Steve Jones - SSC Editor (4/29/2014)
Alex Gay (4/29/2014)
There is no way that we in the NHS could use cloud computing in general, or Azure in particular, especially for databases that contain patient data. The risks of unauthorized access is too high to begin with and when you add to that the fact that a US judge could order Microsoft to grant access to your data (see here http://www.theregister.co.uk/2014/04/28/us_judge_digital_search_warrants_apply_everywhere/), we wouldn't be able to guarantee the required level of data security. The ISC (Information Security Commission) would gut us, it would probably cost more in fines for breach of patient data security than we would save in licensing and hardware, which is the point of the legislation.Don't bet on that. Amazon succeeded in getting many US governments into clouds, by building separate data centers and locating them in the US. It's possible we'll see an Azure government cloud located in the UK, for UK customers.
This might work if it was an Amazon UK subsidiary, and wholly owned and registered in the UK, away from the problems of the US Courts attempts to overreach their bounds. There is already a site that lists those companies and services that are already authorized for use by UK Government (G-Cloud springs to mind).
We also make use of services supplied from offsite data centers, but they tend to be hosted, and controlled, by the supplier of the software system and we don't have the administration rights that you get with a true cloud service, and have to ask them to supply us with an extract of our own data, usually at additional cost, if we want to move to a new solution. So this isn't really the same thing as a true cloud service where you would hire processing and storage capacity to use for whatever you want.