The Guardian: 'Our sources are safer in the cloud'

'Moving to AWS has been positive for security and forced us to think about it in a way we didn't think about it before,' says Graham Tackley, director of data technology

Deploying cloud infrastructure using Amazon Web Services (AWS) has forced The Guardian newspaper to look at its data security practices in a way that it didn't before, and the move has arguably made confidential information and sources more secure than they were before.

That's what Graham Tackley, director of data technology at The Guardian, told the audience during a panel session at Amazon's AWS Enterprise Summit in London today.

The newspaper operates much of the infrastructure for its website - the third most read English newspaper language website in the world - on AWS and was aware that any data stored in the cloud had to be secure.

Initially, Tackley explained, there was a lot of concern, particularly from editorial staff, about the security of storing information in the cloud.

"A lot of our journalism can attract the interest of the security services, so we're very keen to ensure that our sources don't get revealed," he explained, in a thinly-veiled reference to Edward Snowden government surveillance revelations initially published by The Guardian.

"So initially, especially within editorial, there was a fear that moving to AWS would somehow mean we're putting things at risk," Tackley added.

However, he explained that when The Guardian was using its own internal data centres to store this information, it was more or less assuming that the data would be safe, without considering the possibility it could be accessed by outside agencies.

"In reality, we were quite happily doing stuff in our own data centre and sitting their comfortably believing that we were fine within our own building," Tackley said.

"We had a backup data centre with a fibre-optic link between them; we never inspected the entire length of that fibre-optic link, so as far as we were concerned, actually, there was plenty of opportunity for people to intercept the journalism that we were producing, but we didn't think about it that hard because it was our own infrastructure," he told the audience.

"When we moved it to AWS, what that did was force us to think about it; actually, where do we need to encrypt this, how do we set up our security in an appropriate way so actually even if Amazon wanted to reveal this without us knowing - they promised not to - but if they did do that, then they can't do it," he said.

"We had a productive conversation over time regarding concerns about editorial with the commercial and legal sides of Amazon helping to reassure us," Tackley continued.

"That's one thing about security, moving to AWS has been a really positive thing because it's forced us to think about it in a way we didn't think about it before," he added.

Speaking on the same panel, Dave Rogers, head of technology at Ministry of Justice Digital, also described cloud infrastructure as more secure than traditional data centres.

"Start engaging with the idea that the cloud can be considerably more secure than your own data centre and start engaging with the risks that are building in the spaces," he told the audience.

Earlier at the event, Mark Hall, director of global IT operations at Aviva, described how cloud infrastructure is "absolutely at the heart" of Aviva's business strategy to become a "digital-first insurer" as it seeks to speed development and cut costs.