The advent of highly scalable, easy-to-deploy technology is transforming both private and public entities – but it’s not a one-size-fits-all approach. Each organization has its own cloud journey to share. Some start with pilot projects, while others jump into mission-critical programs. Adopting the cloud doesn’t mean starting over – it’s about enhancing your existing infrastructure. In this session, learn firsthand from MTCnovo and United Kingdom Data Archive (UKDA) share on how they are using the cloud to build on their existing technologies and learning valuable lessons along the way. Speaker: Nathan Cunningham, Associate Director, Big Data, UK Data Archive Simone Hume, Business Development Manager, Amazon Web Services Chris Martin, CTO, MTCnovo Jonathan Snowball, CIO, MTCnovo

1. C L O U D F I R S T, C L O U D N AT I V E , A N D H Y B R I D :
H O W D I F F E R E N T O R G A N I S AT I O N S A R E A P P R O A C H I N G C L O U D A D O P T I O N
Simone Hume, Business Development Manager, AWS

2. Agenda
1. Cloud First, Cloud Native, and Hybrid
2. MTCnovo – Cloud First & Cloud Native
3. UK Data Services – Hybrid Cloud
4. Q&A

3. From “Cloud First” to “Cloud Native”
GDS Blog: Feb 2017 “Cloud First is the policy we've agreed, but it’s not our aspiration.”

4. AWS Alignment with Cloud Security Principles
AWS have published a
white-paper providing
guidance on alignment with
NCSC’s Cloud Security
Principles
http://d0.awsstatic.com/whitepapers/compliance/
AWS_CESG_UK_Cloud_Security_Principles.pdf

5. Many Worry There are Only Two Choices
Build a
“Private”
Cloud
Rip everything out
and move to
AWS
#1 #2

6. M T C N O V O
J O N A T H A N S N O W B A L L
C H R I S M A R T I N

7. AWS
Transformation
Jonathan Snowball
Chris Martin

8. Our business is not for the faint hearted
about

9. We can’t skimp on security
• Criticality of data
– UK data sovereignty
– Official Sensitive
– Public protection
• PSN-P

10. Our AWS Journey
Denial Vested
Interest
Exec.
CautionTier 1
MTCnovo
VPC
Allies:
AWS PSN-A MoJ
Now Cloud First
Positioned for Cloud Native
Beaumont Colson

11. Lessons
• Learn to drive; you don’t need a chauffer…
– Close alignment with business required
– Build confidence with key stakeholders; security
objection handling
– Dynamic disciplined IT governance
– Commercial options
• …but you need expert allies:
– Cloud Fundamental, Infinity Gate, AWS, PSN-A, Level 3
• Technically straightforward

12. Benefits
• Faster – easy to set up new services
• Cheaper – between 50% and 95%
• Better – resilient, secure, highly available
• Positioned for cloud native
• IT now enabler – Tableau, legacy apps, etc.

13. U K D S
N A T H A N C U N N I N G H A M
T I N A D I A M O N D

14. Hybrid Cloud for the
Social Sciences
Nathan Cunningham
Director of Research Technology
AWS Transformation Day
Public Sector - LONDON
30th October 2017

15. ENABLE
PROTECT
TRUST
SECURE
UK
Data
Service

16. Types of new “disclosive” data
(2013) OECD report on
“New Data for Understanding the Human Condition”

17. Enabling Research on Disclosive Data
Safe
outputs
• Screened and
approved outputs
that are non-
disclosive
Safe
settings
• A Secure Lab
environment
prevents
unauthorised use
Safe
people
• Researchers are
trained and
authorised to use
data safely
Safe
projects
• Research
projects are
approved by data
owners for the
public good
Safe
data
• Data is treated to
protect any
confidentiality
concerns
Is the use of the data appropriate, lawful, ethical & sensible? Safe projects
Are people likely to use if appropriately? Safe people
Is the environment in which it used appropriate? Safe settings
Is the data appropriate? Safe data
Are the outputs appropriate? Safe outputs

18. Research in a complex data landscape
Data remains safe in shared research
environment
• Enabled remote user access
• Secure Integrated systems
Examples:
• Secure Scaled Storage
• Health-RDBMs / HADOOP
• GPU based Machine Learning / HPC
• Links to Health / Bioinformatics /
Genomics / Imaging
• ONS – Secure (VML)
• Secure labs
• Aggregated data services (Data shield)
ADRCFARR
UK
Data
Service
Biobank
outcomes
ONS
SAIL
Databank
DSaaP
Big Data
Network
AWS
Public Sector / Private Cloud

19. Administrative data sources
• Tax records (UK)
• Tax credit claimants dataset
• Benefit data (UK)
• Child Benefit dataset
• Educational attainment records
• National Pupil Database
• Northern Ireland School Census
• Pupils in Scotland Census
• Welsh Pupil Level Annual School Census and Pupil
Attainment dataset
• High Education Statistical Agency student record dataset

20. Linkage is key
• Need for identifiable data – about people
• Security at scale
• Sensitivity analysis
• Disclosure Risk
• Separation Principal / TTP
• Consent / No Consent
• De-identification / Pseudonymization

21. Supporting Big Data Research
Developing a Smart Meter Research Portal (SMRP) to
provide vital access to energy data for the UK research
community.
• Project Duration: Mid-2017 to mid-2022 (£6m from
EPSRC)
The ambition of the research programme is to undertake
research that will:
• Support government policy;
• Kick-start the development of new products, services and
energy markets;
• Help provide solutions to the energy trilemma (security,
affordability and environmental sustainability);
• Facilitate better research by developing best practice guidelines
and methods to improve data security and enable innovative
uses of smart meter data.

