Memset MD criticizes UK government cloud security red tape
British public sector service provider Memset has opened a government-accredited data center facility, equipped with a trusted connection to the Public Services Network (PSN), but criticised the red tape involved in getting it approved.
Memset’s Dunsfold Park center in Surrey was completed in July 2014 at a cost of £1.8 million, and is now connected to the PSN, the UK public sector’s shared infrastrcuture at the PSN-Protected level. In the government’s accreditation scheme the site is certified to IL3 (Impact Level 3), handling “restricted” information, but Memset describes it as “IL4-capable” - able to handle “confidential” data.
Though Memset says it is ”delighted” to be connected to the PSN-Protected network, and able to handle secure government data, but managing director Kate Craig-Wood has criticised the length of time this process took, especially considering that the government is expected to retire the PSN-Protected option.
Kate Craig-Wood, MD, Memset
The end of PSN-Protected?
Supporting the present UK government’s vision for having one network for all UK public sector organisations, Memset sought a PSN connection in November 2012.
But Craig-Wood said: “Trying to secure a PSN connection was a surprisingly long process for us and very resource intensive for an organization of our size. However, we now have a live connection which is an additional feature for an SME like Memset - supplying Lot 2 hosting services to the public sector via G-Cloud.”
Memset said that while a second PSN-connected facility with related security measures is planned, in the interim it is working with customers using multiple suppliers to achieve geographically-diverse high-availability, using PSN as the interlink which was a strong use case as originally envisaged in G-Cloud.
This is a real shame as the effort that has gone into the PSN-Protected encrypted network has been huge
Kate Craig-Wood, MD of Memset
Craig-Wood believes that the Government Digital Service (GDS) is going to phase out PSN-Protected with a longer-term plan to only have one PSN, and achieve the PSN-Protected security level using certified encrypted VPNs over the top of the PSN connection, she said, “This is a real shame as the effort that has gone into the PSN-Protected encrypted network has been huge and there are several suppliers like us who have bitten the bullet and absorbed the huge cost of hundreds and thousands of pounds to get connectivity, since we do envisage the GDS will be collapsing it in due course.”
She continued, “However as we have seen with the changes to the old IL security markings and the self-certified accreditation programme, many departments are resisting those changes and still looking for the former impact levels and old style technical architecture for their security needs, so there will be a period of transition and an appetite for these high security PSN services.”
In addition, Memset has a number of software developer clients wanting to work in the PSN/PSN-Protected space and need access to that without the cost of their own PSN connection. “There is definitely demand for a managed service allowing users to access PSN-Protected systems via the Internet, perhaps using hardened, managed laptops and certified VPNs,” concluded Craig-Wood.