-
-
FOI request (FOIR-334385694)
Public cloud
Requested Thu 13 May 2021
Responded Fri 28 May 20211. Do you have a cloud strategy? (Please provide a link to the strategy)
a. Yes
b. No
2. When was the cloud strategy defined?
3. If yes, what is the focus of your cloud strategy?
a. All in on public cloud (no private cloud or on-premise infrastructure)
b. Cloud First (new services in public cloud with some on premises infrastructure or private cloud)
c. Hybrid cloud (some combination of one or more public clouds, private cloud and on-premises)
d. Private cloud (no public cloud)
4. What public cloud(s) do you use?
a. AWS
b. Alibaba Cloud
c. Azure
d. Google Cloud Platform
e. Oracle Cloud
f. UK Cloud
5. What percentage of your applications and/or workloads is on premise?
a. 0%
b. 10% - 25%
c. 25% - 50%
d. 50% - 75%
e. 100%
6. What percentage of your applications and/or workloads is in the public cloud?
a. 0%
b. 10% - 25%
c. 25% - 50%
d. 50% - 75%
e. 100%
7. What percentage of your data is on premise?
a. 0%
b. 10% - 25%
c. 25% - 50%
d. 50% - 75%
e. 100%
8. What percentage of your data is in the public cloud?
a. 0%
b. 10% - 25%
c. 25% - 50%
d. 50% - 75%
e. 100%
9. What percentage of your infrastructure is legacy?
a. 0%
b. 10% - 25%
c. 25% - 50%
d. 50% - 75%
e. 100%
10. Do you have third-party services or solutions on premise that are not cloud-ready or fit for cloud migration?
a. Yes
b. No
11. What workloads or functions have you moved to the cloud? (Multiple answers. Please specify other if not listed)
a. Office productivity (for example, Microsoft 365, Google Workspace)
b. Citizen-facing digital services (for example GOV.UK)
c. Back-office applications (for example, transaction processing)
d. Artificial Intelligence, Machine Learning, cognitive services
e. Software development/operations
f. Corporate functions (for example, HR, Finance, CRM)
g. Intranet
h. Backup, business continuity and disaster recovery
i. Other
12. What challenges did you face when moving to the public cloud? (Multiple answers. Please specify other if not listed)
a. Migrating certain applications
b. Legacy infrastructure
c. Different refresh cycles
d. Difficulty proving cost illustrations
e. Funding paths (Capital expenditure/Operational expenditure)
f. Data gravity
g. Data Classification
h. Licensing concerns
i. Data privacy concerns
j. Offshoring and data residency
k. Lack of in-house skills
l. Vendor lock-in/ Egress cost prohibitive
m. Other
13. What percentage of your infrastructure do you plan to be public cloud based in 12 months' time?
a. 0%
b. 10% - 25%
c. 25% - 50%
d. 50% - 75%
e. 100%
14. What percentage of your infrastructure do you plan to be public cloud based in three years' time?
a. 0%
b. 10% - 25%
c. 25% - 50%
d. 50% - 75%
e. 100%
15. How much has your organisation spent on public cloud since the Government's G-Cloud or 'cloud-first' policy was introduced in 2012?
16. How much has your organisation spent on on-premise infrastructure since the Government's G-Cloud or 'cloud-first' policy was introduced in 2012?
17. How much has your organisation spent on cloud/infrastructure consultancy services in FY 20-21?
18. How much was spent on public cloud data egress charges in FY 20-21?
Response
1. No
2. Not Applicable
3. Not Applicable
4. Request Refused (See below)
5. Information Not Held
6. Information Not Held
7. Information Not Held
8. Information Not Held
9. Information Not Held
10. No
11. Office productivity, Citizen-facing digital services, Back-office applications, Artificial Intelligence, Machine Learning, Cognitive Services, Corporate Functions, Public Website
12. Information Not Held
13. Information Not Held
14. Information Not Held
15. Information Not Held
16. Information Not Held
17. Information Not Held
18. Information Not Held
NOTICE OF REFUSAL
Disclosure of information relating to ICT security constitutes a security risk as it would leave the Council's computer assets more vulnerable to a malicious hacking attack. This means that disclosure would:
• Make the Council more vulnerable to crime (Section 31)
• Risk harming the systems on which the day-to-day business of the Council relies (Section 43) Section 31 (Law Enforcement)
Section 31(1)(a) states that information is exempt if its disclosure is likely to prejudice the prevention or detection of crime. ICO guidance states that this can be used to protect information on a public authority's systems which would make it more vulnerable to crime.
This exemption can be used by a public authority that has no law enforcement function:
• To protect the work of one that does
• To withhold information that would make anyone, including the public authority itself, more vulnerable to crime. The crime in question would be a malicious attack on the Council's computer systems.
Since the disclosure of the withheld information would make the Council's systems more vulnerable to such crime, the exemption is engaged.
The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure.
Section 43 (Commercial Interests) Section 43(2) states that information is exempt if its disclosure would, or would be likely to, prejudice the commercial interests of any person (including the public authority holding it).
Disclosure of information relating to ICT security puts the council at risk of a malicious hacking attack. This would compromise the Council's ability to provide its services and carry out 'business-as-usual' should our systems be compromised. Were our systems to be compromised, the cost of a system recovery would be detrimental to the Council's commercial interests.
The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure
-
-
Freedom of Information
Contact
Contact us if you have a question about democratic services.
Comments
The content on this page is the responsibility of our Democratic Services team.