22. Supporting Big Data Research
Research at its core depends on data, its availability, discovery, integrity and the
capability for it to be analysed. In the early 21st century research is undertaken on data
that is:
• is of an order of magnitude larger,
• more complex,
• comes from more sources,
• requires more sophisticated analysis and,
• if the research is in any way concerned with data about people, must also
confront the issues of privacy and confidentiality
SMRP will develop best practice for using smart meter data, combining expertise in
innovative data science techniques with novel approaches to research.

23. Private Cloud Challenges
Infrastructure Sprawl
Islands of investment and produces governance and
maintenance challenges.
Big data” services:
• Limited IT infrastructure resources and staff;
• Relatively little IT experience and skillsets in Hadoop or Spark;
• Increasing IT overhead for managing multiple environments;
• The need to on-board multiple user with access to their own dedicated
Hadoop/Big Data environment.
Governance and Security
• Empowering end users across multiple teams.
• Integrated data and metadata flows/modelling/services

24. Public Cloud challenges
Accreditation /
certification
Data Security as
principal design
goal
Strictly defined set
of requirements /
restrictions
How to secure data
across different
systems in
different clouds
Conceptually
require a seamless
integrated and
controllable system
Requirements from
data owners –
including secure
wipe
Geographic access
restrictions / levels
of data sensitivity
Private Cloud à
Hybrid Cloud à
Infrastructure
agnostic

25. Hybrid Cloud Approach

26. Data Services as a Platform
Data Service as a Platform (DSaaP) is an online digital
platform that will enable you to explore and analyse more
high quality social and economic data, anytime,
anywhere, in a safe and trusted environment.
http://dsaap.info/
Built and delivered in partnership with:

27. Reference Architecture of DSaaP
• Open source because we can have meaningful common
conversations with the community
• Hadoop is…..

28. Implementation Architecture of DSaaP
Preservation Platform
Deposit Platform Discovery Platform Information Platform
Access PlatformSemantic Platform
Data Platform
Services
Repository
Security
Consumers and Producers
Support
And
Maintenance

29. Secure
Safeguarded
Open
DSaaP Hybrid Service Instances
Common Service Authentication (Kerberos)
AWS
Instance
On premise
Instance
Mixed
Instance
5 Safes at Scale

30. Drivers for change (Cloud First)
• Maximise the value of ESRC infrastructure/data service
investment with a hybrid (in-house/outsource) strategy
that enable auditable data security and procedures.
• Enable cross-cutting funds to be enabled through
scalable “disclosive” data services on secure
infrastructure (e.g. Apache Hadoop, Sail Data Bank);
• Eliminate duplication to ensure the inefficient and
effective, and to ensure all available funding is directed
to support research, translation and
• Innovation on data services: establish a system that
balances autonomy and independence with cross-cutting
ability, flexibility and data governance.

31. Key approach to embed new IT strategy
• Driving IT complexity reduction to release resources to be
available for new initiatives and innovation. Scaling to tier 0,1,
2 & 3 data services with common security and governance.
• Securing a sustainable funding basis for DSaaP, Data Sail,
and HPC augmenting with winning new awards of financing,
based on a commitment to open source innovation and
asset services for science with disclosive data.
• Creating an Innovation Panel to encourage and steer
risk-taking IT service cloud native initiatives for linking
data. To scale out to UKRI / G Cloud e.g. with AWS Public
Sector Cloud. Work with Office of National Statistic (Cloudera)
• Periodic regrouping and reskilling its resources to deliver the
IT Strategy programme. E.g. Hadoop Stack, R, Scala, Python

32. Questions
njcunna@essex.ac.uk
tina@cloudwick.com
https://aws.amazon.com/solutions/case-studies/uk-data-service/
https://www.cloudwick.com/our-use-cases/aws-ukds/

33. Q U E S T I O N S ?

34. THANK YOU!

35. U P N E X T A T 2 : 3 5 P M :
M A N A G E M E N T T R A C K
( P O R T E R T U N R O O M )
T E C H N I C A L T R A C K
( Q U E E N C H A R L O T T E )
T H E P O W E R O F B I G D ATA
C L O U D E C O N O M I C S : H O W T O
Q U A N T I F Y T H E B E N E F I T S O F
M O V I N G T O T H E C L O U D