing support. The cost of implementing and maintaining the service is usually modest, often overlaying existing infrastructure, but can result in cost savings through this reduced demand on your IT teams and greatly reducing reliance on SIM-based data services.
As the authentication decision rests with a user’s employer, organisations also benefit from the assurance that visitors have been verified in real-time, and that they will be held to a shared standard of behaviour while connected to the guest network.
We’ve seen eduroam become mission-critical to higher and further education, considered essential to collaborative working between institutions. As govroam becomes more embedded across the public sector, we anticipate a similar shift towards improved productivity and agility in other sectors.
Would this be best implemented nationally, or rolled out at a local level?
It is certainly possible to set up a similar solution at a local scale, as there are no proprietary technologies involved. But for little additional effort organisations can benefit from govroam’s national footprint of hotspots, widening the scope for travel, collaboration, and resource sharing. We saw this play out across the Welsh public sector: PSBA initially worked with the market to design its own solution but subsequently both reduced costs and gained coverage across the rest of the UK by joining govroam. Their combined approach gives privileged access to local staff, but non-Welsh public sector users are still able to access connectivity via govroam.
Govroam sets a national standard for federated roaming, bringing regional initiatives together under a single, shared approach. As the employer retains complete control over staff roaming, such as who has access to the service, which authentication mechanism is used, and whether BYOD is supported, the service is able to support each organisation’s requirements and policies without imposing unnecessary changes to established practice.
So, the service is more than a technology; it’s a fabric of trust, a co-operative agreement between participants which sets shared expectations around how staff roaming is implemented and supported. This helps ensure a consistent, reliable experience for end users.
We can’t anticipate all the ways a national roaming service might be used in the future, but a further benefit of this approach is that once in place it’s able to support new working requirements as they emerge, unhindered by regional and institutional boundaries.
Maintaining security while roaming is crucial for the public sector. How do you ensure the safety of Govroam user’s digital identity?
The transfer of authentication data which underpins the service is secured by state-of-the-art encryption in line with industry best-practice.
User credentials are never exposed to the visited venue, or even govroam’s central infrastructure. Because you never have to collect personal data from public sector staff, you can offer them guest connectivity in a GPDR-friendly way. This far exceeds the security standards of typical commercial hotspots.
However, there can be a complete audit trail if needed. If there has been a problem, or misuse of the network, the visited and home organisations can reconcile their records to tie a particular session to a known individual.
Correct configuration is key to the seamless and secure running of any service and IT support teams can implement govroam centrally to ensure that staff devices are set up consistently. We also provide extensive documentation and guidance from our technical team and are developing a self-service portal to automate the configuration process.
How does a federated roaming service complement new ways of working for the public sector?
Facilitating new ways of working is core to govroam’s purpose, and we continue to be surprised by the new, unanticipated use cases that emerge.
A key element of this is collaboration. Having a federated roaming solution in place makes it easier to work across different sites and organisations. Let’s use the example of a hospital – social workers can access the council resources they need from anywhere in the building without needing a dedicated office or having to travel elsewhere to do admin. Paramedics can update patient records as they arrive on site, meeting attendees can connect before they’ve sat down in the conference room. No longer does each visitor have to locate and login to the guest network, possibly requiring assistance to reconfigure their devices, saving significant time cumulatively.
With the increasing drive for estate rationalisation, as seen in the current government hub initiative, it is also worth noting that govroam can be very effectively deployed in shared or temporary workspaces. For example, it played a significant role in the rapid deployment of connectivity to support the Nightingale hospitals.
Govroam can also form part of disaster recovery strategies. If staff are unable to access their usual office, they can work instead from their nearest govroam hotspot. This has been used by our members during severe weather, flooding, and, in the case of Kent County Council, as part of their Brexit-preparedness plan.
In short, with govroam staff are able to work in a more fluid, mobile way across different sites and regions, supporting the growing move towards flexible and multi-agency working across the public sector.
At the time of writing, there are 4,950 Govroam Venues in the UK. What kind of growth do you aim to achieve by the end of 2021, and are there any regions you are focusing on in particular?
The network affect is absolutely at play here – govroam becomes more useful as more organisations join and more sites go live. Our ambition is for govroam to be the de-facto national service for public sector roaming, with staff able to access the service from any suitable public sector building.
With that in mind we are pursuing every growth avenue, working with existing members to set up and map new sites, onboarding new organisations, and talking with national bodies.
Word of mouth has been key for us – once an organisation starts using govroam they will often encourage their closest collaborators to join. Visitors to their site will also see the benefits enjoyed by participating colleagues and carry the message back to their employers. These regional champions lead to local growth, allowing all involved to get the most out of the service. Plus, our subscription model is designed so that the more members in a regional federation, the lower the cost per organisation.
That being said, growth has definitely been affected by COVID. During the lockdown periods in particular, roaming was understandably not a priority for many organisations. But through 2020 we saw an interesting shift in usage: while this dropped steeply across the wider public sector, NHS usage initially remained steady and then grew significantly as the year progressed and hospitals adapted to the new load placed on them.
As restrictions ease in the coming months, we expect that both the use of the service and the rate of new organisations joining will return to and exceed former levels, to the benefit of all participants.
Mark O'Leary
I'm responsible for Jisc's mobile solutions, with a portfolio that includes our flagship products eduroam and govroam. On the development/technology monitoring side, my focus is WiFi 6, IoT and 5G. I was a molecular biologist that got hooked on computer networks while writing up my thesis in the lab. I worked for universities for a while, taking advantage of staff discounts to study the history of science. Then I became an early adopter of wireless tech - gaining a reputation for innovation in that area - and ultimately gravitating to UKERNA, as it then was, to help shape wireless strategy for UK education.