Security Radar for 2014
London G-Cloud Meet-up, January 2014
Ivan Harris, Business Manager – Cloud Services

www.eduserv.o...
Agenda

• Government Security Classifications
• PSN Connectivity
• Hybrid Clouds
• Application Development
Government Security Classifications
• Comes into force on 02/04/14

• Classifications: OFFICIAL, SECRET and TOP SECRET
• T...
PSN Connectivity
• GCF connectivity is retired on 31/03/14

• GCF users must have obtained PSN connectivity, achieved comp...
Hybrid Cloud
• Low hanging fruit of point cloud solutions will soon be harvested
• More sophisticated solutions will be ne...
Application Development
• The „Public Cloud First‟ policy, drives for better citizen experience/engagement
and more sophis...
In Summary

• Government Security Classifications
• PSN Connectivity
• Hybrid Clouds
• Application Development
“In the midst of chaos,
there is also opportunity”
Sun Tzu

Ivan Harris
Business Manager – Cloud Services
Email: ivan.harr...
Upcoming SlideShare
Loading in …5
×

Security radar for 2014

1,107 views
928 views

Published on

A talk delivered by Ivan Harris at the London G-Cloud meet-up, January 2014.

Topics covered:
• Government security classifications
• PSN connectivity
• Hybrid clouds
• Application development

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,107
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security radar for 2014

  1. 1. Security Radar for 2014 London G-Cloud Meet-up, January 2014 Ivan Harris, Business Manager – Cloud Services www.eduserv.org.uk
  2. 2. Agenda • Government Security Classifications • PSN Connectivity • Hybrid Clouds • Application Development
  3. 3. Government Security Classifications • Comes into force on 02/04/14 • Classifications: OFFICIAL, SECRET and TOP SECRET • There is no direct mapping between Security Classifications and BILs • BIL should still be used as part of the information risk assessment when selecting G-Cloud services • New G-Cloud service categories: • Unassured Clouds: Formerly IL0 • Assured Public Cloud: Formerly IL2 • Formally Accredited Public Cloud or Private Cloud: Formerly IL3 • As a rule of thumb: • Unassured Clouds: For non-sensitive OFFICIAL information suitable for the public domain • Assured Public Cloud: Suitable for general OFFICIAL information that is not particularly sensitive • Formally Accredited Public Cloud or Private Cloud: Most OFFICIAL information and aggregated information that‟s not particularly sensitive in isolation • Will Assured Public Clouds require PGA? Just ISO 27001 plus additional controls? Sources: Government Security Classifications April 2014, Version 1.0, Cabinet Office, October 2013 G-Cloud Information Assurance Requirements and Guidance, HMG, May 2012
  4. 4. PSN Connectivity • GCF connectivity is retired on 31/03/14 • GCF users must have obtained PSN connectivity, achieved compliance and transitioned by this date • IL3 accredited PSN bearer networks will start to appear rather than using CAPS accredited devices over IL2 bearer networks • 3 new PSN frameworks due with • More SMEs (dozens, not hundreds) • Three ordering mechanisms (direct award, short competition, full-fat competitions) • 4-5 year contract length • „Public Sector Telecoms‟ framework (which includes cloud services) due to go live in July • 2014-16 growth in „Wider Public Sector‟ including local government and health services: • PSN Spend to mid-2014: Central Government £2.2Bn, Wider Public Sector: £0.8Bn • PSN Spend 2014-2016: Central Government £0.6Bn, Wider Public Sector: £1.6Bn Sources: Next-generation PSN Frameworks, Cabinet Office, November 2013
  5. 5. Hybrid Cloud • Low hanging fruit of point cloud solutions will soon be harvested • More sophisticated solutions will be needed to support: • On premise and off premise • Legacy systems and cloud services • Public and private cloud • Multi-impact level information estates • Integrating to multi-impact level systems • Impact level hybrid clouds are needed • Supports the business benefit prioritized cloud journey and optimises information estates
  6. 6. Application Development • The „Public Cloud First‟ policy, drives for better citizen experience/engagement and more sophisticated solutions require digital services, Enterprise Applications Integration, SaaS and custom web, enterprise mobile applications • Demand from third-party application developers for IaaS, PaaS, EPaaS and PSN support on IL2 and IL3 PGA‟d services • Full software lifecycle support is needed: Spin-up/tear-down of development, test, staging and production environments • Needs to align to HMG‟s Agile objectives by supporting continuous integration and continuous release • Application developers need help with accrediting their applications on already PGA‟d services
  7. 7. In Summary • Government Security Classifications • PSN Connectivity • Hybrid Clouds • Application Development
  8. 8. “In the midst of chaos, there is also opportunity” Sun Tzu Ivan Harris Business Manager – Cloud Services Email: ivan.harris@eduserv.org.uk Phone: 01225 474311 Twitter: @IvanDavidHarris

×