Secure Cloud vs Public Cloud [A guide for successful public sector cloud adoption]

The pandemic has inevitably accelerated digital transformation. The national slogan ‘stay home, save lives’ forced a change in habits, social interaction turned to digital, and organisations needed to digitally transform in order to survive. Such need for digital solutions has been seen across the business world, with many organisations struggling, and many who embraced digital transformation now thriving.

The move to digital has been evidenced across the globe, in tech organisations and in the public sector. Microsoft, for example, have seen two years of digital transformation in two months. Digital transformation has begun to accelerate, especially now as companies realise that they need IT systems that can adapt in line with rapid market changes.

A parallel transformation has been evident in the public sector, but the uptake of digital transformation initiatives has been at a much slower rate. To learn more about why the UK public sector is still afraid of the cloud, read our recent blog. However, there is an increase in the number of public sector organisations adopting cloud, even if the increase is not happening as quickly as preferred.

Concerns over maintaining the integrity of their sensitive workloads and data are causing digital transformation plans to move forward slowly. As they transition to cloud, organisations are fully trusting a cloud provider with their workloads, of which prior to cloud they had full control and visibility. Whether these workloads include patient records, clinical research, intelligence, military or defence - every public sector organisation has its own sensitive data which needs to be kept secure, and thus needs a genuinely Secure Cloud to ensure compliance and assurance with standards and guidelines.

Traditional public sector workloads, of all kinds, are stuck in a tricky position. The desire to digitalise, motivated by clear and significant enablement and innovation opportunities, is often stagnated by inhibition and inaction. It’s not all about comprehensive transformation, even applications which can easily be migrated to cloud still primarily remain on-premise for most public sector organisations.

 

Event: DSEI - Register Now

 

And it’s not just traditional workloads that need digitalising. The comprehensive move to digital workplace is creating a much greater reliance on digital, and the need for Secure Cloud solutions to facilitate. There are some 500,000 civil servants delivering public services, spending most of their time on tasks which could be delivered more effectively and desirably through technology and automation.

Approximately 47% of the UK’s adult population were working from home (WFH) during the national lockdown, with many UK organisations now implementing WFH or hybrid working initiatives. Ultimately, the COVID-19 pandemic has changed the working norm. It is likely that this new era of remote working will remain, with the digital workplace foundation to only grow further.

 

47% UK adult population were working from home during the first 2020 lockdown.

 

This way of working requires highly secure networks and connectivity for each employee and organisation to undertake secure collaboration and data sharing. This is especially relevant for the public sector. Without a secure solution for managing day-to-day workloads, remote working is likely to become an unacceptable risk.

The pandemic has undoubtedly been a key cloud adoption driver, and migration to a secure cloud results in more time available for organisations to focus on delivering genuine value and outcomes. According to Gartner, organisations spend 80% of their budgets ‘keeping the lights on’, time which could be better spent on critical activities and innovation.

 

80% of organisations' budgets are spent keeping the lights on

 

 

Public cloud vs Secure Cloud

Public cloud is often scrutinised by public sector organisations for its ability to maintain highly sensitive workloads and data. Understandably, it’s difficult to see a how something ‘public’ can be isolated and secure.

There is a real justification for this misnomer. Generic public cloud has little in the way of security, and not much in the way of policing who is a tenant on the same server.

That is usually the case in your typical commercial-grade ‘public cloud’ – and yes, we agree, that solution just is not suitable for secure public sector workloads.

So is there such a thing as public cloud for the public sector?

Yes. It’s more widely referred to in the public sector as ‘Community Cloud’ - a solution which caters to the needs of those with more sensitive data requirements through ensuring it is inhabited only by a community with similar security needs, whilst remaining multi-tenant.

Community Cloud has obvious and ample cost and flexibility benefits, and can allow for a synthesis of cloud solutions with hybrid cloud: public, private, or on-prem. Being able to choose your cloud hosting location, cloud technologies, and scaling, helps public sector organisations control their cloud spending.

But the main benefit is the assurance, something which all public sector organisations need, and which inhibits 85.2% of organisations’ cloud adoption.

 

85% Organisations are worried to adopt cloud over security concerns.

