Forgot your password?
typodupeerror
Cloud Government Security United Kingdom IT Your Rights Online

UK Government To Share Restricted Files In the Cloud 44

Posted by samzenpus
from the what-could-go-wrong? dept.
twoheadedboy writes "The UK Government wants to use the cloud to share restricted files. Given the concerns around cloud and security, this will worry some. Nevertheless, a deal between the services arm of the Foreign and Commonwealth Office (FCO) and SaaS provider Huddle has been penned. The SaaS service will run in the FCO's internal cloud, known as the Government Secure Application Environment (GSAE). This will allow civil servants, diplomats and other Government staff to share documents up to the secrecy level IL3, or Restricted."
This discussion has been archived. No new comments can be posted.

UK Government To Share Restricted Files In the Cloud

Comments Filter:
  • Cloud (Score:2, Interesting)

    by zget (2395308)
    Summary says it will be ran on FCO's internal servers, and Huddle is providing the software and know-how. If you think about it, I think it's a good thing. Government jobs are given out pretty much on what schools you went to, or worse, who you know. They never really look or test for the actual knowledge. Here we have a provider with actual experience with various big companies and know-how to secure the network. I would trust them more than some random persons who got their job because their father works
    • Re:Cloud (Score:4, Interesting)

      by jojoba_oil (1071932) on Thursday July 21, 2011 @12:18PM (#36835558)

      Right. So the government will share internal documents on internal servers. Aside from the buzz and the fud associated with the word "cloud", what is the news in this story?

      Huddle got a gov't contract? Good for them.

    • by kno3 (1327725)
      Err, this is just not true. Any public sector jobs have far stricter rules regarding the procurement of employees compared to private sector. If people try anything like what you have suggested, then they would be risking the sack. Not saying it doesn't happen a bit, but in my experience many businesses are hampered by family and other personal allegiance a lot more frequently.
      • Any public sector jobs have far stricter rules regarding the procurement of employees

        ...rules for government overseen by government, without separation of powers or accessibility of information for the public to audit.

        The British empire was built on hypocrisy: the appearance of fair rules and staunch ability to look offended at the thought that they might be disobeyed; the implementation of anything but. Its legacy remains throughout government, and things have got much worse since the profit motive of private-public partnerships was reintroduced - John Company is back from the dead.

  • Might as well... (Score:5, Insightful)

    by AngryDeuce (2205124) on Thursday July 21, 2011 @11:31AM (#36835166)
    Given the current state of security most of these organizations are running (political, corporate, whatever) they might as well just drop plaintext files on TPB themselves. That's where it's gonna end up eventually, whether they use "the cloud" or not...
    • by Anonymous Coward

      they might as well just drop plaintext files on TPB themselves

      No doubt along with NHS medical records. [slashdot.org] Who do we sue when, invariably, it all goes wrong and how much public liabilty do these "cloud" companies have?

  • by Anonymous Coward

    This is a non-story. Third-party provides IT services to a government. Happens all the time.

  • CLOUD CLOUD CLOUD (Score:5, Insightful)

    by Anonymous Coward on Thursday July 21, 2011 @11:38AM (#36835204)

    Please stop using that word. It makes you sound technologically illiterate.

    You mean via a network, or on the internet, or something similar. "The cloud" is a stupid buzzword that needs to die RIGHT NOW.

    • by rbrausse (1319883) on Thursday July 21, 2011 @11:49AM (#36835288)

      why the bad mood? is it cloudy at your place?

      • by daktari (1983452)

        If it means we can finally start moving vendor lock in from terminals to servers in the enterprise I would still be in a sunny disposition, regardless of the dark clouds outside and buzz words flying around.

        As a web dev I'm less anti-Microsoft these days, but certainly very much still against governments essentially spending top dollar on being Microsoft shops while allowing their employees to connect (Active Directory/Sharepoint anyone?) to the main network with Windows boxes ONLY (usually running outdat

      • by cp.tar (871488)

        It’s Britain. It’s always cloudy there. And it rains very often. On everyone’s parade, too.

      • by antdude (79039)

        Maybe there aren't any happy clouds over there? :)

    • Sure, it's a buzzword, but not a bad one if you think about it from an IT manager's perspective, as something similar to the little clouds in network diagrams. Other than some ground rules around security, functionality and availability (laid down in an SLA) you don't know how it works, nor do you care about the details. All you care about is that it somehow works, and keeps working. "On the internet" does not capture the black box aspect of SaaS, and could just mean hosting.
    • by geekmux (1040042)

      Please stop using that word. It makes you sound technologically illiterate.

