Cloud migration and data sovereignty

Mon 06 Mar 2017

Government adoption of Cloud services has been strong, with initiatives such as G-Cloud and the ‘cloud first’ mantra helping to drive the message home. But more recently, migration has slowed due to concerns over incoming legislation and escalating attacks, both of which demand better security assurances. Then there’s the issue of data sovereignty.

There’s currently no compunction for cloud providers to house data on UK soil and this can see data held elsewhere subject to the local jurisdiction. Recognising this as a major issue, Amazon Web Services, Microsoft and IBM all launched UK-based datacentres last year which promise to alleviate this issue, providing the public sector with the assurances needed to build out cloud services. UK Azure has already announced The Ministry of Defence as it’s first customer in September who will be committing to a “full blown leap into the cloud” by connecting current AWS cloud and other cloud services with the new offering to provide a comprehensive cloud infrastructure.

A ‘UK-only’ cloud is a smart move, making it easier post-Brexit to demonstrate data compliance and allowing more data to being migrated across to create a single infrastructure. This single infrastructure is key to the future of a transformative government and will be the only way to manage all of the data that organisations are handling now and into the future; it will simply become unworkable to continue using data silos.

A clear example of this is case management. Teams need to be able to securely access, change and progress case files held on citizens from applications to ongoing records. This is highly sensitive data and accessing it in the Cloud has been problematic in the past. However, the use of multi-factor authentication, data partitioning and cryptography which allows individual keys to be assigned to highly sensitive documents, are now making this a viable method of storing and accessing highly sensitive data that would have been classed as IL3 in the past.

Reserving the Cloud for non-sensitive data, continued investment in on-premise, and the assumption that ownership equals security are all now redundant Cloud concepts. UK-specific datacenters that can offer government grade assurances for the handling of sensitive data are set to drive a new era in Cloud computing. It will create a scalable infrastructure to store, access and document data sets more accurately, restore operations more quickly and work more efficiently. It’s the Cloud that will enable digital government to transform.