Britain's G-Cloud strategist plays down security concerns

Powered by SC Magazine
 

Government CIOs chided for hiding behind security concerns.

Britain's former cloud computing champion John Suffolk has challenged Australian government chief information officers to justify their concerns about security in the cloud.

Speaking at the Technology in Government Summit in Canberra this month, the former government CIO chided his peers for using security as a means of deferring trials of cloud computing.

Suffolk led the development of Britain's G-Cloud, a plan that was published by the Cabinet Office last year and was expected to cut £3.2 billion from the Government's annual spend by 2013-14.

“We should not underestimate cloud computing,” he told delegates in Canberra.

Although security had to be considered before introducing new, government cloud computing services, Suffolk argued that security issues were exaggerated and used as an excuse for avoiding the cloud model.

Major IT suppliers had a vested interest in fuelling such concerns, he speculated, adding that proprietary vendors were "very, very concerned".

"You mean you are not going to give [suppliers] license fees for doing nothing? It’s a big issue. The industry is fundamentally changing," he said.

After leaving the British Cabinet Office in November, Suffolk advised the World Bank High-Level Experts group, helping governments understand how technology could improve the public sector and generate economic growth.

He planned to join Chinese networking and telecommunications vendor, Huawei, as its global cyber security officer (GCSO), commencing 1 October.

Suffolk challenged members of the audience to clarify how having the term “cloud” in front of a government data centre made it any less secure than a physical service.

“Tell me how your security model has changed?” he asked cloud adopters.

He argued cloud computing should not be viewed as a threat for government, but an opportunity,.

“My advice is dip your toe in the water. Try it. Put some services into a cloud-based model -- public or private depending on your security model," he said.

"Begin to migrate your services. Begin to downgrade your legacy [infrastructure] in terms of what goes on it. Because if [a cloud trial] doesn’t work, you will not have invested a whole lot of capital.”

Addressing immaturity and lock-in

Suffolk encouraged agency CIOs to design environments in which applications were seperated from the underlying platform, in order to avoid being locked into particular vendors or immature cloud offerings.

“You can come up with cloud models that separate apps from infrastructure," he said. "It’s like buying electricity but having a choice over what kettles you might plug in.

“If it’s a low risk app do you really care on the basis that it’s pay for use?" he added.

Meanwhile, any agencies planning to adopt the cloud model for a “core critical system” should put the same effort into analysis, design and architecture as they would in a non-cloud world, he said.

Copyright © iTnews.com.au . All rights reserved.


Britain's G-Cloud strategist plays down security concerns
John Suffolk, former British Gov CIO.
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
John Suffolk, former British Gov CIO.
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1040

Vote