Cloud computing – accessing and managing applications online using servers hosted remotely – has exploded in popularity amongst private sector organisations in recent years thanks to the cost, flexibility and other technological benefits it offers. But as the public sector increasingly moves towards the cloud, a major concern is keeping its information secure.
The Cloud Security Alliance recently identified the most significant threats to information security in the cloud1. These included insecure interfaces – IT systems typically contain multiple integrated components; integration of cloud-based elements may introduce security risks at the API or interface point. Another area of risk is the use of shared technology – key to the economies of scale and lower costs of cloud computing, but a potential source of additional or unknown risks that are difficult to manage.
So what measures are in place to protect our information?
There are now well-defined processes in the public sector governing information management. The Security Policy Framework and associated Infosec standards provide guidance on how security risks can be identified and managed. CESG (the National Authority for Information Assurance) has a listed advisor scheme for consultants who can advise public sector organisations on information security when moving to the cloud.
Supplier accreditations such as ISO 27001 can provide further assurance of quality, with all suppliers on the G-Cloud framework identifying the security levels to which they are accredited.
Are there any other information security measures that public sector organisations can take?
Using a ‘private’ cloud to host applications and store information can offer an excellent solution to concerns about security. In fact, these concerns have been key drivers for the growth of private cloud options – where suppliers provide dedicated or partially shared cloud environments. Private clouds can provide the key cost and agility benefits of cloud computing but allow greater transparency and control over information security.
As the range of cloud suppliers and cloud service options increase, collaboration networks among cloud suppliers are also key. Several Northern Ireland IT companies operate under the Whisple banner, sharing hosting platforms and easily identifiable branding. A common hosting platform reduces integration issues and requires only one set of security checks, making security and information management more efficient and less costly. The common branding provides assurance to customers and simplifies their purchasing and administration processes.
So how do we embrace new technology like cloud whilst prioritising information security?
With technology advancing at a faster pace than ever, it would be detrimental to allow information security to hamper innovation. The key is to adapt our thinking. Rather than a risk avoidance culture, where projects are not taken forward or compromised because of information security concerns, we need to get better at asking: “How can we implement innovative technology securely?”
By doing this, we can identify and manage the risks and develop security measures that allow the Northern Ireland public sector to take advantage of the opportunities and efficiencies that new technologies such as the cloud can bring.
Who is Equiniti ICS?
Equiniti ICS is part of Equiniti, with over 2,500 staff working across 28 locations and delivering 5 per cent of outsourced business process services in the UK. We are a proven supplier of cloud-based services, and secure some of the public sector’s most important information – for organisations such as the National Health Service, Land and Property Services Northern Ireland and the Scottish Social Services Council. With IL2, IL3 and ISO 27001 accreditations and a place on the G-Cloud framework, we provide assured governance and risk management, designing our customers’ systems around their information security needs.
Phone: 028 9045 4166