But in a good way…. they have managed to cut through all the legal and information security challenges to start moving their email and documents to the public cloud. This is despite all the fear, uncertainty and doubt being generated by the recent revelations about PRISM, the secret US government data collection initiative.
This is obviously not as ground breaking as the signing of the Magna Carta, nevertheless it is a revolutionary move. Despite the UK Government’s drive to move public service IT to the cloud only two other organisations have managed to start moving email and shared documents to the public cloud. The others are DEFRA (Department for Environment, Food & Rural Affairs) and elements of the National Health Service (NHS).
One of the biggest reasons for organisations to shy away from the public cloud is concerns about the security of sensitive information. Addressing this is a critical step towards the cloud and this is done by classifying information. The UK Government has a way to do this with what it calls impact levels (ILs):
- Impact level 1: Unclassified
- Impact level 2: Protect
- Impact level 3: Restricted
- Impact level 4: Confidential
- Impact level 5: Secret
- Impact level 6: Top secret
The Government uses the same ratings to accredit IT solutions and by matching the IT solution rating to the information rating costs are optimised, as the costs of IT solutions rises significantly as the IL rating increases. The Houses of Parliament classified its information and found that 99% is IL1 or IL2 and they therefore only needed an IL2 solution – Microsoft Office 365.
Joan Miller, Director of Parliamentary ICT – risk of going cloud was tiny compared to the enhancements gained
Although Microsoft Office 365 is accredited to a higher level than their current in-house solution, there was a higher risk relating to data sovereignty. However, the Houses’ and Microsoft’s lawyers felt that the risk of this materialising was extremely low and this didn’t stop them implementing their ‘cloud first’ strategy.
We can learn a lot from the Houses of Parliament to help us deliver our own cloud strategies.