Government Willing To Bend Security In Cloud Adoption

Government departments have shown a willingness to be flexible on security governance and cloud adoption. The breakthrough disclosure was taken from a survey report by public sector supplier CSC.

Following the survey at the government’s Information Assurance conference (IA10) in September, CSC said, “While the vast majority strongly agreed that the use of a public cloud would substantially increase risk to confidentiality, a majority also agreed that a shared private cloud (or community cloud) among users with similar security cultures would likely be an acceptable risk.”

Startling Change In Governance Rules

Join Our Next Webinar on January 12: Secure And Compliant Virtual Infrastructure

Ron Knode, CSC’s director for Global Security Solutions and author of the report, described this as a “startling discovery”. Although government departments generally accept other forms of innovation, the cloud has been treated with a degree of wariness.

“Previously, nobody was willing to do this – departments had their rules and that was that,” Knode explained. “Now suddenly, people are indicating that ‘if you’re a lot like me’ maybe they can come together with an altered set of governance processes and decision-making criteria to gain the benefits of the cloud.”

The government has said that cloud computing will be a major route to its cost-saving agenda, but concerns have been raised about security

Though security is of utmost concern to these departments, the inhibitors to achieving full-cost savings and efficiencies from cloud computing are the different approaches to information security across potential users, and the confusion that still exists about what the cloud offers, the report showed.

Enthusiasm to find the middle ground on governance was demonstrated by the majority of respondents (65 percent) who stated that they would be willing to share Security Operations Centre (SOC) services, as an interim measure to build trust between users.

Respondents also said that a reduction in the number of audit events to be monitored, along with a revision to internal governance, risk and compliance policies and processes, were the two most important compromises when migrating to cloud services.

“For progress to be made in cloud computing, departments need to focus on the paths of least resistance, such as creating a like-minded community sharing lower-risk services,” Knode wrote. “By establishing a governance test-bed, users can examine and validate potential areas of flexibility of governance.”

“Transparency also has to be included in every proposed cloud standard and advocates should resist the urge to develop too many clouds but rather explore progressive or layered clouds, which accommodate different user standards,” Knode added.

The report, titled Shared Services: A perfect storm of opportunity, was developed by CSC with support from UK government body CESG, the information assurance arm of GCHQ. Respondents included 200 senior security and IT experts working across central and local government and their associated suppliers, who attended the flagship IA10 event.

On January 12, at 1pm, eWEEK Europe is chairing an interactive webinar on compliance in virtualised infrastructures. Please join us.

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

TikTok US Sales ‘Hit $16bn’, ByteDance Nears Meta In World Revenues

TikTok reportedly brought in $16bn in US last year, while parent ByteDance made $120bn worldwide,…

18 hours ago

Bankman-Fried Deserves Up To 50 Years In Jail, Prosecutors Say

Ahead of sentencing prosecutors argue ex-FTX boss Sam Bankman Fried deserves up to 50 years…

18 hours ago

Senators Take Up TikTok Bill After Italy Fine Over Harmful Content

Senators consider bill restricting TikTok after rapid House approval, as Italy competition regulator fines company…

19 hours ago

AI Security Company Backtracks On UK Testing Claims

Security company Evolv backtracks on claims UK government tested its controversial AI security scanning systems

19 hours ago

Norfolk County Council Wins $490m Payout From Apple

Apple agrees to $490m settlement of class-action lawsuit led by Norfolk County Council for allegedly…

20 hours ago

McDonald’s International Outage Caused By Third Party

McDonald's says outage affecting thousands of locations across world caused by third-party tech provider carrying…

20 hours ago