Home Office keeps 250 sets of applications in AWS or Azure
Minister reveals department does not currently use Google Cloud Platform
Credit: Gianni Crestani/Pixabay Image has been cropped
The Home Office runs more than 250 groups of software applications from a public-cloud environment provided by Amazon Web Services or Microsoft, a minister has revealed.
Tom Pursglove, a junior minister at the department, added that this number of “application groupings” does include “duplications where services may have development, test, pre-product and production environments in either or both” of AWS and Microsoft Azure.
“The Home Office is a large user of both AWS and Azure,” he added, in response to a series of written parliamentary questions from Labour MP Chi Onwurah. “The use of these capabilities varies from business application deployments to encrypted storage and compute. This is supplemented by robust and targeted private hosting capabilities.”
Despite its widespread use of Amazon and Microsoft, the department has nothing at all stored in the an environment provided by the third of the three major public cloud providers: Google Cloud Platform.
“The Home Office, as with other government departments follows the Government Digital Service advice to move towards public cloud first for our computing needs,” Pursglove added. “This allows us to build scale, flexibility and control into our applications and infrastructure.”
In a question to the Cabinet Office, Onwurah asked the department what “assessment [it] has made of the level of risk to UK citizens' data where that data is hosted on public cloud providers; and [what] steps the department takes to protect UK citizens' data on public cloud providers”.
Heather Wheeler, a junior minister at the central department, said that each discrete Whitehall department – including the Cabinet Office – is responsible for conducting its own “risk-based assessment of their use of cloud providers for the storage of government data up to ‘Official’ level, including UK citizens’ data”.
‘Official’ is the lowest of the three levels of classification of government data – coming before ‘Secret’ and ‘Top Secret’ – and is applied to “the majority of information that is created or processed by the public sector”.
This “includes routine business operations and services, some of which could have damaging consequences if lost, stolen or published in the media, but are not subject to a heightened threat profile”.
According to Wheeler, when assessing potential suppliers to host such information, central government bodies should consider the cloud security advice set out by the National Cyber Security Centre.
“Departments are required to follow the Technology Code of Practice when choosing a cloud provider, and this is assessed as part of the spend controls function,” she added. “Departments must show that they have chosen the technology which provides the best value for money while meeting user needs. The Central Digital and Data Office carries out ongoing engagement with departments to review their decision-making about hosting. This includes qualitative analysis through user research as well as spend controls.”
Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...
Bill introduced during Queen’s Speech proposes a range of reforms
Department says information provided by newspaper publisher will be used across more than 30 areas of operation
Public spending watchdog points to issues with controls on fraud and error