Security begins at home
Tom Underhill on why public sector organisations are increasingly moving their data storage to the UK.
As the UK Government initiative ‘G-Cloud’ gains momentum encouraging the adoption of cloud services across the public sector, concerns have been raised regarding the security of stored data.
A significant number of UK-based cloud service providers actually store data elsewhere in the world, resulting in data losing the protection of UK legislation.
Recently, several high- profile legal actions have made the headlines, causing the general public, businesses, the public sector and IT specialists alike to question the security of cloud data storage.
In conjunction with a legal challenge, Charles Farr, director general of the Office for Security and Counter-Terrorism, told Privacy International, in a 48-page statement, that whilst ‘internal’ communications could only be intercepted under a warrant, which relates to a specific person or address, and can only be issued when there is suspicion of illegal activity, in accordance with the terms of the Regulation of Investigatory Powers Act (RIPA), ‘external’ communications could be intercepted indiscriminately, without grounds to suspect any wrongdoings.
A US court ruling granting the US government access to data stored by US based companies, even when it is not stored on US soil and does not belong to a US citizen has upped the ante considerably for those concerned about cloud data storage.
The ruling specifically forced Microsoft to hand personal data from its Irish servers over to the American government.
As a direct result, it is not surprising to learn that UK organisations are migrating their data away from the US into UK data centres.
A global survey by NTT Communications of 1,000 IT decision makers revealed 31% of respondents have decided to move business data “to where they know it will be safe,” while nearly a quarter (24%) believed it to be important to keep data in their own country.
When cloud was a newer concept, the most successful service providers were those who simply explained what the universal benefits of cloud were. In 2014, it’s more about individual data integrity, performance and how those benefits can be used to shape a client’s business strategy and make it more effective.
With so many options now available, building cloud infrastructure can be a bit of a minefield, so it’s important to find a provider who can expertly establish which features will set you aside from your competitors and give you the level of security you need.
Choosing a UK provider which only uses UK-based data centres, for example, can mitigate risk of international data access issues and secure your organisation’s security, reliability and compliance.
The government G-Cloud initiative aims to simplify how the public sector buys and develops IT services by creating a marketplace of pay-as-you-go commodity services that can be adapted to the needs of its customers and their users.
Whilst guidance and advice are readily available to prospective purchasers; those responsible for ensuring the most suitable service is selected find themselves in a technology quagmire.
The government Digital Services Framework agreement has been extended to 31 March 2015, and the suppliers have been technically and commercially evaluated to provide a comprehensive choice for agile projects.
So, for public sector IT managers, financial implications in these times of austerity will hold significant weight, whether for an initial purchase or when considering moving data from overseas to UK based storage locations.
Getting it right first time isn’t straightforward but the benefits of fit for purpose secure cloud storage will reap benefits.
Positive effects on time management, work output, value for money and compliance with flexible working requests will be among those benefits and will help local authorities to achieve the government’s objective for G –Cloud: “The programme is not just about IT, it’s about changing perceptions and encouraging a Cloud first approach; it’s about providing the right tools to help the business unleash innovation from the front-line and from citizens; it’s about helping a business become more flexible, agile and responsive to changing needs.”
Recent controversy over the storage of NHS patient data has caused many trusts to revisit their IT procedures and England’s largest NHS trust, Barts Health, has recently announced that it will be moving its workforce management systems into a cloud-based platform, and will no doubt be following the example of Kent and Medway NHS and Social Care Partnership Trust in terms of information.
KMPT’s website offers an easy to understand explanation of how cloud computing works and what benefits it offers, alongside helpful videos, audio files, and PDFs. The trust also usefully compares the login and file accessing process to online banking.
This is a great analogy for how cloud storage systems work.
Rather than storing sensitive files such as bank details and patient records on paper or on a physical computer hard drive, which are vulnerable to damage, loss, and theft, organisations using the cloud can have the files stored in secure UK data centres.
Sensitive files can be protected over multiple access levels and can only be accessed via a highly secure private cloud platform.
A private cloud is distinct from a public cloud in that the former is a dedicated, purpose designed data environment sitting behind a private firewall that holds private or sensitive data.
Public clouds will commonly host pre-built applications for things like email and business applications.
A hybrid cloud environment is usually selected by clients; in order to create a multi-purpose solution which best fits the needs of the organisation.
As technology advances and legal challenges raise significant and valid concerns from consumers, it becomes more difficult to make confident decisions regarding our data, from commercial and personal perspective.
Everybody wants their data to be safe and keeping it in UK based storage locations would appear to be a step in the right direction to meet that goal.
Tom Underhill is a director of UK cloud specialists Net Solutions Europe www.nse.co.uk
Sector organisation writes to Matt Hancock and other MPs to express concerns
James Wickes of Cloudview believes regulators need to take steps to sharpen senior managers’ focus on cybersecurity
Policy paper from Parliament Street think tank recommends increased use of shared services
Large organisations that process personal data will see their annual subsidy contribution rise from £500