Defence Technology Principles

Principle 6 — Use the cloud first

Cloud is the preferred government technology for hosting, computing and storage

All new services should be hosted in the cloud first, based on the strategy in the Technology Code of Practice and the Digital Strategy for Defence. The Ministry of Defence uses MoDCloud.

By using cloud hosting, your service is:

  • less exposed to risk
  • cheaper to deliver
  • ready to support new technology

If your service already exists

If your application is hosted on a physical server (or on-premise), try to move it to the cloud as soon as possible. You may need to redesign the service to do this.

Using MODCloud

MODCloud is the Ministry of Defence’s secure, cloud hosting service that:

  • ensures Secure by Design
  • has built-in compliance on platforms
  • reduces the burden on digital teams

If your service is classified as OFFICIAL (including all handling caveats, such as SENSITIVE), use public hosting on MODCloud.

If your service is classified as SECRET or TOP SECRET, you must contact the MODCloud Team to discuss your hosting options. This may include private hosting on MODCloud.

If you think your service cannot be hosted in the cloud, contact the MODCloud Team.

Getting assurance for your service

We must build services, not just individual applications. This will ensure your service can be deployed on the Ministry of Defence network (MODnet).

What you should do

For new and existing services:

  • follow UK government and National Cyber Security Centre guidance and use Software as a Service (SaaS) products first if they meet requirements
  • If there is not a SaaS solution, use approved Platforms as a Service (PaaS) or Infrastructure as a Service (IaaS) if they meet requirements
  • design services which give an equally good user experience on mobile devices
  • develop architectures, where appropriate, which are:
    • modular
    • microservices-based
    • loosely-coupled
    • container-based
  • use approved technologies for orchestration (such as Kubernetes) to ensure multi-cloud portability, performance and value for money
  • make everything Secure by Design
  • assess risks to make services secure
  • follow the Cloud security guidance for projects

Updated 09 Sep 2024