Government releases security guidance for cloud services

The Cabinet Office has published guidance for the security considerations that should be made by public sector organisations choosing cloud service providers

The Cabinet Office has published guidance for the security considerations that should be made by public sector organisations choosing cloud service providers.

With a cloud-first policy for IT procurement the government needs to help public sector organisations overcome security fears associated with cloud services.

The considerations when procuring cloud services are still in beta version and the Cabinet Office wants feedback.

"This guidance is intended to help organisations consider the security features of cloud services they wish to use. It is the first of a number of guidance documents for the public sector relating to the use of cloud services to process official information,” said the Cabinet Office.

The Cloud Service Security Principles document states that the principles apply to equally to infrastructure as a service, platform as a service and software as a service alternatives.

“It is for the consumer of the service to decide which of the security principles are important to them in the context of how they expect to use the service,” the document states. 

“Some service providers will be able to offer higher levels of confidence in how they implement the different security principles. Consumers will need to decide how much, if any, assurance they require in the different security principles which matter to them.”

The Cabinet Office has a cloud-first mandate to cut costs related to IT procurement. With security a big fear for many organisations the Cloud Service Security Principles document is a step towards supporting public sector organisations moving to the cloud, often for the first time.

The principles cover 14 broad areas: the data in transit protection; asset protection and resilience; separation between consumers; governance; operational security; personnel security; secure development; supply chain security; secure consumer management; secure on-boarding and off-boarding; service interface protection; secure service administration; audit information provision to tenants; and secure use of the service by the consumer.

Read more on Cloud computing services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...