iStorCloud has won a place on the Government’s first G-Cloud Framework.

The tender process generated applications from nearly 300 suppliers which were reviewed by the Government Procurement Service. iStorCloud, along with others, was selected for the delivery of its ‘Infrastructure-as-a-Service’ and ‘Software-as-a-Service’ solutions. These include cloud servers, backups, failover, monitoring and full cloud desktop solutions which can now be used by any public body by accessing the newly created CloudStore.

CloudStore is set to revolutionise the purchasing, management and delivery of public sector IT services and the way suppliers work with government. It offers public sector bodies a cheaper, quicker and more transparent way to procure the IT and Telephony services they need. These services can be purchased on a “pay-as-you-go” basis rather than having to develop costly in-house systems. This model means the government can use what it wants, when it wants it, and save money by avoiding duplication of services, as well as opening up the public sector IT market to a broader range of suppliers.

Dan Garner, iStorCloud’s Technical Director, stated “Our inclusion in the G-Cloud Framework is a fantastic achievement and is just reward for the many years of effort and painstaking development put in by our staff. We have created a unique highly secure and resilient cloud platform from which a vast range of IT and Telephony services can be delivered. Our infrastructure is housed in state-of-the-art data centres and connected to the UK’s fastest network. The iStorCloud platform itself has many security features and all our data centres are based in England which means we are perfectly placed to accommodate any public body whatever their data protection or security requirements”.

Harvey Davies, Commercial Director, said “This also represents one of the most exciting opportunities in a generation for channel partners. Public bodies can now leverage our platform for the delivery of any of their IT and Telephony needs without any capital investment. So our partners will now have access to a potentially huge and untapped market which they had previously considered out of reach.”

He added, “With our experience of the G-Cloud tender process, we are also able to give IT/Telephony service providers the hands-on guidance and advice needed for a successful G-Cloud bid, especially as the Framework will be put out to tender again in the Spring. This unique set of offerings, delivered without any upfront expenditure, provides the perfect platform for cloud computing in the public sector”.

Comms Business Magazine talks to Harvey Davies, Director at iStorCloud, about the benefits of cloud computing and, crucially, how resellers can avoid some of its common pitfalls.

There has been a huge amount of media coverage recently on the topic of cloud computing. But what exactly is cloud computing, how can it help and what are the risks? In the simplest of terms, cloud computing is where an  organisation uses an application hosted and delivered over the Internet by a third party. So, instead of purchasing and building its own IT infrastructure, a business could use a Cloud Service Provider (CSP) to host all its servers, applications, databases, telephony systems and desktops and the CSP can then deliver over the internet all of these computing needs on demand” This can bring businesses significant benefits:

Cost– there are virtually no upfront costs and organisations can pay monthly or annually based on actual usage. Software licences, system management and IT support can all be provided in a more cost-effective manner which leaves staff to focus on more business-criticaltasks.

Flexibility– employees can access their applications and data from anywhere and at anytime.

Resiliency–State-of-the-art data centre facilities and technologies are deployed to protect organisations’ IT infrastructure together with 24/7/365 engineering support.

Scaleability– a genuine cloud computing platform allows organisations to provision resources on a fine-grained, self-service basis in real-time and allows them to monitor constantly their usage. However, organisations are wary of cloud computing and not sure which CSPs they can trust, often raising concerns about security, data protection and customer ‘lock-in’. However, the right CSP can actually become a major USP for the reseller.

Security

Security is certainly one of the biggest issues holding back the adoption of cloud computing services. This is because organisations very rarely have access to the systems and security protocols of CSPs and do not know the standards which have been adopted. The top priority is the security of the CSP and the cloud platform itself. It is extremely important that resellers understand the features and physical location of the facilities where their clients’ data and applications are being held. Ideally, applications and data should be hosted in UK data centres which have 24/7/365 engineering support and security guards, CCTV, restricted access, uninterruptible power supplies etc. Do the data centres have ISO certifications for 9001 (Quality Management Systems), 14001 (Environmental Systems) and 27001 (Information Management Security Systems)?CSPs should be able to prove that they own and directly manage all aspects of their infrastructure as well as possessing all the necessary technical support expertise in-house. Furthermore, if a data centre did suffer a major outage, can the CSP deliver a disaster recovery service which enables the client’s cloud server to failover within seconds to another UK data centre thereby ensuring virtually no downtime? As regards the cloud infrastructure itself, CSPs control the hardware and the hypervisors on which data is stored and applications are run, so security at this level is critical but often neglected as some recent cloud security breaches have shown. The servers, on which the applications are hosted, are no longer physical hardware but are software-based virtual machines under the control of the cloud management and hypervisor software. This can increase the risk of exposure to hackers and other potential threats. Resellers need to be sure that the CSP can provide continuous security and high assurance. They need to find out and understand what technologies the CSP is deploying – are they builtto an international standard and do they include capabilities such as machine authentication hardware encryption, signing, secure key storage, and attestation? These provide both ongoing verification of the integrity of the client’s cloud infrastructure and cryptographically verifiable proof that the platform is intact.

In short, users can be assured that: Other cloud users and hackers cannot accidentally or deliberately view or access their data and applications;

•No unauthorised ‘back doors’ have been inserted into the cloud management system;

•The hypervisor has not been modified; and

•No bugs or viruses have been injected into the underlying operating system.

Data Protection

Organisations are now more mindful than ever before of their data protection obligations particularly as fines amounting to £500,000 can be imposed for breaches of the Data Protection Act 1998 (the ‘DPA’). Even if an organisation deploys all their infrastructure and data in the cloud, they are still legally responsible to handle personal data in accordance with the rules of the

DPA and will be liable for any breach. There are many aspects to consider but, for example, resellers and their clients should know that the CSP can:

• Guarantee that the data will only be held within the EEA or, ideally, the UK and the location can be identified in the contract.

• Confirm that data is only processed in accordance with the company’s instructions and that it has in place the necessary security systems and processes to ensure that the company’s compliance with the DPA is not undermined.

• Guarantee that business data is readily accessible so that the business can meet its information access obligations under both data protection and freedom of information legislation. Many larger CSPs struggle to meet all these criteria and resellers will often find that many contractual provisions, especially in relation to data protection, cannot be negotiated. A well designed private cloud service should give organisations confidence that they are not going to increase their risk of breaching the DPA. Resellers should be testing the CSP’s  awareness of data protection at every turn. Does the CSP have any endorsements? Are its employees CRBc hecked and how can it demonstrate its  commitment to data protection?

Customer Lock-in

Another fear commonly raised is that if and when a business commits to a CSP, they will find it very difficult  to move away or change providers. There have already been reports that some of the larger CSPs have made it very difficult for users to revert back to a previous system. As with security and data protection, the key is for resellers to ensure that any provision for an easy exit for its customers is made explicit in the contract. In addition, it is vital that they understand exactly how the mechanics of any potential move would work and the financial implications. One of the key advantages of a cloud deployment is flexibility. Resellers should be able to discontinue any part of the service at a month’s notice – for example, they may require additional cloud management and IT support for the first few months and then, once they feel comfortable with the system, they can discontinue the IT support and use just the cloud platform for commissioning servers. They also need to know how quickly they can move to another CSP and how the virtual machines, applications and data will be transferred. Security, data protection and customer lock-in are all crucial elements of cloud computing, and organisations should be scrutinising the CSP on all of them. With the right CSP and state-of-the-art facilities and technologies, resellers can ensure for their clients a robust and secure managed private cloud service as well as compliance with legal and regulatory obligations.