Cloud services supplier provides new offerings to meet demands of the Government Security Classification Policy
Government has begun to take a new approach towards preserving the security of its data held in the cloud.
The demands changed last year with the implementation of the new Government Security Classification Policy (GSCSP), which demands a more proactive approach from public authorities storing data in the cloud. Skyscape Cloud Service, the dedicated provider of cloud services to the UK public sector, has responded by creating platforms that support them in taking this approach.
A couple of significant changes were made as the old G-Cloud services were replaced by those now offered under G-Cloud 6. Previously security hinged around the Pan Government Accreditation, under which public authorities could satisfy themselves that their cloud supplier had the appropriate certification.
Now government organisations have to be more pro-active, carrying out their own due diligence on suppliers and checking how they match up to questions based on the 14 Cloud Security Principles from the government's National Technical Authority for Information Assurance (CESG).
"Responsibility for finding the right place to host data in the cloud has very much fallen back to the customer," says John Godwin, head of information assurance and compliance at Skyscape. "They have to do their own due diligence on suppliers, ask the right questions and understand evidence that organisations like Skyscape will provide."
Also, while previous G-Clouds provided services to hold data for Impact Levels 0-3, the new version can take all data classified as Official, up to the more sensitive Impact Level 4. This accounts for about 90% of the data held by the UK public sector, and creates a demand for more flexibility in how organisations can store and manage their data.
Skyscape has responded with the creation of two distinct platforms: Assured Official, which is connected to the internet and can take all data up to IL4; and Elevated Official, which is only connected to government networks. Both can also handle data categorised as Official Sensitive, for which the customer imposes their own controls on how it is managed, such as the use of different types of encryption or specific requirements for clearance.
The company has also launched its HybridConnect service, which provides connectivity between public and private clouds, and helps organisations to move their data between platforms. They can move workloads between their own infrastructure, the Skyscape platform or one from another cloud provider.
It all responds to feedback from public authorities that they require a private dedicated link to facilitate the migration of large workloads, and to integrate hosting applications with back end systems on a hybrid model.
Data moving mechanism
Godwin says that Skyscape has a mechanism, with an assurance wrap, to enable customers to move data out of its Elevated Official space and make it available to the public for transactions through their own online applications.
"Skyscape does not look after the applications," he says. "We provide the secure hosting platform, and how they choose to move data between repositories is a function of their application. But when we allow them to use that solution they have to demonstrate to us they've undertaken a number of security activities before we allow that function to take place."
The company has also been able to reduce the pricing of its Compute-as-a-Service and Storage-as-a-Service offerings by 44% and 75% respectively, a move that Goodwin says has been made possible by economies of scale as more customers have signed up. It has also introduced: a new pricing model for its connectivity services, by which customers will only have to pay for what they use; free connectivity via the PSN Assured network; tiered pricing for connectivity via the PSN Protected or NHS N3 networks; and an increased service level agreement for its Compute-as-a-Service.
Further new offerings include:
- A cross domain security zone for flexible and secure gateways between lower and higher security platforms;
- Secure remote access for the Elevated Official platform;
- A protection capability against distributed denial of service attacks;
- Storage options for write-intensive workloads;
- Exclusive use of host servers to comply with legacy licensing requirements;
- Enhanced Platform-as-a-service product capabilities and free trials.
Simon Hansford, chief executive officer of Skyscape, said: "We are introducing a number of new options to support our public sector customers in delivering secure transactional services to citizens. We have developed these in line with our customers' requirements, which ultimately demonstrates our continued and exclusive commitment to the UK public sector."
Pictured: John Godwin