Home Office keeps 250 sets of applications in AWS or Azure

Written by Sam Trendall on 29 March 2022 in News

Minister reveals department does not currently use Google Cloud Platform

Credit: Gianni Crestani/Pixabay    Image has been cropped

The Home Office runs more than 250 groups of software applications from a public-cloud environment provided by Amazon Web Services or Microsoft, a minister has revealed.

Tom Pursglove, a junior minister at the department, added that this number of “application groupings” does include “duplications where services may have development, test, pre-product and production environments in either or both” of AWS and Microsoft Azure.

“The Home Office is a large user of both AWS and Azure,” he added, in response to a series of written parliamentary questions from Labour MP Chi Onwurah. “The use of these capabilities varies from business application deployments to encrypted storage and compute. This is supplemented by robust and targeted private hosting capabilities.”

Despite its widespread use of Amazon and Microsoft, the department has nothing at all stored in the an environment provided by the third of the three major public cloud providers: Google Cloud Platform.

“The Home Office, as with other government departments follows the Government Digital Service advice to move towards public cloud first for our computing needs,” Pursglove added. “This allows us to build scale, flexibility and control into our applications and infrastructure.”

In a question to the Cabinet Office, Onwurah asked the department what “assessment [it] has made of the level of risk to UK citizens' data where that data is hosted on public cloud providers; and [what] steps the department takes to protect UK citizens' data on public cloud providers”.

Related content

Heather Wheeler, a junior minister at the central department, said that each discrete Whitehall department – including the Cabinet Office – is responsible for conducting its own “risk-based assessment of their use of cloud providers for the storage of government data up to ‘Official’ level, including UK citizens’ data”. 

‘Official’ is the lowest of the three levels of classification of government data – coming before ‘Secret’ and ‘Top Secret’ – and is applied to “the majority of information that is created or processed by the public sector”.

This “includes routine business operations and services, some of which could have damaging consequences if lost, stolen or published in the media, but are not subject to a heightened threat profile”.

According to Wheeler, when assessing potential suppliers to host such information, central government bodies should consider the cloud security advice set out by the National Cyber Security Centre.

“Departments are required to follow the Technology Code of Practice when choosing a cloud provider, and this is assessed as part of the spend controls function,” she added. “Departments must show that they have chosen the technology which provides the best value for money while meeting user needs. The Central Digital and Data Office carries out ongoing engagement with departments to review their decision-making about hosting. This includes qualitative analysis through user research as well as spend controls.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page




Please login to post a comment or register for a free account.

Related Articles

EXCL: HMRC reviews contact-centre resilience after ‘multiple service incidents’
13 January 2023

Assessment was commenced shortly after five days of outages – but identified ‘no immediate concern’, according to supplier

Companies House recruits for digital and data leadership duo
19 January 2023

Senior positions offer potential six-figure salaries

Cabinet Office migrates data as Covid fraud hotline is wound down
18 January 2023

Dedicated reporting tools for coronavirus-related scams are being shuttered and case information transferred to law-enforcement entity

Home Office and BEIS first departments under the microscope in pilots of new independent cyber audits
16 January 2023

External supplier brought in to run the rule over government systems as rollout begins of ‘GovAssure’ programme