Government releases security guidance for cloud services

The Cabinet Office has published guidance for the security considerations that should be made by public sector organisations choosing cloud service providers

This Article Covers


The Cabinet Office has published guidance for the security considerations that should be made by public sector organisations choosing cloud service providers.

With a cloud-first policy for IT procurement the government needs to help public sector organisations overcome security fears associated with cloud services.

The considerations when procuring cloud services are still in beta version and the Cabinet Office wants feedback.

"This guidance is intended to help organisations consider the security features of cloud services they wish to use. It is the first of a number of guidance documents for the public sector relating to the use of cloud services to process official information,” said the Cabinet Office.

The Cloud Service Security Principles document states that the principles apply to equally to infrastructure as a service, platform as a service and software as a service alternatives.

“It is for the consumer of the service to decide which of the security principles are important to them in the context of how they expect to use the service,” the document states. 

“Some service providers will be able to offer higher levels of confidence in how they implement the different security principles. Consumers will need to decide how much, if any, assurance they require in the different security principles which matter to them.”

The Cabinet Office has a cloud-first mandate to cut costs related to IT procurement. With security a big fear for many organisations the Cloud Service Security Principles document is a step towards supporting public sector organisations moving to the cloud, often for the first time.

The principles cover 14 broad areas: the data in transit protection; asset protection and resilience; separation between consumers; governance; operational security; personnel security; secure development; supply chain security; secure consumer management; secure on-boarding and off-boarding; service interface protection; secure service administration; audit information provision to tenants; and secure use of the service by the consumer.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Cloud computing services

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...