Approved work: Security of UK technology infrastructure
This POSTnote will outline what UK technology infrastructure is, potential impacts of disruptions, risks, options for mitigating risks and relevant policy.
Cloud computing refers to the delivery of computing services on-demand over the internet. This POSTnote describes the different types of cloud computing before outlining issues relating to security, regulation, energy use and barriers to the adoption of this technology.
Cloud computing (350 KB , PDF)
Cloud computing is the use of pooled, centralised computing resources (including data storage and processing) that are provided to users (who may be organisations or individuals) on-demand, often over the internet. Many mainstream consumer services, including Netflix and Youtube, are enabled by cloud computing and estimates suggest that 89% of larger UK organisations use at least one cloud-based service. The government encourages public sector use of cloud computing via its cloud first policy which mandates that cloud computing must be considered before any other IT implementation where possible.
Potential advantages of cloud computing include increased security, the ability to use resources flexibly and improved energy efficiency. However, improper governance of cloud computing use by organisations can lead to problems such as security breaches. Furthermore, 50% of UK companies have reported doubts about the compliance of their cloud computing solutions with all required regulations.
Key Points
Acknowledgements
POSTnotes are based on literature reviews and interviews with a range of stakeholders and are externally peer reviewed. POST would like to thank interviewees and peer reviewers for kindly giving up their time during the preparation of this briefing, including:
*denotes people and organisations who acted as external reviewers of the briefing.
Correction [30/07/20]: In Box 1 on page 2 “Stakeholders, including a former Minister for Digital and the Creative Industries and the CEO of UKCloud (a prominent provider of cloud services to the public sector), have called for the UK to establish a sovereign cloud capacity to retain control of UK data.[References 23,24] The European Commission supports, and has proposed funding for, a panEuropean, sovereign cloud initiative.[Reference 19] In October 2019, GAIA-X, a German conceived initiative supported by France to establish a sovereign European cloud was announced. [Reference 18]” was changed to “Some stakeholders, including a former Minister for Digital and the Creative Industries and the CEO of UKCloud (a prominent provider of cloud services to the public sector), have called for the UK to establish a sovereign cloud capacity.[References 23,24] The European Commission has proposed funding for a pan-European, sovereign cloud initiative.[Reference 19] In October 2019, GAIA-X, an initiative to establish a sovereign European cloud was announced.[Reference 18] Some stakeholders advocate for global clouds as they have benefits such as the flexibility to scale globally. [References 27,28]”
Correction [30/07/20]: On page 2 “Multi clouds can increase an organisation’s resilience against cloud service outages and allow them to optimise each cloud service for its specific task.” was changed to “Multi clouds can allow an organisation to optimise each cloud service for its specific task and prevent them from becoming over-reliant on a single provider.”
Correction [30/07/20]: On page 3 “CSPs often have spare storage and processing capabilities to mitigate against partial capacity loss and may back up users’ data in multiple locations.” was changed to “CSPs often have spare storage and processing capabilities to mitigate against partial capacity loss and may offer to store users’ data across multiple data centres.”
Correction [30/07/20]: On page 3/4 “This means regulating data privacy, location and trade is challenging.” was changed to “This means regulating data privacy, location and trade can be challenging.”
Correction [30/07/20]: On page 4 “If UK protections are not considered adequate, smaller organisations may find it particularly challenging to legally transfer data between the UK and the EU.[References 73,114]” was changed to “If UK protections are not considered adequate, individual businesses would need to use EU approved safeguards in contracts involving access to EU personal data. [Reference 116] It may be particularly challenging for smaller organisations with limited legal expertise to implement these safeguards.[References 75,117].”
Cloud computing (350 KB , PDF)
This POSTnote will outline what UK technology infrastructure is, potential impacts of disruptions, risks, options for mitigating risks and relevant policy.
This POSTnote will outline the challenges and opportunities for spatial planning and climate change across national, regional and local decision-making levels.
This POSTnote will outline the energy system application of AI and Machine Learning. It will also consider the data, cybersecurity and ethical challenges that will need to be considered for application in the UK to enhance energy security.