Scribd
Upload
197 views12 pages

The Government and Cloud Presentation

The document discusses the UK government's proposed G-Cloud and app store. It proposes a hybrid cloud architecture using private community clouds from multiple providers to provide cost savings and flexibility while avoiding vendor lock-in. It examines security issues and proposes having separate private clouds for different impact levels to ensure adequate security for government services. Overall the architecture aims to reduce costs, improve resource use, and maintain security and service quality for public sector cloud computing.

Uploaded by

Nikola Vassilev
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
197 views12 pages

The Government and Cloud Presentation

The document discusses the UK government's proposed G-Cloud and app store. It proposes a hybrid cloud architecture using private community clouds from multiple providers to provide cost savings and flexibility while avoiding vendor lock-in. It examines security issues and proposes having separate private clouds for different impact levels to ensure adequate security for government services. Overall the architecture aims to reduce costs, improve resource use, and maintain security and service quality for public sector cloud computing.

Uploaded by

Nikola Vassilev
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Government and Cloud

The current thinking on the technical architecture


for the UK government’s proposed
G-Cloud and App Store

Kate Craig-Wood
CEO, Memset Dedicated Hosting
Technical Architecture Co-lead, G-Cloud Project

@Memset_Kate
Who is Kate?

@Memset_Kate
UK G-Cloud & App Store
 In order to reduce cost & carbon without compromising
service quality, UK public sector wants:
 Like-for-like service comparability
 Resources pooling from multiple providers
 Workload pooling for peak load curtailment
 Pay-as-you-use billing
 Access to cost benefits of massively automated ICT services
 Interoperability to avoid vendor lock-in

 Likely answer: A government ICT services marketplace


into a hybrid of several private community clouds.
 @Memset_Kate
NIST’s Cloud, on a cube

@Memset_Kate
G-Cloud view of the stack

@Memset_Kate
Possible G-Cloud architecture

@Memset_Kate
G-Cloud maturity model

@Memset_Kate
Cloud Computing and
Information Assurance (Security)
 “Cloud” often considered insecure, but why?
 In 8 years Memset have had zero VM break-outs.
 Can be more secure, eg. security through obscurity.
 Bigger concern is perhaps organisational threat.

 Though network virtualisation is okay, GCHQ has not


certified the hypervisor layer as a suitable barrier.
 Physical segregation still required for some services.

@Memset_Kate
Some public cloud services will
suitable for some pub. sec. needs
Flexible

Private Cloud Services


SERVICE LEVEL
AGREEMENT

Public Cloud Services


Public Cloud services
with enough location-
specific assurance at
SLA we’re able to
Fixed

accept

Agnostic DATA & SERVICE


LOCATION Specific

@Memset_Kate
A cloud for each Impact Level (IL)

@Memset_Kate
Security summary
 Some public cloud suitable for IL0, perhaps IL1 & 2
 Secure G-Cloud: Probably 1 private cloud per IL > 1

 Additional complicating factors:
 3 IL aspects: Confidentiality / Integrity / Assurance
 IL-threat combinations
 Risk aggregation

 All tractable problems, though!
@Memset_Kate
Thanks!

[email protected]
 @Memset_Kate
 Blog: KatesComment.com

@Memset_Kate

You might also like