Government IT: Secrets and clouds
Inside the Enterprise: A new service will allow civil servants to use Microsoft Office as a cloud computing service.
One of the objections to cloud computing is that organisations that use it can no longer guarantee security.
But over the last couple of years, the security of cloud platforms has improved markedly.
Although there are still plenty of consumer-oriented services on offer, with little in the way of security features, more companies are now offering cloud computing with a degree of security built in. System integrators are also building security "wrappers" around their off the shelf IT infrastructure.
Even Government agencies are getting in on the act. One interesting example of building a secure cloud environment comes from FCO Services, a trading arm of the Foreign and Commonwealth Office.
FCO Services' new offering, PSN360, is built around a core of Microsoft's Office 365 platform, but hosted on secure servers within the Government IT infrastructure. Added to that are SharePoint, Microsoft's unified communications platform, Lync, and Microsoft Dynamics, for departments to build their own applications.
These are standard, off the shelf components, but the added security provided by FCO Services allows them to be accredited to IL3 (Business Impact Level 3), or Restricted.
According to David Smith, interim head of IT at FCO Services, this offers the best "value proposition" for Government agencies and departments: providing security up to IL4 (Confidential) would increase costs if departments only need IL0 no specific level of security then a plain vanilla implementation of Office 365, or another cloud service, would suffice.
But the idea behind the service and building it to IL3 standards is not to replace highly secure Government servers and communications, but to offer some of the advantages of flexible working, as well as the scale-up and scale-down, usage-based pricing of the cloud, to those parts of the public sector where security was a barrier in the past.
Office on demand, and especially Lync, should improve both flexibility and collaboration, as staff can access the services through the GSI and PSN networks. Smith suggests that this will help departments enjoy some of the productivity gains private enterprise has gained from the cloud, but without security compromises.
There is another benefit: departments that only need a certain number of people to have IL3 security, or need to deploy secure services specifically for people who work remotely, can now do so via the cloud. FCO Services has also also built in some other services to the platform, such as data migration.
And, although for now the services are focused around Microsoft software as Smith points out, this is what most civil servants use the organisation is also looking at open source services. Potentially, there could be an IL4 offering in the future too, bringing the technology into more sensitive areas of government.
But, as Smith points out, industry and government have come a long way, in a short space of time. Just a few years ago, any suggestion of running secure communications for government, in the cloud, would have been dismissed as impractical or even dangerous. Now it seems almost mundane.
If the cloud is secure enough for our diplomats and spies, then it's likely to be secure enough for most enterprises, too.