Assurance in the Cloud: Outsourcing Risk in a Shifting Landscape



Similar documents
SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: Fax:

Thales Service Definition for PSN Secure Gateway Service for Cloud Services

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS

Hosted Desktop as a Service

Thales Service Definition for NOC Services for Cloud

Service Definition Document

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

Software Smart Buying Lower cost, better insight

Remote Access Service (RAS)

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Tactical Cost Reduction

MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Delivering Government Cloud in 2012 Andy Tait VMware UK. VMware Copyright 2009 VMware, Inc. All rights reserved.

The Cadence Partnership Service Definition

Meeting the challenge

Eduserv Managed Cloud Solutions. Helping you to migrate securely to the cloud

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Service description RFL Virtual Data Centre

Cloud Brokerage. G-Cloud Service. Arcus Global

Infrastructure Services

Leveraging the Private Cloud for Competitive Advantage

CONSULTING SERVICES. Experience in Action

Growth Through Excellence

A guide to procuring Accredited Cloud Services

UK Government IA Recent Changes and Update

CROWN HOSTING DATA CENTRES AND THE CLEAREST ROUTE TO THE CLOUD. August 2015

PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION

Open Source, Open Standards and Re Use: Government Action Plan

FLEXIBLE COMPUTING LTD. Service Description & Pricing. Cloud RockStars. G-Cloud

IT Enterprise Services

GPG13 Protective Monitoring. Service Definition

The reality of cloud. Go beyond the hype and make a better choice. t e sales@365itms.co.uk.

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

IT Managed Services National (Cat A) Framework

SQL Server Database as a Service (DBaaS)

An example ITIL -based model for effective Service Integration and Management. Kevin Holland. AXELOS.com

Transforming public services in Scotland Value Added Services

Objectives for today. Cloud Computing i det offentlige UK Public Sector G-Cloud, Applications Store & Data Centre Strategy

SBL Integration, Capabilities, and Enablement in Defence

IT Services. We re the IT in OrganIsaTion. Large Organisations

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement.

Cloud. Seven key questions answered about G-Cloud adoption. Enabling a Platform for 21st Century Service Delivery. Whitepaper.

89% IT Enterprise Services. Optimise your cloud investments with innovative hybrid cloud solutions. Hybrid cloud

Microsoft Software Licensing for Schools. Helping schools to circumvent the complexities of Microsoft Education Licensing.

ICT and Information Security Resources

HSCIC IT Hosting Strategy

How To Move To The Cloud

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

HOW SAFE IS YOUR DATA? Are you at risk of making the headlines for all the wrong reasons?

BT Payments and Transactions Professional Services Package for Merchant Acquiring

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: Fax: info@thebunker.net

How To Compare Cloud To Onpremises For A Public Sector Organisation

Cloud Computing in a Regulated Environment

ICT Strategy Consulting Services for Schools. Helping schools to establish a clear vision for ICT.

Validating Enterprise Systems: A Practical Guide

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

Securing Your Data In The Cloud: an insiders perspective

A Guide to the Cyber Essentials Scheme

Overview. Service Description: BCP & DR Strategy (L6)

UK Government ICT Storyboard July 2010

Capita Productivity Hub Combining secure private cloud with familiar Microsoft tools

Government Efficiency through Innovative Reform. Microsoft IIS as a. Service Definition

Cloud Adoption. The definitive guide to a business technology revolution. shaping tomorrow with you

Putting cloud to work in local government. How councils are adopting cloud to enable business change

Committees Date: Subject: Public Report of: For Information Summary

ICT strategy and solutions for upstream oil and gas. Supporting exploration and production globally

Installation and operation of an Open-Access ICT Network

IBM G-Cloud Microsoft Windows Active Directory as a Service

FRAMEWORK BRIEF. Information Communication Technology (ICT) Solutions

White Paper. Managed Services. Part 2: True Value Creation Partnership. February ISO 9001 No. FS 28117

BT Contact Centre Efficiency Quick Start Service

SUPPORTING THE RAIL INDUSTRY UNIQUE SOLUTIONS FOR UNIQUE SITUATIONS

G-Cloud Software as a Service Service Definition

Nomination title: Managed Service Provider of the Year. How long has this organisation been involved in the IT services and solutions market in EMEA?

IBM QRadar as a Service

Debt Recovery Specialists

software license management is becoming an important issue for hosting resellers and Microsoft solution providers.

