by Matthew Finnegan

Cloud computing is mature and secure says Gatwick CIO

Jun 30, 2015
Cloud ComputingIT LeadershipIT Strategy

Gatwick airport CIO Michael Ibbitson says cloud computing has matured and that CIOs and organisations that are strong on assessing and selecting vendors will find cloud providers that can deliver major transformations and even increased security to their organisations.

Michael Ibbitsonis a new entrant to the 2015 CIO 100, a showcase of transformational CIOs.

“Just as within any IT department you have maturity levels, with cloud vendors you also have maturity levels,” said Ibbitson.

“You have got to do your research and you have got to go into it with your eyes open to understand what all the potential pitfalls and benefits are.

“Do they have secure data centres? Do they manage their access and controls properly, do they have ISO27000 certification? And, depending on the service, do they have payment card industry accreditation? Assess them and make sure you have the same risk mitigation steps that you would do for your on-premise services.”

Ibbitson and Gatwick asked all of these questions. Gatwick airport IT staff visited a Danish supplier that remotely manages the  baggage systems to assess its internal controls.

“We went to the company in Denmark and did a cyber security assessment of their whole setup because we want to make sure that they can’t be hacked into and therefore someone can’t take remote control of our baggage system,” Ibbitson said.

The airport has a team dedicated to assessing cloud providers, Ibbitson said, to help ensure suppliers meet standards. “If [suppliers] don’t conform to certain mandatory requirements like integration with identity as a service providers, having HTML5 interfaces or an app to make it work on a smartphone or tablet then we wouldn’t go with them.

“Suppliers must have the right security credentials – we have to know that if we are putting our data into their services that they know how to protect and manage that data, and for services coming out of the US we make sure they have Safe Harbor accreditation.

“We have turned down really interesting new tools because they weren’t compliant. In fact some of them that we really wanted to buy, after thorough assessment we have had to forcibly block them on our proxies and firewalls because we realised just how insecure their services were.

Gatwick recently announced an increase in passenger numbers, reporting a rise of 7.8% over the last year. Once part of BAA along with Heathrow, Gatwick is now locked in a fierce battle to be granted expansion with the building of a second runway. Heathrow, which connects directly to many major motorways and the proposed HS2 rail line is also seeking to build a new runway.