back to article You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES

Doing business in the cloud is more secure than owning your own data centre, Cabinet Office minister Francis Maude has claimed. Speaking at the Cyber Security Summit 2014 in London, he said: “Doing things in the cloud is more secure than doing [it] ourselves. It is comforting to know where your data centres are - although in …

  1. James O'Shea

    well, that's a relief

    If they knew where the DCs were, some twit politician would insist on micromanaging 'em. and would actually be able to check up to see that his idiotic orders were being followed. If they don't know where they are, they have no clue as to what's really going on there, which is A Good Thing(tm).

    Hmmm. How can I get a contract to set up some nice DCs for HMGov?

    1. Destroy All Monsters Silver badge

      Re: well, that's a relief

      1) For some reason the DC must be near Cannes (cheap hydroelectric energy?) and have a special luxury hotel for tired sysadmins

      2) Promise to invite the people in charge to organize extended tours at repeat intervals no longer than six months for monitoring purposes

      1. tony2heads

        Re: well, that's a relief

        3) has to be close to the beach for seawater cooling system!

    2. Anonymous Coward
      Anonymous Coward

      Re: well, that's a relief

      >If they knew where the DCs were, some twit politician would insist on micromanaging 'em.

      There are good reasons why for some departments, knowledge of where their active datacentres are located is only known to those who need to know.

      I worked for one department (not the MOD), where even though I was designing a system that would impact all their datacentres, I could only officially know their 'public' names but not their physical locations. Also because the technical design documentation would be shared outside of the physical office wing I worked in, it could not contain any details that would permit the identification of datacentres.

      Thus I can fully understand that in some departments mere politicians would be kept in the dark about such matters.

  2. Destroy All Monsters Silver badge
    Trollface

    And we should not have hosting contracts more than two years, as the cost [of hosting] is halving every 18 months.

    This can be effortlessly spun into "Wise government industrial policy helps create the industry that gives us powerful means of becoming the future technology hub of $WORLD, helps us manage contracts to get maximum value for taxpayer money and also keeps inflation in check so much that there is a danger of deflation which, however is being looked after by the independent Central Bank."

  3. David Roberts

    I assume that prior to the gleeful spin, what he meant was that individual departments using the Governmemt cloud may not always know the geographical location of the servers holding their data.

    I hope.

    With him that relying on fragmented Government IT procurement and deployment can leave the whole cloud exposed by one poor server/site.

    My cynical side thinks that the Government wants to push loads of money to cloud providers to get infrastructue off their capital budget and ditch some expensive skilled personpower.

    Sound familiar?

    1. Colin Brett

      "My cynical side thinks that the Government wants to push loads of money to cloud providers to get infrastructue off their capital budget and ditch some expensive skilled personpower."

      Well put. However ...

      My cynical side thinks that the Government wants to push loads of money to cloud providers to get a nice cushy directorship lined up so they can walk into a new job after they get shit-canned at the next election.

      Colin

      1. Anonymous Coward
        Anonymous Coward

        Definitely works on this side of the Pond. In everything. Oh, and that job can be spun to get back into a policy position.

  4. Anonymous Coward
    Anonymous Coward

    That's the least of your worries...

    At least GDS (Government Digital Services) aren't putting untested, insecure "prototype" (ie "definitely not meant for production") code live on real servers, handling real public data...

    AC, 'cause I quite like my job.

  5. Anonymous Coward
    Flame

    "Cloud providers live or die by their cloud security.”

    Yes, Maude, and when they die, they take you with them, and there's fuck-all-on-toast you can do about it.

  6. Anonymous Coward
    Anonymous Coward

    First draft of this speech read...

    "It is comforting to know how to find my arse with both hands..."

    1. D Moss Esq

      Re: First draft of this speech read...

      Funny you should mention that.

      "When it comes to cyber security QinetiQ couldn’t grab their ass with both hands"

  7. IT Hack

    Contempt

    My god...this is even worse than listening to Cameron talk about IT!

