The Cabinet Office is aiming to increase its use of software-as-a-service (SaaS) and public cloud within its digital estate, one of its digital team has told a conference.
Enterprise architect Joel Samuel was speaking at the first online session of UKAuthority’s Powering Digital Public Services event, at which he also indicated there are plans for the department to reduce its dependency on an ‘always on’ virtual private network (VPN).
The changes featured within his description of how the internal working of the Cabinet Office has responded to the coronavirus pandemic, and its plans for the future.
He said that most of the digital infrastructure is around six years old and that the department is now looking at modernising to use more systems developed in that time.
“That means more software-as-a-service, abstracting further away from some infrastructure we have been running,” he said. “Pushing things away perhaps from colocation or infrastructure-as-a-service into platform-as-a-service and software-as-a service means you do less.”
He explained that this referred reducing the amount of time the IT team have to spend on managing elements such as databases and applications, while allowing service providers with special expertise to take on more of the responsibility. He pointed to security as one of the areas in which they can provide a deeper expertise than exists in-house.
Derisking BYOD
Samuels also said there is an ambition to create “derisked BYOD” (bring your own device) with any laptops and browsers connecting to internal systems being encrypted and having the right authentication mechanisms. This would be accompanied by moving away from an ‘always on’ VPN.
“The view is that information accessed over a VPN is already encrypted, so why would we double encrypt?” he said. “This can introduce latency and infrastructure to manage.
“So one of the architecture patterns is to move away from this. It will help with mass working from home and business continuity.”
He pointed towards the use of a co-managed, encrypted domain name system service, into which policies and known malware lists could be injected, along with a series of audits, indicators and device attestation checks.
“We believe it will bring a bunch of benefits to users, giving them a faster experience and a good one,” he said. “We believe it can be less restrictive over end users and easier to operate for the IT team, so we can focus on high value tasks rather than commodity problems, while still having all the cyber security and information management requirements met.”
Samuels also said that, at a technology level, the Cabinet Office’s shift to home working in response to coronavirus had been quite smooth. It already had the technology and architecture in place, with staff not tied to fixed terminals, making it possible to carry out a “lift and shift”.
Image from GOV.UK, Open Government Licence v3.0
