Security in Public Sector Cloud

The majority of Public Sector data owners have expressed concerns over security in the cloud. Given the increased scrutiny of the public sector’s performance in handling and protecting sensitive data, it is a big factor in an organisation’s credibility, and if data is compromised it could seriously disrupt business. Moving to the cloud involves passing the day-to-day oversight and responsibility for the provision of security mechanisms to a third party, and this requires a certain leap of faith.

But in reality it often provides a higher level of security than can be developed in-house. Cloud providers bring expertise in the field as part of the service, and in catering for numerous customers they can do so more cost-efficiently and effectively. This can provide a safe environment for data up to a high security classification, and make an important contribution to an organisation’s information security strategy.

Accreditations

For most public sector businesses, it is essential the cloud provider can show it can handle information labelled OFFICIAL (equivalent to the previous IL2 and IL3 classifications), for which there could be damaging consequences if it is lost, stolen or published.

But most organisations also need to store and handle some information labelled OFFICIAL-SENSITIVE, for which the consequences of being compromised would be more far reaching, and which require procedural and personnel measures to reinforce access on a ‘need to know’ basis.

There are a number of steps to take, outlined in the Government’s Summary of Cloud Security Principles, in providing the appropriate levels of security. These include, among others:

Providing network protection and encryption to protect personal data in transit across networks;
Having a security governance framework in place;
Making staff subject to security screening and education for their roles;
Designing services to identify and mitigate threats against their security;
Protecting interfaces from attacks;
Providing users with audit records.

These can be supported by measures such as: ensuring that any changes to a system are tested and authorised, so that there are no unexpected alterations in security properties, protective monitoring of any potential attacks and unauthorised activity, and plans to respond to any incidents and recover a secure service.

It is also important to ensure that a cloud provider has the accreditations for specific services, such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS).

This means that when using services such as storage, back-up, messaging or desktop hosting, all of the relevant measures are in place to provide the appropriate levels of security.

Providers with accreditation for groups of these services, rather than focusing on a speciality, can provide the scope to combine them within a package and make it easier to align different IT processes on a cloud platform while maintaining the necessary security.

Solution

In August 2012 Sentinel by SCC become the first multi-tenant Pan Government Accredited Cloud for what was at the time IL0, IL2 & IL3. This accreditation has been successfully renewed every year since and the platform is now aligned to Government Security Classification Scheme and accredited to OFFICIAL (with SENSITIVE caveat) under PSNA. The Sentinel platform also has ISO27001:2013 certification and is IG-SOC compliant for the NHS.

Why build it when you can buy it ready to roll out?

Like most of the other cloud providers, SCC originally concentrated on secure IaaS, but unlike others, has since then concentrated on developing the complementary secure SaaS offerings that you would associate with being able to function as an organisation or department. Sentinel SaaS offerings now comprise:

Hosted Exchange – with self-service control panel.
Hosted Desktop as a Service (VDI) – with self-service control panel.
Managed Desktops – with self-service provision.
iOS MDM for mobile device management.
File & Collaboration – secure file sharing.
Multi-Tenant Remote Access Service.
Sentinel Connect – secure compute HDMI based stick.
Database as a Service.

All SCC SaaS offerings are independently accredited and all have their own PSNA certificate for OFFICIAL. The company constantly strives for innovation in product development – for example development of a multi-tenant hosted Skype for Business offering for G-Cloud8 has just been completed.

As a UK company with UK-based data centres and skilled people, SCC aims to help you transform the way your organisation operates by planning, supplying, integrating and managing your technology.

We make technology work for the end user through partnership, knowledge and passion.