Business Support Service Development Manager

cloud Development Strategies - Part 1

How To Make Money From Your Desktop Virtualisation

G-CLOUD SPECIALIST CLOUD SERVICES

6 Cloud strategy formation. 6.1 Towards cloud solutions

Hosting and data centre services

4net Technologies. Managed Services and Cloud Solutions

Microsoft SQL Server as a Service

MANAGING RISK AND COST REDUCTION FOR ICT SERVICE DISAGGREGATION IN GOVERNMENT

IT Enterprise Services. Capita Collaboration Suite Unified Communications in the Cloud

Job Title: Customer Experience and Service Development Manager

The business case for cloud computing

1 Introduction to Skype For Business Service Definition Functionality & Features Administration Access Methods...

Managing Cost and Complexity out of Desktop Management

Government Procurement Service

Transcription:

by SCC We make IT work Assurance in the Cloud: Outsourcing Risk in a Shifting Landscape

02 CONTENTS You hold sensitive public sector data Sentinel protects it. Sentinel by SCC not only provides faster IT implementation but also keeps your data secure to UK Government security standards, as the most established and cost-effective Cloud solution from the first Pan- Government Accredited provider, SCC. For 40 years, SCC has been the trusted IT partner for the UK s critical national infrastructure. Sentinel: keeping public sector data secure.

CONTENTS 03 Contents Assurance in the Cloud... pg. 4 Assurance Checklist... pg. 5 Information Assurance... pg. 6 Our Capability... pg. 8 Checklist Completed: Sentinel by SCC... pg. 9 Need to Know More?... pg. 10

04 ASSURANCE IN THE CLOUD Assurance in the Cloud After contending with a series of policy gear changes in recent years, Public Sector organisations around the UK will again have to undergo a shift in the way they procure Cloud services in 2015, with significant changes to the accreditation system leaving then uncertain as to how to make the right choice of provider. Fundamental changes in the approval scheme for new Cloud services which removes the absolute requirement for Pan- Government Accreditation (PGA) will enable organisations to access a new generation of solutions. While this offers many benefits, it has also created uncertainty over how to assess the credibility and security of the range of new services now hitting the market. Under the new regime, public sector departments face three key challenges when selecting appropriate Cloud solutions: 1. Bridging the Credibility Gap following significant relaxations in the requirement for all providers to achieve PGA, uncertainties over their credibility could lead to protracted procurement processes that slow the implementation and effectiveness of new solutions. 2. Disguised Complexity with a multitude of factors required to underpin a fit for purpose Cloud solution, identifying providers with all the components required to underwrite a robust assurance strategy can be challenging. 3. Avoiding Supplier Lock many organisations are wary of being forced back by uncertainty into the failed model of contracting their requirements out to giant ICT services companies, leading to the deployment of overpriced, generic solutions that are not fit for purpose.

ASSURANCE CHECKLIST 05 Assurance Checklist Working on Cloud solutions with leading public sector organisations across the public sector, SCC has learned that selecting effective and secure Cloud solutions relies upon answering a series of key strategic questions. Financially Secure? Is the Cloud environment in the hands of a company with the financial stability and pedigree to confidently underwrite its long term operation? Strategically Local? Is the solution and any accompanying data hosted in a UK data centre, securing it from interference or inspection by foreign authorities? Are help desk staff close by, or located across the world? Transparently Credible? Does the provider s track record bear scrutiny? Who are its customers, and does it have a pedigree of positive Cloud and data centre investment evidencing its long term strategic vision? Information Assurance Guaranteed? Does the Cloud solution provider have proven in-house expertise and the ability to lead a first class Information Assurance process, and is their service proven to provide adequate cover for sensitive or personal information? Technically Appropriate? Does the infrastructure provided by the service measure up to the latest available market standards? Can the provider assist with the Migration and Support process where required, and does it have competencies in place to provide wrap-around ICT services when needed? Broader Capability? How great are the provider s wider service capabilities? Does it offer credible expertise in network and security operations, project management and solutions design? Industry Leading Pedigree? Has the provider embraced best practices like monthly contracts and PAYG charging to drive down costs? What business accreditations does it have, and will it dovetail with CSR policy?

