Today I attended a Public Sector Infrastructure Team meeting, which unfortunately clashed with a Government Connect Stakeholder Advisory Forum.
The Chair, from HMRC, spoke candidly (and in confidence) about the recent data loss – but I think it fair to acknowledge that a great many colleagues, especially from the security side of our businesses, have thanked the HMRC for helping them to highlight the risks to executives in their own organisations! Also – that this was a cultural failure. Correct procedures were not followed by people who failed to understand the potential implications of their action.
The Network Vision developed by the PSIT has now been agreed by the CIO Council – a significant step - so evolution from the GSI (Government Secure Intranet) to the "network of networks" – i.e. from perimeterised network security to security based on identified role and authenticated access to services and information - will now become a reality.
A lot of the agenda concerned Information Assurance, including the who, what, when and why of access.
The next policy due for submission to the CTO/ CIO Councils will be a new Data Centre vision of a managed infrastructure of Data Centres as a shared service to the public sector on a utility basis.