As the year drew to a close, AWS was handed a pre-Christmas bonus in the form a £450m contract to provide cloud services to the UK’s Home Office.
The contract document provided little clarity about the services provided under the deal or why it is over three times more expensive than the last partnership between Amazon’s cloud platform and the government department.
What’s more, the wording of the contract, which began this month and runs for three years, implies that AWS staff may be exempt from security clearances when handling sensitive Home Office data.
Neither the Home Office nor AWS chose to comment on the deal when approached by Tech Monitor, but the contract is further ammunition for those who question the heavy reliance on AWS from Whitehall departments.
Last year, a report from the Centre for International Corporate Tax Accountability and Research (CICTAR) and think tank TaxWatch revealed AWS had won UK public sector contracts worth over £600m since 2017. During that time, it had avoided paying some £84m in taxes. Amazon said at the time that the UK branch of AWS pays “all applicable taxes”.
The CICTAR report named the Home Office as AWS’s biggest UK public sector customer, having paid the company some £225m between 2017–22.
AWS will certainly face scrutiny about its involvement in the UK cloud market from competition regulator the Competition and Markets Authority, which is looking at whether the dominance of the US hyperscale providers – AWS, Microsoft Azure and Google Cloud – presents antitrust issues.
In December it was revealed that the third of this trio, Google Cloud, had written to the CMA urging it to look closely at anti-competitive practices deployed by Microsoft.
BlackCat left with tail between its legs?
Law enforcement agencies battling ransomware criminals ended the year on a high by taking down BlackCat, one of the most prolific and notorious gangs currently in operation.
The group, which has claimed victims including social network Reddit, the Munster Technical University, Barts Health NHS Trust, watchmaker Seiko and technology vendor Casepoint in the last two years, saw its dark web leak site disabled on Thursday, 7 December.
Although BlackCat, also known as Alphv, initially claimed it would soon be up and running again, it was later revealed that the US Department of Justice had seized the site and created a decryption key for the group’s ransomware which could allow victims to recover their data. However, at the time of writing BlackCat claims to re-seized control of the site, and that the decryption key only works on a small subset of encrypted information. It looks like the eternal game of, er, cat and mouse between police and cybercriminals will continue into the new year.