06 INFORMATION ASSURANCE Information Assurance The Evolving Landscape The introduction of the Government Security Classification (GSC) Policy in April 2014 provided direction for Public Sector organisations, and suppliers of services to Public Sector organisations, with a 3-tiered approach to data labelling. This replaced the Government Protective Marking System (GPMS). Cloud services by nature, have always been associated with the ability to deliver on demand services. Assurance of services on the Cloud Framework were achieved through successful Pan Government Accreditation (PGA). This often created a tug of war between the functionality of the Cloud, versus maintaining PGA compliance. The mandatory requirement for Cloud Service Providers (CSPs) to achieve PGA Accreditation is now not a requirement of the G-Cloud 6 Framework. SCC understand that change in any guise, brings with it challenges. Our Sentinel by SCC platform maintains the PGA accredited approach to provide its consumers with the confidence that SCC s environment is still, safe and secure, using products which have been evaluated against standards such as CPA. We understand that independent evaluation of processes and procedures should be a requirement, which demonstrates IA maturity. SCC s cloud platform is within scope of it s ISO 27001 certification. Technical assurance of the platform is maintained through an annual CHECK ITHC. Organic IA Team Inside Out SCC has built a wealth of experience helping public sector customers make sense of their approach to information assurance. Our in-house security-cleared IA specialist team has worked with multiple agencies to help them design, build and deploy successful assurance strategies, and can help walk customers through the process, identifying key areas of concern and potential pitfalls not always obvious from the outset. Our IA specialists hold certifications such as CLAS, CCP, CISSP, CISM and ISO 27001 to deliver IA guidance on PSN, PCI-DSS, SWAN, Cyber Essentials compliance and audit programmes. SCC s IA professionals conduct intelligent security assessments as part of the on boarding process using a hybrid approach to identify security risks. Using the controls within the Cyber Essentials Scheme as the foundation, we have a bespoke approach to supplement the scheme. This delivers an output which is clear, easy to maintain, and manageable. Secured by design, using organic CLAS consultants and built under CESG s exhaustive scrutiny, Sentinel by SCC has evolved to meet all of the challenges public sector organisations face when adopting the Cloud - offering a variety of solutions to the challenges posed by an increasingly flexible workforce. The first UK provider to win Pan Government Accreditation for our G-Cloud platform, we also host services which are compliant to Public Sector Network (PSN) accreditation.

INFORMATION ASSURANCE 07 Technical Excellence With a 15 year data centre track record, SCC has a strategy of continually investing to ensure the infrastructure provided by the Sentinel service measures up to the latest available market standards. Our two Tier 3 data centres - separated by over 50 miles - are serviced by multiple carriers to ensure resilience. Dual centre operations with full PSN capabilities, they represent one of the most up to date technical environments available in the UK. Offering both virtual and physical models, as well as Inter Domain Gateways and True Hybrid Modelling, we have the capacity to develop truly effective business solutions for any organisation. When wrap-around ICT services are needed SCC has accredited competencies in Microsoft, Oracle, VMware and a range of other key solutions, while our dedicated technical pre-sales team is in place to help with the assessment, planning and migration stages. Broader Capability As Europe s largest independent technology solutions provider, SCC has a full range of Professional and Managed service capabilities to help public sector customers make things happen. Irrespective of the complexity, we have the in-house expertise to help organisations consult, design, deploy, migrate to, and operate Cloud or Hybrid solutions tailored to their needs. Offering full service management, our state-of-the-art Network and Security Operations centres have been built to provide the levels of assurance and support government organisations need. If you need it, we can also offer complete Project Management service, deploying our expertise to ensure a well-planned journey and smooth transition. Established Pedigree Built on technical excellence and best practice, SCC has a proven track record of adopting new paradigms and approaches to business. Where traditionally organisations have been bound into longterm IT contracts with huge financial exit penalties, our contracts can be as short as 30 days, enabling organisations to buy into services on a pay-as-you-go basis when they re required and step away when they re not. For us IT is not a simple matter. It s more than a price list, and we work hard to ensure our customers enjoy transparency over both services and costs. We have full ITIL accreditation, as well as ISO certification for Quality Management (9001), Information Security (27001) and Environmental Practice (14001). With a corporate focus upon the people and communities we operate in, SCC maintains CarbonZero status for its data centre and recycling operations and is a winner of the Data Centres In Europe Green Grid Award For Sustainability. IA Checklist 150 20000 150 27001 CHECK ITHC CYBER ESSENTIALS PGA-ACCREDITED GSC GPMS 150 9001 150 14001 CLAS CCP CISSP CISM