SCC Heritage

UK company with top tier data centres in the UK, guaranteeing up to 99.995% availability.
More than 500 vendor-trained professional services consultants and engineers.
Dedicated service desk supporting more than five million users.
Leading strategic partner to all key vendors.
The technology division of Rigby Group PLC.
Profitable track record since 1975

Purchasing from SCC

SCC partners with all Tier 1 manufacturers to supply client devices

Our customers use a wide range of frameworks in addition to their own Terms and Conditions

We support hosted and traditional desktop solutions

We provide complementary services to support the entire lifecycle

Initial services include testing, building, image deployment and delivery

Support Services include enhanced break-fix maintenance and service desk

Secure disposal services delivered from our award winning recycling and remarketing facility

With competition to attract students ever intensifying, universities need to transform their offerings to students in order to differentiate themselves and drive alternative income streams. It is vital that universities evolve with student expectations to create this compelling ‘student experience’.

As the demand for student services becomes increasingly more diverse and complex, students want access to their information and applications instantly, wherever they are. This challenges universities to maintain skilled resources to not only manage but continuously improve their infrastructure. Simultaneously, universities also need to transform their operations to consistently deliver maximum value at a reduced cost.

Hosted Desktop as a Service

SCC’s hosted Desktop as a Service (DaaS) can help universities achieve their aspirations to provide a student-centric environment to offer flexible access to students’ data and applications, whenever and wherever that need it, whilst protecting the integrity of the institution’s infrastructure.

Our DaaS solution enables users to securely access their desktop, applications and data from any location, on any device whenever they need to. Hosted on SCC’s multi-tenant, secure and resilient cloud platform, DaaS allows universities to provision users rapidly and to offer students flexible device options. This allows students to balance their personal and educational lives, studying at a time to suit them, from their preferred device.

Our Hosted DaaS is delivered as a managed service with SCC maintaining and managing the desktop profiles and operating system, to ensure it is always up to date with vendor releases and refresh schedules. Universities benefit from 24/7 support, guaranteed service levels and predictable monthly costs. By eliminating the traditional capital expenditure associated with upgrades and refreshes, and replacing it with a simple consumption based model, universities can drive cost savings and significantly lower the total cost of ownership of their estate.

DaaS supports any Bring Your Own Device (BYOD) initiatives that universities are looking to deploy and allows students the freedom to use their own technology to access university applications. With diversity being a key driver in education, this environment also provides improved accessibility for fullt ime, part time, distance and disabled learners allowing them to access university applications, using whatever devices they need. This can lead to collaboration on a potentially international scale, with students being able to easily communicate and interact with academic peers anywhere, at any time.

The service is charged on a per user basis, providing the ability to scale up and down as institutional requirements change, ensuring they only pay for current active users. This is particularly valuable to cater for differing and multiple course commencement dates with the DaaS solution able to flexibly reflect this need. Increased clarity on what devices are actively being used across their campuses at any point in time, better enables universities to optimise their device estate and therefore drive cost savings by device and application rationalisation.

SCC’s Desktop as a service ensures the ongoing security, compliance and availability of educational institutions’ desktop services.

Purchasing from SCC

SCC partners with Lenovo, under the London Universities’ Purchasing Consortium National Desktop and Notebook Agreement (NDNA) to supply client devices which support hosted and traditional desktop solutions, including complementary services. We support all three lots of this framework agreement to support the entire lifecycle of client computing for our educational customers, from supply and configuration to support and finally disposal in our award winning recycling and remarketing facility.

Alternatively, if a University tenders under their own terms or a different framework, SCC can offer devices at a competitive price from all Tier 1 vendors including HPI. Utilising our strong partnerships with all Tier 1 vendors, we can provide universities access to fast and reliable client infrastructure which meets the increasing demands of students and the strategic transformation goals of higher education.

Benefits

SCC’s hosted DaaS offers a wealth of benefits to our university customers, including:

Universities can scale as required and only pay for what they need
Quicker and easier access to student applications
Streamlined deployment of appropriate applications
Consistent desktop and office software across all devices
Releasing IT resources to higher value activities
Cost savings by moving to a revenue model charged by consumption
Simplifying and enabling client ‘Bring Your Own Device’ initiatives.

Download Factsheet