End-user security the focus as Parliament moves to the cloud

Director of Parliamentary ICT Joan Miller said Lord Speaker Baroness D’Souza and Speaker of the House of Commons John Bercow were both committed to driving the use of modern, digital technologies in Parliament.

Addressing an audience at the Cloud Expo Europe conference in London last week, Miller said that the home of UK legislature was embracing disruptive influences in a unique setting, but that security was a critical concern, with her main efforts focused on end-user education.

Miller also announced that Parliament was moving its email over to Office 365. This followed “deep discussions with Microsoft about security”, Miller said, who are fully accredited with the G-Cloud.

“As the internet grows, we have to know we are not in control,” Miller said. “The way people use technology is not IT’s choice; and it might not even be their own choice. But we have to acknowledge this is the way people work.

“When we look at our user base it is quite unique. This is a preserved environment, a very interesting environment to bring IT into. But both speakers are seeing this change.”

Miller’s remit includes providing the infrastructure for the Parliamentary Network, providing information and communications technology and training to both Houses of Parliament, and managing equipment for members of both houses and Palace of Westminster staff.

In her role since 2005 following two years as the head of ICT for the London Borough of Lambeth, she said that the institution has been moving services bit by bit to the cloud for the last three years, explaining Parliament has been using each and every kind of ‘cloud’.

“Cloud comes in many different forms, and we’ve been using all of them. Some are private, some are public – and we have different reasons for using each,” she said.

“Our business is to engage with the public. Sometimes they want to engage with us. Sometimes we want to keep information in the public zone, but other things we need to keep secure.”

Miller’s primary concern when moving data off the parliamentary estate was security and governance, she said.

And when factoring in mobile devices, she said that the conundrum eventually boils down to one of usability, cost and security.

“It’s about which data is free and which data is not free which we have to be very secure with, and this usually satisfies the cost element,” she said. “The fight is really based around usability and security – it’s a large balancing act.”

Miller explained the different levels of security, with most of parliament’s data available via a Freedom of Information request and thus not required to be stored under stringent protocol. Conversely, some is covered by the data protection act and subject to strict security rules. Other bits of parliamentary data, Miller said, are deemed so secret they are not even stored electronically or online.

But Miller, who was also Suffolk County Council head of ICT for eight years, revealed the results of a report by the Information Commissioner’s Officer released in January regarding Parliamentary data breaches in 2013, which showed overwhelmingly it was users rather than technology which were the problem.

The top three causes by far were what Miller considered human error; 192 instances of information disclosed in error, 62 of lost or stolen paperwork, and 32 of lost of stolen hardware like mobiles, laptops and USB sticks.

“You can build all sorts of protection around the data, Miller said, “but it’s what the user does with it that makes it secure or not.

“Therefore the emphasis must be about user understanding on what’s safe practice and what’s not safe practice.

“We’re trying to inform users about the risks they take, asking them to bear these in mind when they take work technology out into the public.”

Parliamentary copyright images (top image) are reproduced with the permission of Parliament