CVT 0.00% 1.5¢ covata limited

UK Government G-Cloud-9 and Security

  1. 1,151 Posts.
    lightbulb Created with Sketch. 27
    https://digitalmarketplace.blog.gov.uk/2016/07/07/starting-to-talk-about-g-cloud-9-and-security/

    Starting to talk about G-Cloud 9 and security

    Digital Marketplace team, 7 July 2016 — Buyers, Digital Marketplace, G-Cloud, Security, Suppliers
    We recently blogged about our plans to do a discovery for G-Cloud 9 (G9). Although this piece of work hasn’t started just yet, we’re already thinking about what we need to find out. One of the things we’ll be speaking to buyers and suppliers about is the security around G-Cloud services. To help us do that, an information assurance specialist from CESG, the government's technical authority for assurance has joined the Digital Marketplace team.
    Asking the experts

    We recently ran a workshop at the Cyber UK in Practice conference, an event aimed at cyber security and technology professionals. We wanted to use the opportunity to ask the cyber security community:
    • what would make buying secure government cloud technology easier
    • what security questions should a public sector buyer ask when buying cloud technology
    • what problems they have when they buy and sell cloud technology in the public sector

    When we’d gathered feedback, we grouped it into 3 main areas.

    Communication

    There’s a lack of understanding between public sector buyers and cloud technology suppliers. We learnt:
    • buyers don’t understand how to clearly communicate the security details they need
    • suppliers’ technical teams don’t understand the procurement language that buyers often use
    Guidance on security

    Both buyers and suppliers would like more guidance on security and risk. We learnt:
    • suppliers would find it helpful to know about a buyer’s security requirements, how risk averse they are and any specific technical blockers earlier on in the buying process
    • buyers want to know how to understand and assess suppliers’ security assertions
    Security in the Digital Marketplace

    Buyers and suppliers made suggestions about how the Digital Marketplace can better support them. They said:
    • it would be useful to hear other buyer and supplier security experiences
    • suppliers wanted to be able to provide more details about the security of their services
    • buyers wanted tools to help making their decision easier eg, for Digital Outcomes and Specialists, buyers can use templates to help them evaluate and score suppliers
    The G-Cloud 9 discovery

    We’re reviewing the public sector’s cloud and technology needs and part of this is around security. The discovery will tell us if, and how, the user need has changed and whether the services that government needs still fit into the 4 categories we have in the current G-Cloud iteration. Our CESG information assurance specialist will help us with the security part of the G9 discovery.
    The NCSC would like your feedback

    Also at the Cyber UK in Practice conference, government launched a prospectus for the National Cyber Security Centre (NCSC) which outlines the NCSC’s scope and focus.
    The team behind the NCSC are keen to work with people who work in the industry from the start so they’d like your feedback. You can read the prospectus and send your comments to [email protected] in time for the centre’s launch in autumn.
    Tags: buyers, Digital marketplace, G-Cloud, security, suppliers
 
watchlist Created with Sketch. Add CVT (ASX) to my watchlist

Currently unlisted public company.

arrow-down-2 Created with Sketch. arrow-down-2 Created with Sketch.