During my keynote at UCL recently, I touched on the topic of information security in the cloud. I thought it would be worthwhile going into more detail here, since the topic of cloud and security is pervasive to any Digital Transformation strategy.
Let's take an example from the NHS, which has a standard of security called the Information Governance Toolkit. From the website The IG Toolkit is an online system which allows organisations to assess themselves or be assessed against Information Governance policies and standards. It also allows members of the public to view participating organisations' IG Toolkit assessments.
I have worked with various organisations to unravel the Information Toolkit on a number of occasions now, and apply it to Azure. Note that the Information Governance Toolkit doesn't just impact the NHS, but other organisations who need to work with the NHS in some way. Essentially it comes down to a central question; what data can go into the cloud, what data can't, and why? How can we architect our solutions so that we are compliant with the Toolkit? If we can't put some of the data up now, what can we do with it in the meantime, and what is the roadmap for putting data into the cloud?
Well, the answer is: it depends.
If you need help with these questions, don't hesitate to get in touch at firstname.lastname@example.org and we can arrange time to chat.