Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Britain's former cloud computing champion John Suffolk has challenged Australian government chief information officers to justify their concerns about security in the cloud.
Speaking at the Technology in Government Summit in Canberra this month, the former government CIO chided his peers for using security as a means of deferring trials of cloud computing.
Suffolk led the development of Britain's G-Cloud, a plan that was published by the Cabinet Office last year and was expected to cut £3.2 billion from the Government's annual spend by 2013-14.
“We should not underestimate cloud computing,” he told delegates in Canberra.
Although security had to be considered before introducing new, government cloud computing services, Suffolk argued that security issues were exaggerated and used as an excuse for avoiding the cloud model.
Major IT suppliers had a vested interest in fuelling such concerns, he speculated, adding that proprietary vendors were "very, very concerned".
"You mean you are not going to give [suppliers] license fees for doing nothing? It’s a big issue. The industry is fundamentally changing," he said.
After leaving the British Cabinet Office in November, Suffolk advised the World Bank High-Level Experts group, helping governments understand how technology could improve the public sector and generate economic growth.
He planned to join Chinese networking and telecommunications vendor, Huawei, as its global cyber security officer (GCSO), commencing 1 October.
Suffolk challenged members of the audience to clarify how having the term “cloud” in front of a government data centre made it any less secure than a physical service.
“Tell me how your security model has changed?” he asked cloud adopters.
He argued cloud computing should not be viewed as a threat for government, but an opportunity,.
“My advice is dip your toe in the water. Try it. Put some services into a cloud-based model -- public or private depending on your security model," he said.
"Begin to migrate your services. Begin to downgrade your legacy [infrastructure] in terms of what goes on it. Because if [a cloud trial] doesn’t work, you will not have invested a whole lot of capital.”
Addressing immaturity and lock-in
Suffolk encouraged agency CIOs to design environments in which applications were seperated from the underlying platform, in order to avoid being locked into particular vendors or immature cloud offerings.
“You can come up with cloud models that separate apps from infrastructure," he said. "It’s like buying electricity but having a choice over what kettles you might plug in.
“If it’s a low risk app do you really care on the basis that it’s pay for use?" he added.
Meanwhile, any agencies planning to adopt the cloud model for a “core critical system” should put the same effort into analysis, design and architecture as they would in a non-cloud world, he said.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
