The Defence Digital Service (DDS) has shifted data for its Readiness Reporting and Deployability Discovery (R2-D2) project to a public cloud.
It marks a significant step in acknowledging the security standards of public cloud services, with the team within the Ministry of Defence hoping it will set a precedent for other defence organisations to make a similar move.
This follows a statement in November of last year by the head of the organisation, Rich Crowther, supporting the security of hyperscale cloud providers.
R2-D2, launched late in 2019, involves looking at how defence as a whole assesses the supply and demand of people and equipment in the sector.
Ian Baars-Gordon, co-founder of DDS, said the migration of relevant data to the public cloud required accreditation for the relevant service under the Joint Service Public (JSP) 604, a set of rules for joining networks originally developed for using on-premise hosting. It had not been done before in defence and the adoption of public cloud had been sparse so there were no patterns to copy.
Setting precedent
βI am delighted to say that after many meetings, workshops, documents and discussions, we achieved accreditation and migrated sensitive data onto the public cloud, thereby setting a precedent for the rest of defence and hopefully expediting any future attempts to do the same,β he said.
βTo take this one step further, we did this in a completely repeatable manner, declaring all of our infrastructure as code and storing it on GitHub, where the rest of defence can access it.β
Baars-Gordon added that the Government Digital Service provided support in the alpha assessment through fortnightly sprint meetings. The assessment involved two parts as the first left several unanswered questions but was passed last September.
The R2-D2 project is now in the private beta phase and said to be close to the delivery of a minimum viable product.
Image from iStock
