The operational security of our HPC technology and services is governed by several legislative, regulatory and commercial requirements and constraints. As a UK based venture, the characteristics of our ITC service fall within the purview of the Information Commissioner’s Office ( www.ico.org.uk ), but are subject to many individual regulations, including but not limited to:
- the Data Protection Act 1998,
- the Privacy and Electronic Communications Regulations 2003,
- the Freedom of Information Act 2000,
- the Environmental Information Regulations 2004, and
- the INSPIRE Regulations 2009.
There is a variety of information stored on our HPC network, which come with different sensitivities. For the UK public sector, these levels have traditionally been defined by the National Technical Authority for Information Assurance at the Communications-Electronic Security Group (CESG, www.cesg.gov.uk), which determine the Business Impact Level (BIL) the organisation is operating at. Whilst CESG’s definitions apply only to the public sector, they are widely acknowledged as being applicable to the commercial sector.
The Business Impact Level (BIL) associated with our service is determined by reviewing the tables within the HMG Information Assurance standard and mapping the service to the closest relevant table, and identifying the first Impact Level which clearly exceeds any impact likely from penetration or compromise of our service. The relevant Impact Level for HPC Wales security architecture to meet is BIL 2.
The HPC Wales architecture represents a relatively conventional “hard boundary” security model, with resilient firewalls and an authentication model based on Microsoft Active Directory protecting a “DMZ”, within which data is transmitted and administrative access is allowed against defined role functions for specified individuals. The WAN services are procured from the Welsh Assembly Public Sector Broadband Aggregation, (www.psba.org.uk). This provides a trusted Multiprotocol Label Switching (MPLS) service which runs natively at BIL 2. The use of the Secure Shell (SSH) protocol over the MPLS network plus password-protected authenticated logon to the HTTPS-secured Synfiniway portal, enables secure remote access to the HPC Wales clusters. This security architecture is entirely consistent with a BIL 2 conformant service.
To summarise, HPC Wales has a security system which is capable of demonstrable conformance to ISO27001 standards at BIL 2 or equivalent compliancy.
If you would like to know more or discuss a project idea, get in touch.