From 9eb81c7aa32c0b939559bad2bedcdc50f29fa3d0 Mon Sep 17 00:00:00 2001 From: Benjamin Morgan Date: Fri, 5 Sep 2025 13:40:50 +0100 Subject: [PATCH 1/2] Flesh out georedundancy and database solutions --- .../CloudDevelopment/DataUse.md | 39 +++++++++++++++++-- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/software-engineering-policies/CloudDevelopment/DataUse.md b/software-engineering-policies/CloudDevelopment/DataUse.md index b17137f2..8692e961 100644 --- a/software-engineering-policies/CloudDevelopment/DataUse.md +++ b/software-engineering-policies/CloudDevelopment/DataUse.md @@ -21,12 +21,45 @@ Where possible, data should be georedundant. Some cloud services have this avail ## Data Sovereignty (UK datacentres only) -:thinking: +For data that is potentially sensitive either from a legal, corporate or security perspective, data sovereignty must be considered, though it may be balanced against considerations of availability and business continuity. + +When you set up storage accounts and many other resources, Azure guarantees to store data within the selected region. Limiting data to UK datacentres will help to ensure legal and regulatory compliance, reduce risk of "jurisdictional overreach", maintain public trust and provide better performance and latency within the UK. Available regions are UK South and UK West. Even with Zone Redundant Storage, there is a small risk to availability if both UK regional datacentres were to fail at once, so for high availability of non-sensitive data, full georedundancy should be considered on a case-by-case basis. + +> NB: These protections do not apply to all Azure resources, and particularly may not apply to global services such as Azure AD, Defender for Cloud, diagnostics and telemetry. There are services available to mitigate this concern by enabling data flow audits and mapping tools, but be wary, as these may come with a very high price tag. + +Azure promises to maintain data access transparency, meaning they will: + +* Never give governments access to your data without your knowledge (unless legally prohibited from doing so) +* Challenge unlawful requests +* Disclose government requests in transparency reports + +Azure complies with: + +* [UK GDPR](https://www.legislation.gov.uk/eur/2016/679/contents) and EU GDPR +* ISO/IEC 27001, 27017, 27018 +* NHS DSP Toolkit, UK Cyber Essentials Plus +* Financial regulations from the FCA, Bank of England, etc. + +Microsoft is a US company, and is subject to laws such as the [US Cloud Act](https://www.congress.gov/bill/115th-congress/senate-bill/2383/text), which may conflict with these goals However, they have demonstrated a willingness to challenge requests that conflict with local laws as set out in their article on [Defending Your Data](https://blogs.microsoft.com/on-the-issues/2020/11/19/defending-your-data-edpb-gdpr/). + +> Recommendation: Especially sensitive data that cannot be disclosed to foreign governments (including the US) should be kept on premises only. For anything else, favour UK Datacentres where possible. Exercise due diligence and always comply with GDPR rules whether data is stored at home or abroad. + +> NB: Azure Government (US) or Azure Germany are specialised sovereign cloud environments, but there is currently no equivalent for the UK. ## Recommended / supported database solutions -WIP +At the UKHO, we should always choose solutions that support encryption at rest and in transit, whilst providing highly available, performant access to our data. + +Currently, the UKHO recommends the following data management systems: +* Microsoft SQL Server + - as a standard Relational Database Management Solution +* Cosmos DB + - for non-relational (document based) data + +Both of these services are widely used, and offer a good range of modern features including encryption at rest and in transit. + +Oracle DB is currently used by some teams in the UKHO, but is not specifically recommended. SQLite and PostgreSQL have also been used at the UKHO, but are currently not recommended for production systems. -* Support encypt at rest and transit +The UKHO has a wide community of experienced software engineers using a range of database solutions. However, a good resource to consider when selecting a technology is the [UKHO Tech Radar](https://techradar.ukho.gov.uk/) which aims to track both which technologies are being adopted or abandoned, and where you might find expertise around specific technologies. [Back to main Readme](README.md) From 6153ea6cb02642f090dc7e607b1a3074fc314013 Mon Sep 17 00:00:00 2001 From: Benjamin Morgan Date: Fri, 5 Sep 2025 14:11:03 +0100 Subject: [PATCH 2/2] fix: Tweak bullet list for .md check --- software-engineering-policies/CloudDevelopment/DataUse.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/software-engineering-policies/CloudDevelopment/DataUse.md b/software-engineering-policies/CloudDevelopment/DataUse.md index 8692e961..ca9ffe47 100644 --- a/software-engineering-policies/CloudDevelopment/DataUse.md +++ b/software-engineering-policies/CloudDevelopment/DataUse.md @@ -51,10 +51,11 @@ Microsoft is a US company, and is subject to laws such as the [US Cloud Act](htt At the UKHO, we should always choose solutions that support encryption at rest and in transit, whilst providing highly available, performant access to our data. Currently, the UKHO recommends the following data management systems: + * Microsoft SQL Server - - as a standard Relational Database Management Solution + * as a standard Relational Database Management Solution * Cosmos DB - - for non-relational (document based) data + * for non-relational (document based) data Both of these services are widely used, and offer a good range of modern features including encryption at rest and in transit.