    1. Anonymous Coward
      Trollface

      Re: Contempt

      Not possible, except for Farage

  8. John Smith 19 Gold badge
    Unhappy

    "live and die by their security." Except in America, where THE PATRIOT makes it BS

    Enough with this "cloud" b**locks.

    It's a network of servers permitting application and data migrationwithin the network.

    Now try and migrate to another cloud.

    I wonder if Maude even know how many data centres the UK Govt has?

    I'd suggest a hell of a lot more than it needs give bureaucratic empire building over decades.

  9. D Moss Esq

    Be under no illusions ...

    Central and local government departments need have no fear about the security of the cloud computing services they buy from CloudStore/the Digital Marketplace.

    These are underpinned by HMG's stringent Cloud Security Principles.

    And suppliers demonstrate their adherence to these security principles by saying that they do:

    QUOTE

    Assure

    Suppliers will complete a number of pre-defined security statements asserting how their services meet the Cloud Security Principles.

    UNQUOTE

    It's called "self-certification" and it worked very well in the run-up to the credit crunch when borrowers self-certified their own mortgage applications.

  10. D Moss Esq

    It's beyond the power of FTSE-100 companies ...

    Who can forget that 5 September 2012 press release issued jointly by BIS and the Cabinet Office (prop. F. Maude) Business leaders urged to step up response to cyber threats? That's when they wheeled in Sir Iain Lobban, the Director of GCHQ at the time, to tell the assembled chairmen of the UK's top 100 companies that they were no good at cybersecurity.

    Every day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal money or commercial secrets. My experience suggests that in practice, few companies have got this right.

    You'd better forget it now because otherwise Mr Maude's comments don't make sense. Security – particularly in the cloud – is a unicorn. A lovely idea, but it doesn't exist.

    If you can't forget it, then the question is what are those dreadful bullies at GDS going to make poor Mr Maude say next? Whitehall can't afford not to use consultants?

  11. D Moss Esq

    Spooky

    Some time back, ElReg carried an important medical report, Wacky 'baccy making a hash of FBI infosec recruitment efforts. The science is hard to follow but you don't think, do you, that the same problem now affects our own dear Cabinet Office?

  12. Anonymous Coward
    Coat

    I know where two of them are.

    One's on the grounds of Ft. Meade, Maryland, and the other is somewhere in Utah.

  13. JassMan
    Unhappy

    Never mind the security

    I was pissed off when paying for my taxdisc while waiting over 3 minutes for something called s1-eu-west.amazonaws.com or somesuch to try to find its arse. To add insult to injury, I had time to open a new tab and read the page that said you have a choice between using the beta software or the previous version - no you bloody don't. Then I read all the wonderful desktop stats that said page loads in the last 24 hours all happened in less that 0.92s (again they bloody don't). About a minute after I returned to the original tab, it eventually displayed the next stage of the process.

    It may have saved the guvmint a couple of grand by outsourcing to amazon, but I would rather they taxed them what they should be paying and used the money to run an in-house service with a half decent response time. I can only assume the pretty stats are self certified by amazon, so that the minister-of-outsourcing can claim the new service is an improvement.

  14. Anonymous Coward
    Anonymous Coward

    Mad Frankie Maude has been reassured that Microsoft Azure is running Linux

  15. Anonymous Coward
    Anonymous Coward

    It's certainly true that there is no crypto-crunching behemoth data centre under GCHQ. To fool Red China I was asked if they could keep it in my lock-up garage.

    1. Anonymous Coward
      Anonymous Coward

      data centre lockup

      I know the one, its across from my house with kids playing on a broken asbestos roof - shabby enough for UK Gov though

  16. J.G.Harston Silver badge

    All your data belong us now

    "No hosting contract to last more than two years"

    I hope that hosting contract includes migrating the data to the next hosting system.

    1. Anonymous Coward
      Anonymous Coward

      Re: All your data belong us now

      No, that'll be an unforseen expense and worthy of another contract whilst the data languishes on the current provider. To really earn their salaries, they'll have the old data on one provider, the new on the new, and one or more contracts to merge it all together.

      Ummm, having worked in government I've seen this in practice and cleaned the mess up. Repeatedly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like