      You mean via a network, or on the internet, or something similar. "The cloud" is a stupid buzzword that needs to die RIGHT NOW.

      Uh, die right now? Yeah, good iLuck with that iShit.

      Besides, stop getting all wrapped up in a single-syllable word. It's a word. It never did anything to you directly, so lay off and start attacking those CIOs who think they know what's best because they read all about the "cloud" while sitting in the airplane.

      Buzzwords don't kill IT. The leaders that waste money and stand behind lame-ass concepts do.

    • by geekoid (135745)

      No, the mean the cloud. IT's what we call a distributed storage access able from many point, even point not yet defined.

      It's has meaning and value. That fact that you can't see that is YOUR limitation.

      Network. That's how you connect, that says nothing about storage or distribution of the data, so that would be useless.
      on the internet - The fact that you say that tells me you don't actually know what the internet actually is other then a link to /. and amazon.

      To quote NIST:

      "Cloud computing is a model for ena

    • by madhi19 (1972884)

      Please stop using that word. It makes you sound technologically illiterate.

      You mean via a network, or on the internet, or something similar. "The cloud" is a stupid buzzword that needs to die RIGHT NOW.

      Yeah let revert to the old Mainframe label.

  • by mlts (1038732) * on Thursday July 21, 2011 @11:48AM (#36835282)

    If we pull the cloud buzzword out of the picture and consider this a remote storage/collaberation option, it can be decently secure, if controls are put in place doing encryption on multiple levels.

    On the workgroup level, PGP NetShare can do a decent job, especially if the PGP keys are stored on cryptographic hardware tokens.

    On the enterprise level, there are various IRM/encryption systems which can help, be it LockLizard or others. There is even one built into Windows/Office that is fairly usable.

    The key (pardon the pun) is how this gets implemented. Done right, a compromise of the external disks may net a bunch of unreadable files. Done wrong, and the UK might as well just seed their snapshots to demonoid's tracker.

    • Sorry, If it's not open source, compiled in house, and uses data encrypted BEFORE it leaves our network -- It's not a secure service. Also: I put it to you that a closed source program or OS is considered harmful in terms of security and transparency (read trust-ability) -- This goes for LockLizard, Symantec's PGP NetShare, and especially Windows -- The US, UK, Russian, Chinese and other governments have the Windows source code, why is that? Security, and also to look for exploit vectors... Being a secur

  • I thought the US government spearheaded sharing classified files with the cloud. They just called it Tor over here.

  • UK Government shocked when all its restricted files are found all over the internet.
    • You are assuming they'll find those files. Do they routinely search TPB?

      • Define they. If they = UK government, probably not.
        But if they = media, the ones that make the headlines? Yes, because they love stuff like this these days.
  • by PPH (736903)

    Think of all the disk space you can save by sharing it with Julian Assange.

  • At least a junior civil servant can't get drunk and leave a cloud in the back of a taxi.

    Unless he went for a curry after the pub.

  • It's worth noting that IL3 isn't exactly top secret - patient records (such as xray scans) are also classified as IL3.

    Really top secret stuff is IL6 which has a very different set of security requirements. Whether this makes it more secure is a different matter, but don't expect diplomatic cables, submarine designs and MI6 café menus on this system.

  • From the NIST:
    "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

    What you think it needs to be offsite, run by someone else or accessibly by anyone show you have no fucking clue.

    I wish /. had personal tags. I would love to start filtering put poster who regula

    • by dbIII (701233)
      That's becuase the cloud has more of a nebulous definition according to salesfolk that use it a lot - typically it's not really a cloud in their view unless it's something they can sell to you. If it's your own servers on site or in somebody elses rack and they don't sell rack space they insist it's not a cloud. It's used as a buzzword jammed into whatever crevice is convenient at the time.
      I'm still trying to get over the urge to vomit from first reading the buzzword collision of "iCloud".
  • Let's save everyone a lot of time and energy. Have D.C. Bureaucrats duct tape classified documents to one anothers' ass, Then en masse assemble at Radio City doing the Can-Can in a dance line. Whatever you can read... you can keep.

    Besides saving tremendous time and energy on all sides, it should prove incredibly entertaining... perhaps we can sell tickets to help reduce the deficit.

Luck, that's when preparation and opportunity meet. -- P.E. Trudeau

Working...