Britain's G-Cloud strategist plays down security concerns

Powered by SC Magazine
 

Government CIOs chided for hiding behind security concerns.

Britain's former cloud computing champion John Suffolk has challenged Australian government chief information officers to justify their concerns about security in the cloud.

Speaking at the Technology in Government Summit in Canberra this month, the former government CIO chided his peers for using security as a means of deferring trials of cloud computing.

Suffolk led the development of Britain's G-Cloud, a plan that was published by the Cabinet Office last year and was expected to cut £3.2 billion from the Government's annual spend by 2013-14.

“We should not underestimate cloud computing,” he told delegates in Canberra.

Although security had to be considered before introducing new, government cloud computing services, Suffolk argued that security issues were exaggerated and used as an excuse for avoiding the cloud model.

Major IT suppliers had a vested interest in fuelling such concerns, he speculated, adding that proprietary vendors were "very, very concerned".

"You mean you are not going to give [suppliers] license fees for doing nothing? It’s a big issue. The industry is fundamentally changing," he said.

After leaving the British Cabinet Office in November, Suffolk advised the World Bank High-Level Experts group, helping governments understand how technology could improve the public sector and generate economic growth.

He planned to join Chinese networking and telecommunications vendor, Huawei, as its global cyber security officer (GCSO), commencing 1 October.

Suffolk challenged members of the audience to clarify how having the term “cloud” in front of a government data centre made it any less secure than a physical service.

“Tell me how your security model has changed?” he asked cloud adopters.

He argued cloud computing should not be viewed as a threat for government, but an opportunity,.

“My advice is dip your toe in the water. Try it. Put some services into a cloud-based model -- public or private depending on your security model," he said.

"Begin to migrate your services. Begin to downgrade your legacy [infrastructure] in terms of what goes on it. Because if [a cloud trial] doesn’t work, you will not have invested a whole lot of capital.”

Addressing immaturity and lock-in

Suffolk encouraged agency CIOs to design environments in which applications were seperated from the underlying platform, in order to avoid being locked into particular vendors or immature cloud offerings.

“You can come up with cloud models that separate apps from infrastructure," he said. "It’s like buying electricity but having a choice over what kettles you might plug in.

“If it’s a low risk app do you really care on the basis that it’s pay for use?" he added.

Meanwhile, any agencies planning to adopt the cloud model for a “core critical system” should put the same effort into analysis, design and architecture as they would in a non-cloud world, he said.

Copyright © iTnews.com.au . All rights reserved.


Britain's G-Cloud strategist plays down security concerns
John Suffolk, former British Gov CIO.
 
 
 
Top Stories
Change is the only constant at iiNet
iiNet's Matthew Toohey is trialling IBM's Watson - between preparing for an acquisition and making sure Netflix doesn't swamp the network.
 
Why straight-through processing is the holy grail for banks
Big benefits from stripping away human intervention and digitising processes.
 
CBA sued over frozen millions in IT bribery scandal
Eric Pulier's not-for profit lodges lawsuit in US.
 
 
John Suffolk, former British Gov CIO.
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  44%
 
No
  56%
TOTAL VOTES: 667

Vote