08 OUR CAPABILITY Our Capability In the Engine Room: Sentinel by SCC With a proven track record delivering Cloud solutions from the simple to the complex to the UK public sector, SCC has been at the forefront of the Government s G-Cloud strategy since its inception. Over the years we ve encountered every one of the challenges facing organisations wishing to deploy services to the Cloud, building an offering designed to tick every box on the Public Sector Assurance checklist. Financially Robust SCC has been in business for 40 years, and is trusted to run infrastructure services for leading organisations across Europe. Profitable and secure with growth of 69% from data centre and Cloud services alone in 2014 we have a history of positively investing in data centre technologies. Last year s acquisition of a second Tier 3+ data centre in Hampshire took our total investment in data centres to more than 50 million, part of a declared strategy of continuing to building capacity in this area. As one of the first UK providers to successfully make significant investments in Cloud infrastructure we have a history of strategic investment in the sector, and a proven track record of leading the industry in terms of both thought leadership and practical application. UK Based Part of Rigby Group PLC, SCC is entirely privately owned and headquartered in the UK. Proud to be British, our status means that customers can be confident their information will remain entirely within the UK s borders, meaning that it is subject only to local law and is not as is the case with data held by some international providers vulnerable to foreign regulations such as the US Patriot Act. This also means that when a user has a problem, they get directed straight to a UK call centre (not one in Ireland, Europe or the rest of the world), while our support teams all work on GMT, rather than some other random timezone. Proven and Credible Already supporting thousands of public sector users, Sentinel by SCC has a Public Sector track record few can rival. We were the UK s first Pan-Government Accredited Cloud provider, and because of that experience understand the unique needs, pressures, risk mitigation strategies and deployment methodologies required to help organisations optimise and deliver the services they need. While many of the providers appearing on G-Cloud 6 are debutants, SCC has had a place on the Cloud Store since it launched, working alone or alongside partners to deliver an array of IaaS, SaaS, PaaS and consulting services across complex multi stakeholder environments. Whether it s simple Email as a Service solutions or via large ICT outsource disaggregation projects, SCC has been proven time and time again as the credible choice.

CHECKLIST COMPLETED: SENTINEL BY SCC 09 Checklist Completed: Sentinel by SCC Financially Secure SCC has a 40-year history of financial stability, long term investment and steady year-on-year growth. Backed by years of investment, Sentinel by SCC provides public sector services on one of the UK s most robust Cloud platforms. Strategically Local UK owned, SCC s data centres, sited in Hampshire and Birmingham, and our help teams are based in Britain. Transparently Credible Part of the G-Cloud since its inception, SCC already works with multiple public sector organisations on cloud infrastructure including The Highways Agency, Pensions Ombudsman, Cabinet Office, Home Office, Oxfordshire County Council, Scottish Qualifications Authority, GCHQ and NHS Trusts and agencies. Information Assurance Guaranteed SCC s expert in-house Information Assurance team has helped dozens of clients navigate the procurement process safely. Technically Superior Secure by design, Sentinel by SCC service was built under the scrutiny of the CESG, measuring up to the latest available market standards. Broader Capability As Europe s largest independent technology solutions provider, SCC can provide clients with a full range of wrap-around IT services on demand. Industry Leading Pedigree Backed by multiple accreditations, SCC works with clients to ensure they retain power and control over their IT, providing flexible support on demand. Our clear pricing strategy enables organisations to consume services on a PAYG basis, avoiding expensive contract lock-ins.

10 NEED TO KNOW MORE? Need to Know More? Moving any service to the Cloud takes a combination of expert technology management, strategic service management and solid transition planning to extract and maintain the value offered by cloud infrastructure services. SCC is a services company, not just selling servers and other hardware, required to realise the potential that drew the UK Government to the Cloud in the first place. Engaging with our specialist cloud team means you will receive acknowledged thought-leadership, together with access to the knowledge and experience gained from multiple engagements with the new disaggregated service approach currently being adopted across the Public Sector.

WHY SCC 11 Why SCC We enable people to do business by planning, supplying, integrating and managing their IT. We make IT work through partnership, knowledge and passion: trusted to run IT infrastructure and services for leading business across Europe for 40 years. Europe s largest independent technology solutions provider The technology division of Rigby Group PLC Profitable track record since 1975 SCC Group revenues: 1.74bn UK turnover: 751 million Over 5,000 employees Supporting more than 5 million users Leading strategic partner to all key vendors CarbonZero for data centres and recycling operations

People do business. We make it work. T: 0121 281 8618 E: online@scc.com W: www.scc.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information