back to article You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES

Doing business in the cloud is more secure than owning your own data centre, Cabinet Office minister Francis Maude has claimed. Speaking at the Cyber Security Summit 2014 in London, he said: “Doing things in the cloud is more secure than doing [it] ourselves. It is comforting to know where your data centres are - although in …

Silver badge

well, that's a relief

If they knew where the DCs were, some twit politician would insist on micromanaging 'em. and would actually be able to check up to see that his idiotic orders were being followed. If they don't know where they are, they have no clue as to what's really going on there, which is A Good Thing(tm).

Hmmm. How can I get a contract to set up some nice DCs for HMGov?

2
0
Silver badge

Re: well, that's a relief

1) For some reason the DC must be near Cannes (cheap hydroelectric energy?) and have a special luxury hotel for tired sysadmins

2) Promise to invite the people in charge to organize extended tours at repeat intervals no longer than six months for monitoring purposes

2
0

Re: well, that's a relief

3) has to be close to the beach for seawater cooling system!

1
0
Anonymous Coward

Re: well, that's a relief

>If they knew where the DCs were, some twit politician would insist on micromanaging 'em.

There are good reasons why for some departments, knowledge of where their active datacentres are located is only known to those who need to know.

I worked for one department (not the MOD), where even though I was designing a system that would impact all their datacentres, I could only officially know their 'public' names but not their physical locations. Also because the technical design documentation would be shared outside of the physical office wing I worked in, it could not contain any details that would permit the identification of datacentres.

Thus I can fully understand that in some departments mere politicians would be kept in the dark about such matters.

0
0
Silver badge
Trollface

And we should not have hosting contracts more than two years, as the cost [of hosting] is halving every 18 months.

This can be effortlessly spun into "Wise government industrial policy helps create the industry that gives us powerful means of becoming the future technology hub of $WORLD, helps us manage contracts to get maximum value for taxpayer money and also keeps inflation in check so much that there is a danger of deflation which, however is being looked after by the independent Central Bank."

0
0
Silver badge

I assume that prior to the gleeful spin, what he meant was that individual departments using the Governmemt cloud may not always know the geographical location of the servers holding their data.

I hope.

With him that relying on fragmented Government IT procurement and deployment can leave the whole cloud exposed by one poor server/site.

My cynical side thinks that the Government wants to push loads of money to cloud providers to get infrastructue off their capital budget and ditch some expensive skilled personpower.

Sound familiar?

4
0

"My cynical side thinks that the Government wants to push loads of money to cloud providers to get infrastructue off their capital budget and ditch some expensive skilled personpower."

Well put. However ...

My cynical side thinks that the Government wants to push loads of money to cloud providers to get a nice cushy directorship lined up so they can walk into a new job after they get shit-canned at the next election.

Colin

4
0
Silver badge

Definitely works on this side of the Pond. In everything. Oh, and that job can be spun to get back into a policy position.

0
0
Anonymous Coward

That's the least of your worries...

At least GDS (Government Digital Services) aren't putting untested, insecure "prototype" (ie "definitely not meant for production") code live on real servers, handling real public data...

AC, 'cause I quite like my job.

4
0
Flame

"Cloud providers live or die by their cloud security.”

Yes, Maude, and when they die, they take you with them, and there's fuck-all-on-toast you can do about it.

15
0
Anonymous Coward

First draft of this speech read...

"It is comforting to know how to find my arse with both hands..."

4
0

Re: First draft of this speech read...

Funny you should mention that.

"When it comes to cyber security QinetiQ couldn’t grab their ass with both hands"

1
0

Contempt

My god...this is even worse than listening to Cameron talk about IT!

0
0
Trollface

Re: Contempt

Not possible, except for Farage

0
0
Gold badge
Unhappy

"live and die by their security." Except in America, where THE PATRIOT makes it BS

Enough with this "cloud" b**locks.

It's a network of servers permitting application and data migrationwithin the network.

Now try and migrate to another cloud.

I wonder if Maude even know how many data centres the UK Govt has?

I'd suggest a hell of a lot more than it needs give bureaucratic empire building over decades.

3
0

Be under no illusions ...

Central and local government departments need have no fear about the security of the cloud computing services they buy from CloudStore/the Digital Marketplace.

These are underpinned by HMG's stringent Cloud Security Principles.

And suppliers demonstrate their adherence to these security principles by saying that they do:

QUOTE

Assure

Suppliers will complete a number of pre-defined security statements asserting how their services meet the Cloud Security Principles.

UNQUOTE

It's called "self-certification" and it worked very well in the run-up to the credit crunch when borrowers self-certified their own mortgage applications.

2
0

It's beyond the power of FTSE-100 companies ...

Who can forget that 5 September 2012 press release issued jointly by BIS and the Cabinet Office (prop. F. Maude) Business leaders urged to step up response to cyber threats? That's when they wheeled in Sir Iain Lobban, the Director of GCHQ at the time, to tell the assembled chairmen of the UK's top 100 companies that they were no good at cybersecurity.

Every day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal money or commercial secrets. My experience suggests that in practice, few companies have got this right.

You'd better forget it now because otherwise Mr Maude's comments don't make sense. Security – particularly in the cloud – is a unicorn. A lovely idea, but it doesn't exist.

If you can't forget it, then the question is what are those dreadful bullies at GDS going to make poor Mr Maude say next? Whitehall can't afford not to use consultants?

0
0

Spooky

Some time back, ElReg carried an important medical report, Wacky 'baccy making a hash of FBI infosec recruitment efforts. The science is hard to follow but you don't think, do you, that the same problem now affects our own dear Cabinet Office?

0
0
Coat

I know where two of them are.

One's on the grounds of Ft. Meade, Maryland, and the other is somewhere in Utah.

0
0
Silver badge
Unhappy

Never mind the security

I was pissed off when paying for my taxdisc while waiting over 3 minutes for something called s1-eu-west.amazonaws.com or somesuch to try to find its arse. To add insult to injury, I had time to open a new tab and read the page that said you have a choice between using the beta software or the previous version - no you bloody don't. Then I read all the wonderful desktop stats that said page loads in the last 24 hours all happened in less that 0.92s (again they bloody don't). About a minute after I returned to the original tab, it eventually displayed the next stage of the process.

It may have saved the guvmint a couple of grand by outsourcing to amazon, but I would rather they taxed them what they should be paying and used the money to run an in-house service with a half decent response time. I can only assume the pretty stats are self certified by amazon, so that the minister-of-outsourcing can claim the new service is an improvement.

0
0
Silver badge

Mad Frankie Maude has been reassured that Microsoft Azure is running Linux

0
0
Anonymous Coward

It's certainly true that there is no crypto-crunching behemoth data centre under GCHQ. To fool Red China I was asked if they could keep it in my lock-up garage.

0
0
Anonymous Coward

data centre lockup

I know the one, its across from my house with kids playing on a broken asbestos roof - shabby enough for UK Gov though

0
0
Silver badge

All your data belong us now

"No hosting contract to last more than two years"

I hope that hosting contract includes migrating the data to the next hosting system.

0
0
Silver badge

Re: All your data belong us now

No, that'll be an unforseen expense and worthy of another contract whilst the data languishes on the current provider. To really earn their salaries, they'll have the old data on one provider, the new on the new, and one or more contracts to merge it all together.

Ummm, having worked in government I've seen this in practice and cleaned the mess up. Repeatedly.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018