Your SlideShare is downloading. ×
Ivan Harris G-Cloud UK Meetup
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Ivan Harris G-Cloud UK Meetup

104
views

Published on

Presentation from Ivan Harris at our G-Cloud UK Meetup

Presentation from Ivan Harris at our G-Cloud UK Meetup

Published in: Technology, Business

1 Comment
0 Likes
Statistics
Notes
  • http://gg.gg/17l8q
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
104
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ivan Harris, Business Manager – Cloud Services
  • 2. Security Radar for 2014 London G-Cloud Meet-up, January 2014 Ivan Harris, Business Manager – Cloud Services www.eduserv.org.uk
  • 3. Agenda • Government Security Classifications • PSN Connectivity • Hybrid Clouds • Application Development
  • 4. Government Security Classifications • Comes into force on 02-04-14 • Classifications: OFFICIAL, SECRET and TOP SECRET • There is no direct mapping between Security Classifications and BILs • BIL should still be used as part of the information risk assessment when selecting GCloud services • New G-Cloud service categories: • Unassured Clouds: Formerly IL0 • Assured Public Cloud: Formerly IL2 • Formally Accredited Public Cloud or Private Cloud: Formerly IL3 • As a rule of thumb: • Unassured Clouds: For non-sensitive OFFICIAL information suitable for the public domain • Assured Public Cloud: Suitable for general OFFICIAL information that is not particularly sensitive • Formally Accredited Public Cloud or Private Cloud: Most OFFICIAL information and aggregated information that‟s not particularly sensitive in isolation • Will Assured Public Clouds require PGA? Just ISO 27001 plus additional controls? Sources: Government Security Classifications April 2014, Version 1.0, Cabinet Office, October 2013 G-Cloud Information Assurance Requirements and Guidance, HMG, May 2012
  • 5. PSN Connectivity • GCF connectivity is retired on 31-03-14 • GCF users must have obtained PSN connectivity, achieved compliance and transitioned by this date • IL3 accredited PSN bearer networks will start to appear rather than using CAPS accredited devices over IL2 bearer networks • 3 new PSN frameworks due with • More SMEs (dozens, not hundreds) • Three ordering mechanisms (direct award, short competition, full-fat competitions) • 4-5 year contract length • „Public Sector Telecoms‟ framework (which includes cloud services) due to go live in July • 2014-16 growth in „Wider Public Sector‟ including local government and health services: • PSN Spend to mid-2014: Central Government £2.2Bn, Wider Public Sector: £0.8Bn • PSN Spend 2014-2016: Central Government £0.6Bn, Wider Public Sector: £1.6Bn Sources: Next-generation PSN Frameworks, Cabinet Office, November 2013
  • 6. Hybrid Cloud • Low hanging fruit of point cloud solutions will soon be harvested • More sophisticated solutions will be needed to support: • On premise and off premise • Legacy systems and cloud services • Public and private cloud • Multi-impact level information estates • Integrating to multi-impact level systems • Impact level hybrid clouds are needed • Supports the business benefit prioritized cloud journey and optimises information estates
  • 7. Application Development • The „Public Cloud First‟ policy, drives for better citizen experience/engagement and more sophisticated solutions require digital services, Enterprise Applications Integration, SaaS and custom web, enterprise mobile applications • Demand from third-party application developers for IaaS, PaaS, EPaaS and PSN support on IL2 and IL3 PGA‟d services • Full software lifecycle support is needed: Spin-up/tear-down of development, test, staging and production environments • Needs to align to HMG‟s Agile objectives by supporting continuous integration and continuous release • Application developers need help with accrediting their applications on already PGA‟d services
  • 8. In Summary • Government Security Classifications • PSN Connectivity • Hybrid Clouds • Application Development
  • 9. “In the midst of chaos, there is also opportunity” Sun Tzu Ivan Harris Business Manager – Cloud Services Email: ivan.harris@eduserv.org.uk Phone: 01225 474311