UK nuke warhead builders shift IT gear into public cloud
End well: Will it, dear readers?
The Atomic Weapons Establishment (AWE) is moving some of its internal tech to the public cloud, in a move to "embrace the opportunities that modern IT can bring".
The AWE has a £1bn-per-year contract with the UK Ministry of Defence lasting 25 years covering the design, manufacture and support of warheads for Blighty's nuclear deterrent Trident.
The Register understands that the AWE has signed a deal with Workday, the US based on‑demand financial management and HR software vendor.
Given the sensitive nature of what AWE does, The Register asked the AWE what security considerations went into that decision.
A spokeswoman said: "AWE has gone through a process to identify a range of trusted suppliers to support the business, as we continue to embrace the opportunities that modern IT can bring.
"In common with all such activity, security arrangements have been assessed against AWE’s robust security requirements."
The Register also asked whether the move to modernise its IT would involve moving classified information into the public cloud, but it refused to provide any further details about its security operations.
Security experts took a mixed view of the move.
Paul Moore, information security consultant, said: "It all comes down to assessing risk. So there is no reason to be fundamentally against it. But you would have to know nature of what they are storing."
Paul Bernal, lecturer in IT and intellectual property at the University of East Anglia's school of law, said: "The real question is, why are they doing this? Is it to save money or does it offer a genuinely better solution?"
However, one security expert, who asked not to be named, said bringing in a third-party public cloud provider was "ill-advised" given that such an organisation would be an attractive target to hackers.
"When you talk about protecting an organisation you are talking about preventing attackers from finding any way in, and from having any area of leverage."
He added: "It is the network effect. Nothing exists in isolation; there is always a link."
Of course, organisations remain vulnerable to breaches regardless of where their data is stored. In July last year, the US Office of Personnel Management admitted that 21.5 million people's records had been stolen from its databases.
The AWE is run by a three-way joint venture between the military contractor Lockheed Martin and engineering consultancy Jacobs, both US-based, and Britain's Serco Group.
Sponsored: Becoming a Pragmatic Security Leader