The Department for Science, Innovation and Technology (DSIT) has issued guidance to support public sector bodies that want to host their applications and workloads in overseas datacentres.
The government department’s overseas data guidance features a recommendation for public sector organisations to adopt a “multi-region approach” for workload resilience reasons, while acknowledging that this might mean making use of cloud services hosted outside of the UK.
“We recommend that organisations adopt a multi-region approach in which they make controlled, considered use of regions in a way which is compatible with UK law,” the guidance document, seen by Computer Weekly, stated. “This guidance reinforces existing legislation and policy: this is not a change of policy.”
Where the latter point is concerned, the guidance reiterated that government data that is classified at ‘official’ level can be stored and processed in overseas datacentres and cloud regions “when satisfactory legal, data protection and security practices are in place”.
It continued: “There is no universal requirement for government data classified as ‘official’ to be physically located in the UK.”
The guidance document stated that “many public sector organisations are already taking advantage of SaaS [software-as-a-service] products which are not exclusively UK hosted, operated and supported”, and DSIT said the guidance is intended to support more of them in doing that.
Limiting themselves to using UK-only hosted services means public sector organisations might be missing out on better priced and more technologically advanced services that are only available in certain geographies, the guidance stated.
“It can be prohibitive for smaller vendors to provide an entire capability within every geography worldwide because of the level of expense and complexity,” it said.
“[Furthermore] your disaster response requirements may mean the current distribution of public cloud regions in the UK is not sufficient to meet your recovery objectives and so you may consider using an overseas region to meet your resilience requirements in certain scenarios.”
In a statement, announcing the guidance’s release, DSIT said encouraging more of the public sector to entrust their data to overseas entities will boost competition and the resilience of their offerings, without compromising the UK’s strict data and security protections.
On this point, the guidance has been created collaboratively with input from DSIT, The Central Digital and Data Office, the National Cyber Security Centre, the Government Security Group and the Department for Business and Trade.
“This aims to boost competition, so the public sector can negotiate lower prices for their use of cloud tech,” said the DSIT statement. “It will also make digital systems more resilient by spreading IT infrastructure used by critical services such as the NHS and emergency response across different regions.”
According to artificial intelligence and digital government minister Feryal Clark, the guidance is intended to reverse the problem of “crucial public services” being held back by “poor technology and outdated guidance” that has left the public sector trailing the private sector in innovation terms.
“By embracing global innovation, we are making sure our public services have access to more tools to drive innovation and improve their services, while also building resilience and lowering costs as we look to put technology to work in the public sector,” she said.
“This guidance will help to ensure that security and compliance are not afterthoughts, but core elements of our digital transformation journey.”
#DSIT #issues #guidance #support #public #sector #hosting #cloud #workloads #overseas #datacentres