Security radar for 2014

8
www.eduserv.org.uk Security Radar for 2014 London G-Cloud Meet-up, January 2014 Ivan Harris, Business Manager – Cloud Services

description

A talk delivered by Ivan Harris at the London G-Cloud meet-up, January 2014. Topics covered: • Government security classifications • PSN connectivity • Hybrid clouds • Application development

Transcript of Security radar for 2014

Page 1: Security radar for 2014

www.eduserv.org.uk

Security Radar for 2014London G-Cloud Meet-up, January 2014Ivan Harris, Business Manager – Cloud Services

Page 2: Security radar for 2014

Agenda

• Government Security Classifications

• PSN Connectivity

• Hybrid Clouds

• Application Development

Page 3: Security radar for 2014

Government Security Classifications• Comes into force on 02/04/14• Classifications: OFFICIAL, SECRET and TOP SECRET• There is no direct mapping between Security Classifications and BILs • BIL should still be used as part of the information risk assessment when selecting G-Cloud services• New G-Cloud service categories:

• Unassured Clouds: Formerly IL0

• Assured Public Cloud: Formerly IL2

• Formally Accredited Public Cloud or Private Cloud: Formerly IL3

• As a rule of thumb:• Unassured Clouds: For non-sensitive OFFICIAL information suitable for the public domain

• Assured Public Cloud: Suitable for general OFFICIAL information that is not particularly sensitive

• Formally Accredited Public Cloud or Private Cloud: Most OFFICIAL information and aggregated information that’s not particularly sensitive in isolation

• Will Assured Public Clouds require PGA? Just ISO 27001 plus additional controls?

Sources:Government Security Classifications April 2014, Version 1.0, Cabinet Office, October 2013G-Cloud Information Assurance Requirements and Guidance, HMG, May 2012

Page 4: Security radar for 2014

PSN Connectivity• GCF connectivity is retired on 31/03/14• GCF users must have obtained PSN connectivity, achieved compliance and transitioned

by this date• IL3 accredited PSN bearer networks will start to appear rather than using CAPS

accredited devices over IL2 bearer networks• 3 new PSN frameworks due with

• More SMEs (dozens, not hundreds)

• Three ordering mechanisms (direct award, short competition, full-fat competitions)

• 4-5 year contract length

• ‘Public Sector Telecoms’ framework (which includes cloud services) due to go live in July

• 2014-16 growth in ‘Wider Public Sector’ including local government and health services:• PSN Spend to mid-2014: Central Government £2.2Bn, Wider Public Sector: £0.8Bn

• PSN Spend 2014-2016: Central Government £0.6Bn, Wider Public Sector: £1.6Bn

Sources:Next-generation PSN Frameworks, Cabinet Office, November 2013

Page 5: Security radar for 2014

Hybrid Cloud• Low hanging fruit of point cloud solutions will soon be harvested• More sophisticated solutions will be needed to support:

• On premise and off premise• Legacy systems and cloud services• Public and private cloud• Multi-impact level information estates• Integrating to multi-impact level systems

• Impact level hybrid clouds are needed• Supports the business benefit prioritized cloud journey and optimises

information estates

Page 6: Security radar for 2014

Application Development• The ‘Public Cloud First’ policy, drives for better citizen experience/engagement

and more sophisticated solutions require digital services, Enterprise Applications Integration, SaaS and custom web, enterprise mobile applications

• Demand from third-party application developers for IaaS, PaaS, EPaaS and PSN support on IL2 and IL3 PGA’d services

• Full software lifecycle support is needed: Spin-up/tear-down of development, test, staging and production environments

• Needs to align to HMG’s Agile objectives by supporting continuous integration and continuous release

• Application developers need help with accrediting their applications on already PGA’d services

Page 7: Security radar for 2014

In Summary

• Government Security Classifications

• PSN Connectivity

• Hybrid Clouds

• Application Development

Page 8: Security radar for 2014

“In the midst of chaos,there is also opportunity”

Sun Tzu

Ivan HarrisBusiness Manager – Cloud ServicesEmail: [email protected]: 01225 474311Twitter: @IvanDavidHarris