In 2015, 50% of all new Government IT spending will be on the cloud.
And when it comes to cloud security, there’s a lot that businesses and IT departments could learn from the Government. After all, it will deal with some of the most sensitive data in the western world.
Here are the UK Government’s cloud security principles:
#1 – Data should be protected in Transit
Sensitive information is often targeted during secure data transfer when it’s in transit, so the government utilises a combination of network protection techniques and cutting-edge encryption to protect data when it’s on the move.
#2 – Data handling assets should be protected
To prevent legal or regulatory sanctions, consumer data, and the physical assets that store and use it, should be protected against physical damage or theft.
#3 – Consumers’ information should be separated
Different consumers should have their data stored in separate places. This practice ensures that the negative effects of any compromised information will be minimised and ensures a network’s overall security.
#4 – Service providers should have governance frameworks
To maintain efficiency in development and to react quickly to threats, the provider should have a framework in place that dictates how a service should be managed.
#5 – Security procedures should be in place
Similarly, separate security processes and frameworks should also be in place so that the service is effective against attacks.
#6 – Personnel should be screened and educated
Any staff that handle secure files should be both screened and educated to ensure that consumers’ data isn’t compromised – whether accidentally or maliciously.
#7 – Development should work towards security
Different programs that identify threats and vulnerabilities should be developed in order to keep customer data safe and minimise service weaknesses.
#8 – Supply chains should be secure
So that the service isn’t compromised, the provider must ensure that the same security initiatives are also in practice across all connected supply chains.
#9 – Consumers should have the relevant tools
Tools and educational information should be provided to consumers so that they can securely use relevant services and prevent unauthorised persons accessing their account.
#10 – Access should be limited to trusted individuals
All relevant service interfaces should only be able to be used by people who are authorised and authenticated to use them. This minimises the chances of unauthorised changes, theft and denial of service attacks occurring.
#11 – External interfaces should be vetted
If there are any connected interfaces that have been found to be less trusted than others then appropriate practices should be incorporated to ensure they don’t compromise systems.
#12 – Administration should be protected
So that potential attackers can’t bypass security functions, administration of the service should be designed to make it safer and less easy to exploit.
#13 – Consumers should be empowered
So that they can habitually detect inappropriate or malicious use of their services, consumers should be provided with relevant information about how to analyse their data.
#14 – Consumers should be aware of their responsibilities
To prevent the service being undermined or data becoming compromised, customers should have responsibilities that they must adhere to.
Is there anything you think your organisation could learn from the government’s approach to the cloud? Talk to us in the comments below.
Or if you’re looking for a secure approach to cloud-based sharing, find out how Maytech can help you send, receive and store information completely safely on the cloud.