Sign up for our newsletter
Technology / Cloud

Sovereign Cloud: Where in the World is Public Sector Data Stored?

Spending £100 million an hour, or £28,000 each second, is an immense responsibility for the public sector. How it distributes its £800 billion annual budget has more impact on both individuals and society than any other industry, writes Chris Huggett, Senior Vice President, EMEA & India at Sungard AS.

From identifying roads to be upgraded in order to ease congestion, to establishing community programmes designed to reduce crime in problem areas, these decisions must be made based on thorough data analysis.

However, data sets in the public sector can range in volume, for example, from localised to nationwide sample sizes; in levels of sensitivity; or may even require continued analysis of a shifting amount of data in motion.

Chris Huggett, Senior Vice President, EMEA & India at Sungard AS.

As a result, the public sector has leveraged the flexibility and scalability of public cloud solutions in the last few years to efficiently and reliably manage the processing power needed to crunch the numbers.

White papers from our partners

Due to the potential sensitivity of data in the public sector, the UK government applies a comprehensive accreditation policy for the use of public cloud by public sector organisations.

However, there are certain types of data which are deemed simply too sensitive to be stored in public cloud environments, such as that relating to matters of national security or data which is marked ‘Sensitive’ or ‘Official Sensitive’. This is because public cloud environments are more frequently decentralised, hosted on infrastructure distributed across multiple geographies. It means the data in the public cloud can potentially be subject to several different jurisdictions and regulatory environments too. This not only comprises the sovereign protection afforded to the data, but also makes it open to regulatory environments that allow third parties to access it.

See also: Are You Being Sold an “OFFICIAL-SENSITIVE” Load of Hot Air?

The Clarifying Lawful Overseas Use of Data (CLOUD) Act signed into law by the US House of Representatives in March is one such example. The $1.3 trillion bill is purported to streamline the way that international law enforcement agencies access personal data stored on US soil but has been met with criticism for essentially facilitating foreign police to demand access to personal data without prior review by a judge. For the UK public sector, this would mean any data hosted in public cloud environments which rely on US datacentres could be exposed without major legislative barriers from the US government.

As national and international legal environments evolve to contend with the rapidly increasing value being placed on data protection, it’s quickly becoming clear that data governance must similarly evolve, as organisations must not only consider what data they have, but where that data is.

As a result, this data has been consigned to private cloud environments, depriving the public sector of the ability to fully benefit from the cost effectiveness, flexibility and agility of the public cloud. This is changing, however, as public sector organisations in the UK now can guarantee the storage of highly sensitive data within sovereign borders in the public cloud, thanks to the arrival of so-called ‘sovereign’ public cloud solutions.

Sovereign Cloud Benefits

What benefits does sovereign cloud offer to public sector organisations?

The introduction of new ‘sovereign’ public cloud services is removing that hurdle. Aligned with the cloud security principles outlined by the National Cyber Security Centre (NCSC), sovereign cloud environments provide the parameters necessary to store Sensitive and Official Sensitive data on the public cloud: (1) data is always located on UK soil; (2) personnel with access have the appropriate clearance (Security Cleared+ and Non-Police Personnel Vetting); and (3) personnel with access are also UK citizens.

Sovereign cloud provides the public sector with the ability to capitalise upon a secure, legally compliant public cloud, facilitating it innovation at the same pace as industry and better decision making. Put into practice, these things could have huge benefits across the public sector, providing access to insights that simply cannot be derived in any other way in an acceptable timeframe or at an acceptable cost. Ultimately, this can make the UK safer, better educated and healthier.

The future of government technology

The introduction of the government’s cloud-centric procurement framework, G-Cloud, was designed to spur the adoption of digitisation of public sector services, and with the deadline for applications now closed, the public sector is finally set to see the impact that compliant, cloud-first digital services can deliver.

As the UK government seeks to continually battle the persisting skills gap present amongst technical professionals working to remedy the public sector’s gradual grasp of cloud practices, clearing the regulatory highway will undoubtedly contribute toward a smoother transition onto these services. There is so much value to be gleaned from the vast amounts of data that the public sector holds that could have an incredibly positive societal impact. This is all just the tip of an enormous iceberg that is increasingly visible thanks to new sovereign public cloud technologies.

See also: We’re Not Killing G-Cloud, says CCS, Just Putting Hyperscale Elsewhere


This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.