GDS puts security top of the agenda for G-Cloud 9
Suppliers and buyers admit they struggle to understand each other on security
The Government Digital Service (GDS) has promised to focus more on security when planning the next iteration of G-Cloud, admitting that buyers and suppliers struggle to understand how to communicate about the subject.
The GDS is planning to launch a "discovery" process for G-Cloud 9 – the next version in the pipeline – which could mean the version is significantly different to its predecessors. The process will involve the GDS going back to the drawing board for the first time since G-Cloud was launched in 2012 to ensure the framework meets users' current needs.
Security will be a key area of focus, the GDS said today, adding that with that in mind, it has added an information assurance specialist to the Digital Marketplace team.
At a recent cyber conference at which GDS ran a workshop – which was not part of, but related to, the discovery process – security was the hot topic. Buyers told the government they don't understand how to clearly communicate the security details they need, while suppliers admitted their technical teams don't understand the procurement language that buyers often use.
Aside from communication issues, buyers and suppliers said they would like more guidance about security and risk in general, said the GSD.
"We learned [that] suppliers would find it helpful to know about a buyer's security requirements, how risk averse they are and any specific technical blockers earlier on in the buying process [and] buyers want to know how to understand and assess suppliers' security assertions."
Further, suppliers and buyers requested more opportunities to hear about their peers' experiences, and suppliers said they wanted to be able to provide more relevant security information.
The GDS said that security will be a key part of its upcoming discovery process.
"We're reviewing the public sector's cloud and technology needs and part of this is around security. The discovery will tell us if, and how, the user need has changed and whether the services that government needs still fit into the 4 categories we have in the current G-Cloud iteration. Our CESG information assurance specialist will help us with the security part of the G9 discovery."