4. Government Security Classifications
• Comes into force on 02-04-14
• Classifications: OFFICIAL, SECRET and TOP SECRET
• There is no direct mapping between Security Classifications and BILs
• BIL should still be used as part of the information risk assessment when selecting GCloud services
• New G-Cloud service categories:
•
Unassured Clouds: Formerly IL0
•
Assured Public Cloud: Formerly IL2
•
Formally Accredited Public Cloud or Private Cloud: Formerly IL3
• As a rule of thumb:
•
Unassured Clouds: For non-sensitive OFFICIAL information suitable for the public domain
•
Assured Public Cloud: Suitable for general OFFICIAL information that is not particularly sensitive
•
Formally Accredited Public Cloud or Private Cloud: Most OFFICIAL information and aggregated information
that‟s not particularly sensitive in isolation
• Will Assured Public Clouds require PGA? Just ISO 27001 plus additional controls?
Sources:
Government Security Classifications April 2014, Version 1.0, Cabinet Office, October 2013
G-Cloud Information Assurance Requirements and Guidance, HMG, May 2012
5. PSN Connectivity
• GCF connectivity is retired on 31-03-14
• GCF users must have obtained PSN connectivity, achieved compliance and transitioned
by this date
• IL3 accredited PSN bearer networks will start to appear rather than using CAPS
accredited devices over IL2 bearer networks
• 3 new PSN frameworks due with
•
More SMEs (dozens, not hundreds)
•
Three ordering mechanisms (direct award, short competition, full-fat competitions)
•
4-5 year contract length
•
„Public Sector Telecoms‟ framework (which includes cloud services) due to go live in July
• 2014-16 growth in „Wider Public Sector‟ including local government and health services:
•
PSN Spend to mid-2014: Central Government £2.2Bn, Wider Public Sector: £0.8Bn
•
PSN Spend 2014-2016: Central Government £0.6Bn, Wider Public Sector: £1.6Bn
Sources:
Next-generation PSN Frameworks, Cabinet Office, November 2013
6. Hybrid Cloud
• Low hanging fruit of point cloud solutions will soon be harvested
• More sophisticated solutions will be needed to support:
• On premise and off premise
• Legacy systems and cloud services
• Public and private cloud
• Multi-impact level information estates
• Integrating to multi-impact level systems
• Impact level hybrid clouds are needed
• Supports the business benefit prioritized cloud journey and optimises
information estates
7. Application Development
• The „Public Cloud First‟ policy, drives for better citizen experience/engagement
and more sophisticated solutions require digital services, Enterprise Applications
Integration, SaaS and custom web, enterprise mobile applications
• Demand from third-party application developers for IaaS, PaaS, EPaaS and
PSN support on IL2 and IL3 PGA‟d services
• Full software lifecycle support is needed: Spin-up/tear-down of development,
test, staging and production environments
• Needs to align to HMG‟s Agile objectives by supporting continuous integration
and continuous release
• Application developers need help with accrediting their applications on already
PGA‟d services
8. In Summary
• Government Security Classifications
• PSN Connectivity
• Hybrid Clouds
• Application Development
9. “In the midst of chaos,
there is also opportunity”
Sun Tzu
Ivan Harris
Business Manager – Cloud Services
Email: ivan.harris@eduserv.org.uk
Phone: 01225 474311