wwhat could go wrong?
Really ;-)
A records management system is being developed for the Department of Work and Pensions that could be used by other government agencies. HP is doing the work under its contract for application services with the department. Graham Lay, vice-president of HP Enterprise Solutions, said the company is making the investment in the …
So let me get this straight. Private and confidential data for internal government use is being pumped into the cloud; using a ¡foreign! contractor. US-based at that.
This is a fucking stupid idea on almost every level. It's going to get pwned almost immediately, I expect; but even if (by a billion-to one chance) it turns out to be secure; the data is a gift to the US.
What is wrong with these people? Do they have the explicit permission from the people who own the data to use their details in this manner? Thought not.
Ok, DWP data is already available to Government bodies and Local Authorities through the governements "secret squirrel interweb" GSi - GCSx infrastructure.
So why put it onto the cloud as well? LAs were beaten with a big stick until they signed up with GSi-GCSx, and we went through the Kaftka-esque nightmare of the "Code of connection" solely because it was the only way to get access to DWP data (no dwp data, no housing benefit claims processing, no Council).
And now the DWP are going to put this data into the cloud! Why? Why? IF you create a criteria and infrastructure to endeavour to keep this data secure, why then stick it in the cloud so that every script-kiddie can have a go at it?
Andy's right to be concerned... If you give somebody the opportunity to hack into Sensitive Data from their bedroom, they will...
The MODEL is being shared, not the data. They are creating a "sharepoint for public services" and want to share the design of the application and the infrastructure, not the contents of it.
OK, the components being shared could be better spelt out in the article, as well as the security aspects (private cloud) but still, you must all be incrediby fit to have such good knee-jerk reactions.
Reign in the anger people, its only Monday morning!
HP are a foreign company, but the article doesn't say anything about where it is to be hosted. It also doesn't say if this cloud will be connected to the internet so it may just be a cloud resource within an existing DWP network making it at least as secure as what's there now. Just because its a cloud, doesn't mean everyone can see it out of their window...
Today HP tells us via the Guardian via ElReg that:
"[cloud computing] technology is making the [DWP] initiative possible"
and
"cloud platforms could support the effort to make applications available beyond the commissioning body"
Can this be the same HP who were reported by IT Pro on 2 June 2011 as saying (http://www.itpro.co.uk/633898/updated-government-g-cloud-is-dead-says-hp):
"Government G-Cloud is dead"
and
"IT PRO learns from the UK HP managing director the Government has completely canned the G-Cloud project"
and
"The UK Government G-Cloud project has been killed off by the Coalition, according to the managing director ... of HP in the UK"
and
"Nick Wilson, who has been heavily involved in Government IT planning, revealed to IT PRO yesterday the Coalition had dropped the cloud initiative in favour of focusing more heavily on data centre consolidation"?
Yes, it can.