G-Cloud rep: We'll mop up data breach flood with red tape
Security accreditation is vital, says MoJ ICT manager
The government is speaking out about “myths and confusion” surrounding its plans for security accreditation on G-Cloud.
A civil servant working on No 10’s big IT catalogue has re-assured Whitehall types that G-Cloud accreditation is most certainly not an unnecessary piece of bureaucracy. She has also warned, however, that just because a service is officially authorised doesn’t necessarily mean it is right for them.
G-Cloud Ministry of Justice representative Emma Gawen has also used the opportunity to bang the drum for accreditation, saying it will help make government tech systems safer and more secure while also making it easier for suppliers and government to work together.
Gawen, an ICT manager at the MoJ, took over the task of communicating about G-Cloud security accreditation plans in February, but it seems progress has quickly hit rough water.
“During my time working in government and on the G-Cloud programme one thing has become very clear: there is an awful lot of confusion about accreditation,” Gawen said here.
Without pointing fingers, Gawen reckoned there’s a sense that accreditation is "just unnecessary bureaucracy".
“To be honest, I can see why you might say that, but it’s not true,” she said.
Accreditation is being handled by the Pan Government Accreditation Service (PGAS), and takes place every 12 months.
She stressed the need for consistent security controls to help reduce growing data security breaches in the public sector and repair the loss of public confidence breaches are causing.
“Some might say that government’s accreditation process is overly laborious, but ensuring security controls are implemented properly has to be thorough to be any use. G-Cloud is working to reduce the burden considerably,” Gawen said.
Meanwhile, just because a product or service makes the G-Cloud list doesn’t make it automatically safe for everybody.
According to Gawen, it’s wrong to assume once a service is accredited for G-Cloud, anyone can use it. She suggested, instead, that prospective G-Cloud users match products and services with their requirements on case-by-case basis. “The nature of the information to be handled by a given service could vary significantly, and therefore so could the impact of compromise,” she said. ®
The UK government should follow Iceland's lead and move to Linux, according to a new e-petition. Given the fashion for austerity, petitioner Stephen Hargreaves has said Whitehall should stop paying “hefty licensing costs” to Microsoft – Windows is running the vast majority of UK government IT systems, he says – and move to Linux. Hargreaves reckons on substantial savings following initial migration and training costs. Microsoft's National Technology Officer Mark Ferrar takes a different view of this type of argument, here.
You can see the petition here: it will be submitted at the end of September 2012. ®