Your SlideShare is downloading. ×
Security radar for 2014
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security radar for 2014

784

Published on

A talk delivered by Ivan Harris at the London G-Cloud meet-up, January 2014. …

A talk delivered by Ivan Harris at the London G-Cloud meet-up, January 2014.

Topics covered:
• Government security classifications
• PSN connectivity
• Hybrid clouds
• Application development

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
784
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security Radar for 2014 London G-Cloud Meet-up, January 2014 Ivan Harris, Business Manager – Cloud Services www.eduserv.org.uk
  • 2. Agenda • Government Security Classifications • PSN Connectivity • Hybrid Clouds • Application Development
  • 3. Government Security Classifications • Comes into force on 02/04/14 • Classifications: OFFICIAL, SECRET and TOP SECRET • There is no direct mapping between Security Classifications and BILs • BIL should still be used as part of the information risk assessment when selecting G-Cloud services • New G-Cloud service categories: • Unassured Clouds: Formerly IL0 • Assured Public Cloud: Formerly IL2 • Formally Accredited Public Cloud or Private Cloud: Formerly IL3 • As a rule of thumb: • Unassured Clouds: For non-sensitive OFFICIAL information suitable for the public domain • Assured Public Cloud: Suitable for general OFFICIAL information that is not particularly sensitive • Formally Accredited Public Cloud or Private Cloud: Most OFFICIAL information and aggregated information that‟s not particularly sensitive in isolation • Will Assured Public Clouds require PGA? Just ISO 27001 plus additional controls? Sources: Government Security Classifications April 2014, Version 1.0, Cabinet Office, October 2013 G-Cloud Information Assurance Requirements and Guidance, HMG, May 2012
  • 4. PSN Connectivity • GCF connectivity is retired on 31/03/14 • GCF users must have obtained PSN connectivity, achieved compliance and transitioned by this date • IL3 accredited PSN bearer networks will start to appear rather than using CAPS accredited devices over IL2 bearer networks • 3 new PSN frameworks due with • More SMEs (dozens, not hundreds) • Three ordering mechanisms (direct award, short competition, full-fat competitions) • 4-5 year contract length • „Public Sector Telecoms‟ framework (which includes cloud services) due to go live in July • 2014-16 growth in „Wider Public Sector‟ including local government and health services: • PSN Spend to mid-2014: Central Government £2.2Bn, Wider Public Sector: £0.8Bn • PSN Spend 2014-2016: Central Government £0.6Bn, Wider Public Sector: £1.6Bn Sources: Next-generation PSN Frameworks, Cabinet Office, November 2013
  • 5. Hybrid Cloud • Low hanging fruit of point cloud solutions will soon be harvested • More sophisticated solutions will be needed to support: • On premise and off premise • Legacy systems and cloud services • Public and private cloud • Multi-impact level information estates • Integrating to multi-impact level systems • Impact level hybrid clouds are needed • Supports the business benefit prioritized cloud journey and optimises information estates
  • 6. Application Development • The „Public Cloud First‟ policy, drives for better citizen experience/engagement and more sophisticated solutions require digital services, Enterprise Applications Integration, SaaS and custom web, enterprise mobile applications • Demand from third-party application developers for IaaS, PaaS, EPaaS and PSN support on IL2 and IL3 PGA‟d services • Full software lifecycle support is needed: Spin-up/tear-down of development, test, staging and production environments • Needs to align to HMG‟s Agile objectives by supporting continuous integration and continuous release • Application developers need help with accrediting their applications on already PGA‟d services
  • 7. In Summary • Government Security Classifications • PSN Connectivity • Hybrid Clouds • Application Development
  • 8. “In the midst of chaos, there is also opportunity” Sun Tzu Ivan Harris Business Manager – Cloud Services Email: ivan.harris@eduserv.org.uk Phone: 01225 474311 Twitter: @IvanDavidHarris

×