 

You see, most organisations see ‘Secure Cloud’ as ‘Private Cloud’ – but that’s not the full story.

A generic, commercial grade public cloud solution, perhaps used by an online retailer, or a video media platform, just cannot deliver the security required by public sector organisations. However, an isolated Community Cloud solution can be easily secure enough to host even the most sensitive workloads, and deliver secure connectivity to government, through the PSN network, or even military-grade networks such as RLI.

How can that be?

Well, it’s all about the security domains on which your solution is based. The current guidelines for data sensitivity have been simplified to ‘OFFICIAL’,’OFFICIAL SENSITIVE’, ‘SECRET’ and ‘TOP SECRET’. However most cloud providers will vary in their application of security domains and may have a narrower workload classification capacity.

This really isn’t comprehensive enough to cover the dynamic and broad requirements of the public sector, so an ideal Secure Cloud may offer several security domains that can be connected together using assured software tooling, enabled by audits, checks, streamlined processes and security-cleared staff. This would allow you to choose the right security domain for certain sets of your data, whilst still allowing for citizens to access services, and also securing back-end data.

Perhaps the most significant difference between Secure Cloud and Public Cloud is the consideration of protecting against external risk factors, such as cyber- attacks, or the contrasting surveillance cultures of other states. A Secure Cloud must be able to guarantee true sovereignty – protecting the integrity of public sector data. This is especially important when looking at data sharing and collaboration – safe data sharing starts with a robust, sovereign cloud foundation.

 

A Secure Cloud must be able to guarantee true sovereignty – protecting the integrity of public sector data. This is especially important when looking at safe data sharing and collaboration.

 

Also, with recent international judgements like Schrems II, which has shown data privacy is dictated by its resident country; states with different surveillance cultures could gain access to non-sovereign UK public sector data, placing it at risk. UKCloud’s recent State of Digital and Data report found that only 46% of public sector organisations have reviewed their public cloud use since the Schrems II judgement. Organisations must place priority on understanding where their data is stored, with whom, and thus its assurances regarding security and sovereignty.

Additionally, the report found that more than half of the respondents (53%) have concerns regarding their organisation’s over-reliance on the limited number of global technology providers, with 76% of these being in Central Government. When Secure Cloud solutions are so imperative for public sector organisations, there must be emphasis placed on ensuring providers can guarantee sovereignty. It’s not anti-globalisation, it’s pro-UK.

Further, with the impact of Brexit still being felt; changing how we share data, it has never been more crucial that organisations have visibility of the residency of their data. The European Gaia-X project, creating common standards for European data infrastructure to ensure everyone has full control over their own data, including who has access to it and when and who they want to share it with. This sort of project could be replicable in the UK if public sector organisations were to wake up to the opportunities enabled by Secure Cloud. A prosperous post-Brexit UK must start with adoption of secure digital capabilities.

 

Devising a Secure Cloud strategy

With Secure Cloud, it’s easy to over-focus on Security. However, the enablement through ‘Cloud’ adoption must not be overlooked.

Advancing digital maturity, facilitating innovation, driving costs down and efficiency up, and enabling collaboration are just some of the reasons for devising a digital transformation strategy.

But doing that can be challenging, so it’s important to look to responsible Cloud Service Providers who can help your organisation develop the right solution for your workloads. The right solution must be flexible, cost effective, scalable, secure and provide choice & options.

Does your organisation need a hybrid cloud solution? If so, can your provider offer that? Will you need a mix and match of cloud technologies? Does your provider therefore offer Multi-Cloud? Learn everything you need to know about Multi-Cloud here.

Consider the importance of data residency, and maintaining the integrity of UK public sector data through choosing a UK sovereign provider. Your provider must be able to guarantee your data is kept safe and secure. Whether from external threats, such as cybercrime and international policy, or through mitigating internal risk, ensuring business continuity through Security Operations Services, and reactive protections such as Disaster Recovery.

UKCloud has a commitment to ‘doing the right thing’ by serving the best possible value to the taxpayer. Our goal is to encourage the wider uptake of digital technologies in the UK public sector, and to make transformation happen. To plan your Secure Cloud strategy, reach out to our Professional Services team today. If you want to learn more about Secure Cloud, browse our cloud solutions, or talk to one of our experts today.