Changes To The Government’s Information Assurance Will Help G-Cloud Bridge The Security Gap
With simplification likely to result in reduced costs, an accelerated accreditation process and swifter, more responsive provision of services to the public sector, there’s little wonder that stakeholders from across the IT sector have welcomed the proposed change. As G-Cloud has matured, many in the industry have come to regard the existing system as being unnecessarily restrictive, and believe that a streamlined set of categories will provide a bridge for a new generation of providers to connect with the public sector.
Currently there are six Impact Level categories, but for some time now the government has been considering reducing this number, dividing public data into three distinct security tiers.
So here’s the science bit …
- Tier 1 would cover all data currently classified as IL1, IL2 and a proportion of that falling under the IL3 rating
- Tier 2 would encompass the remaining IL3 records and all existing IL4 information
- Tier 3 would cover all records categorised as IL5 and IL6
Where things get interesting is when you consider the break point around IL3, which covers the majority of governmental data.
The simplification of security levels will also save money. The majority of effort and expenditure involved in securing G-Cloud accreditation is demanded by IL3, making it relatively expensive, and a refreshed categorisation system would certainly bring down the cost of such services.
It will also allow SMEs to accredit apps faster, something that’s important for front line services where emerging issues and trends require the kind of swift and innovative intervention that ISVs are best placed to deliver.
Will this change create a new security gap? We believe not. The responsible authority – CESG – is being extremely methodical in its approach to reclassification, following due process with particular care to ensure that this sensitive issue is dealt with correctly. That’s why the project has taken so long to complete, and also why it is improbable that sensitive public information is likely to be placed at risk.
In the interests of full disclosure, it must be said that SCC does a lot of business around IL3 services, and the new system of security tiers could reduce the size of that market. Despite this however, we welcome the proposed simplifications, believing that not only will they make it easier to connect ISVs and clients, but also that our ability to deliver Tier 2 solutions will open up a range of new opportunities.
It remains unclear as to when the new Tier ratings will be introduced, but they look set to provide the spark that kickstarts the next phase of G-Cloud’s evolution, opening up a range of new opportunities for solutions providers, ISVs and public sector organisations to get involved in the business of delivering a faster, smarter, more cost-effective Britain.
- SCC Hails Pan-Government Cloud As Start Of New Era Of Private And Public Sector Collaboration
- SCC Wins G-Cloud Contract With Government Digital Service
- SCC’s G-Cloud Platform Is The First To Receive Pan Government Accreditation
- Does Using a Cloud Service Provider Increase An Organisation’s Security Risk?
- SCC Finalist For Security Innovation Of The Year At UK IT Industry Awards 2012