Sign up for our newsletter
Technology / Cloud

New “100% UK Sovereign” UKCloud Service Takes Pot Shot at US CLOUD Act

A secure new UKCloud service takes specific aim at the risk of foreign surveillance, highlighting its “100% UK sovereign” nature and emphasising that its set-up means “no risks of foreign surveillance (e.g. US CLOUD Act)”.

UKCloudX, a new arm of privately held UKCloud, launched this week following a £25 million investment by the Farnborough-based company.

The high assurance cloud platform aims to meet the needs of the country’s “most critical and sensitive systems”.

It spans two government-grade UK datacentre sites 70 miles apart on the Crown Campus – home to the government’s own datacentres.

White papers from our partners

The mention of the US CLOUD Act refers to the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which was signed into law in April by President Donald Trump. As reported by Computer Business Review, the CLOUD Act streamlines law enforcement access to data stored on US tech platforms.

Critics like civil liberties group the ACLU claim the bill “strips power away from Congress and the judicial branch, giving [Attorney General] Mike Sessions and… and future executive branch officials virtually unchecked authority…  for foreign police to demand data stored in the US, without prior review by a judge.”

Specific mention of the act, as well as traditional cyber threats to the UK and its NATO partners, illustrates the extent to which it may have rattled allies and contractors seeking cloud-elasticity but high degrees of privacy.

Secure and Sovereign

The infrastructure was built and operated by UK security cleared and “extensively vetted” cloud experts in resilient UK-only NOC/SOC facilities, UKCloudX says on its website.

Simon Hansford, UKCloud’s CEO said in a release: “By harnessing the potential of the cloud to overcome the long lead times, inflexibility and considerable fixed costs that have traditionally hampered secure communications, UKCloudX will enable far greater innovation and collaboration on sensitive projects.”

The company did respond to further request for comment this morning.

In terms of assurance credentials, UKCloudX is connected “behind the firewall” to RLI, PSN-Protect, PSN-Assured, the Janet network and the health service’s N3/HSCN – and has been designed for connectivity to high assurance networks with customer-owned cypto solutions, UKCloudX said.

In terms of stack, UKCloudX includes technologies from VMware and Oracle as well as Microsoft Azure and OpenStack/OpenShift – to meet the demands of modern applications that expect features like Docker and Kubernetes.

Its assured technology components include high grade crypto, high threat gateways, diodes, TEMPEST, Advanced Behavioural Protective Monitoring and independent assurance comes courtesy of NCSC/CESG PGA heritage, Home Office Police Assured Secure Facility (PASF), CTAS certification, ISO9001, ISO20000, ISO27001, ISO27017, ISO27018, Cyber Essentials, CCS approved

Focussed on Gov’t Agency Needs

“UKCloudX  is providing an infrastructure that meets the rigorous security requirements required for data at higher security classifications, and that does so at substantially less cost than the current arrangements for this level of sensitivity”, the company said.

The launch partners that will be working with UKCloudX from the outset include CACIHive Logic, IBM, Kahootz, Leidos, Leonardo and more.

“The UKCloudX initiative will provide a highly secure new platform, allowing our clients to benefit from new opportunities offered by the latest, most innovative and secure cloud-based services.” said Nik Beecher, VP Cyber Security & ICT Solutions at Leonardo Security & Information Systems.

“UKCloudX will allow us to bring further innovation to the defence and national security sector on sensitive projects,” added Vern Davis, Managing Director – Aerospace, Defence and Security at Sopra Steria.

 
This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.