How to migrate to a Cloud-First Zero Trust Network from a Legacy PSN

By Matthew Margetts, Director of Sales and Marketing, Smarter Technologies.

Anyone who works in technology in the UK will be familiar with the Public Services Network (PSN). The PSN is a government-backed, high-performance, interconnected network for public sector organisations.

It was established in 2008 to help public service organisations share resources and reduce duplication. Over time, however, the Internet and cloud applications have become suitable for most of the work that was previously managed by the PSN. As such, the PSN is now considered a legacy network.

In September 2019, Government Digital Service (GDS) published an update about the Future Networks for Government (FN4G) Programme, a programme supporting the public sector to migrate away from the PSN. Government says that: “Organisations should migrate to modern network solutions which offer more competitive commercial terms, greater flexibility and scalability.” 

The PSN closedown could occur as earLy as 2023, so it’s in the interest of every public sector organisation to exit the PSN as soon as possible. This leaves many organisations with the challenge of securely migrating from the PSN.

Cloud-first security

Under the UK government’s “Cloud First” policy, all public service organisations must transition away from the PSN using appropriately secure solutions. This has been critical to government digital transformation, helping departments achieve significant efficiencies by building modern services.

Frameworks to follow include: 

• Technology Code of Practice (TCoP)
• Government security guidance 
• Cloud guidance
• Legal, regulatory and policy obligations such as GDPR

Top Tips for a Secure PSN Migration 

1. Use industry-recognised procedures 

Like any IT migration or transformation, it’s not advisable to replace a legacy system such as the PSN by building your own solutions internally. A working security solution looks for ways to integrate current systems and build on the processes already in place to replace the PSN. 

2. Adhere to security standards 

Looking to the guidance offered in many of the available security standards, such as those provided by:

• International Standards Organisation
• National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) NIST CSF 
• Minimum Cyber Security Standard (MCSS)
• Cyber Essentials
• NCSC certification

3. Ensure zero trust 

Zero trust architecture design is paving the way for future networks for government departments. As a holistic approach to network security, zero trust removes inherent trust from the network. Rather than assuming internal trust, a zero trust network requires strict identity verification for every device and individual trying to access resources on a private network.

A well-tuned zero trust network architecture allows for simpler network infrastructure, an enhanced user experience and improved defence against cyber threats. 

4. Use a PSN gateway 

A PSN gateway allows you to reach back to legacy networks from the internet, allowing you to cease expensive PSN connections while still being able to access your necessary legacy applications. The service enables departments to migrate to a completely cloud-based service without disrupting day-to-day operations, giving them the time they need to fully transition at their own pace. 

Any PSN gateway should utilise a zero trust model and ensure security between sessions, users, devices and network boundaries. 

Migration in action 

Technology company Smarter Technologies worked with a UK government department to help the department become a digitally transformed organisation while incorporating disparate legacy systems and local "solutions”. The department's reliance on PSN applications was a barrier to the transformation. The goal was to help the department transition from using outdated technologies and methodologies to becoming a future-proofed department.  

Actions included:

• Choosing the right technologies to cut complexity and add agility
• Utilising a model that secures the endpoints 
• Using well-defined Identity as a Service (IDaaS) technologies that integrated with the department’s existing model
• Developing a solution that provided PSN access via a standard, internet-secured connection
• Producing transition strategies based on an agreed reference architecture
• Aligning the project with a three-year ethical phishing and awareness learning strategy
• Migrating applications and data with little or no down-time

The department was able to migrate its legacy services to a new cloud-based service with the ability to access PSN-hosted applications, reducing g legacy services and the reliance on disparate data centres and internal infrastructure while maintaining security governance and protocols. Staff also have a roadmap to reduce their exposure to phishing threats as a result of cloud-based access. 

The re-use and simplification have allowed more agility and speed around delivery, as well as the following savings:

• Retired PSN circuits - £440,000 per annum 

Third-party PSN hosting for PSN apps - £50,000 per annum 

• KOS hosting and decommissioning - £1 million per annum 
• Move to unified communication and the augmentation of contracts - £1.25 million per annum 

Strategise for security and success 

It’s estimated that by 2023, the PSN will no longer be around. There is ample time to plan a safe migration, but it’s critically important to plan a secure migration strategy. Along with meeting new Government standards, a zero-trust, cloud-first approach cuts costs, simplifies IT architecture, enables efficiencies and better working conditions, and allows departments to offer a better service.