ArcGIS Security Authorization Advancements
|
|
- Maud Newman
- 8 years ago
- Views:
Transcription
1 Federal GIS Conference February 9 10, 2015 Washington, DC ArcGIS Security Authorization Advancements Michael Young & Erin Ross
2 Overview Authorization Past & Present Products - ArcGIS Server - ArcGIS Desktop Solutions - ArcGIS Online - Esri Managed Cloud Services - New FedRAMP Moderate Option Summary
3 Authorization Historical Issues Every implementation undergoes separate security authorization processes Federal and Defense utilized different frameworks - Authorization (based on risk) vs. certification Standard geospatial system security configurations not agreed upon by government Above items drive deployment delays, stability, and issue reproduction problems - E.g. Mitigating measures, waivers, policy refresh outages, and unable to reproduce issues
4 Authorization FISMA Federal Information Security Management Act (FISMA) All production US Federal government systems must be compliant/authorized - Enforced by the inspector general s office of each agency - References NIST Security Controls spanning 17 families including: - Access Control, Training, Auditing, Maintenance, Integrity, Acquisition, Personnel Three categorization levels - Low Non-sensitive information (100+) - Moderate Sensitive information (300+) - High Most sensitive information (350+) Step 1 Categorize Information Collect System Information Perform Privacy Analysis Categorize System Solutions are authorized, not individual products - Datasets and workflows are part of the accreditation Step 2 Select Security Controls Identify Common Controls Select Remaining Controls Tailor and Document in SSP Step 3 Implement Security Controls Implement Security Controls Update the SSP Develop CP, CMP and IRP Step 3 Concurrency Review Step 4 Concurrency Review Step 4 Assess Security Controls Develop Test Plan Assess Security Controls Develop Reports and POA&Ms Step 5 Authorize Security Controls Develop ATO Package AO Reviews POA&M and Risk AO Signs ATO / Denial of Operation Step 6 Monitor Security Controls Monitor for Major Changes Remediate POA&M Items Continuous Monitoring of Controls ArcGIS Online s Low Accreditation Aligns Well with Hybrid Deployments
5 Authorization FedRAMP Relatively new authorization process aligning with FISMA law Provides a stronger foundation of reciprocity for cloud based offerings Same NIST security controls with additional ones added for cloud Security control baselines in place now for Low and Moderate, draft of High released Jan 2015 Cloud.CIO.gov Excellent Resource for FedRAMP Details
6 Authorization Federal and Defense Security Strategy is Evolving Federal - FISMA -> FedRAMP - Drives improved efficiency of Federal security authorization process for cloud offerings Defense - DIACAP -> Risk Management Framework - Drives improved efficiency of defense and federal departments operating off a common framework and set of baseline security controls
7 Authorization Esri s Security Strategy is Evolving Enterprise Solution Product Isolated Systems Integrated Systems ArcGIS Cloud 3 rd Party Security Embedded Security Managed Security
8 Authorization Levels of authorization across software and systems Product Based Initiatives - ArcGIS Server - ArcGIS Desktop Solution/Service Based Initiatives - ArcGIS Online - Esri Managed Cloud Services
9 Product Based Security Initiatives ArcGIS Server & Desktop
10 Product Based Security Initiatives ArcGIS Server DISA STIG Sponsored by government to work with DISA - Create a Security Technical Implementation Guides (STIGs) - Non-FOUO therefore information will be publically accessible - First STIG will be Windows based ArcGIS Server Other STIGs will be performed based on demand Expected completion by Esri International User Conference July 2015 Post STIG completion - STIG will be an input for an ArcGIS Server Security Hardening guide for general distribution - Enterprise component integration testing and best practice recommendations incorporated
11 Product Based Security Initiatives DISA STIG Creation Process Draft STIG Settings Provided to DISA Undergoing SME Review
12 Product Based Security Initiatives ArcGIS Server Planned STIG Configuration Legend Microsoft Component TCP 443 Web Application Firewall SIEM Log Agent ArcGIS Component Non-Specific Vendor Component Privileged User User TCP 443 TCP 443 Windows Integrated Authentication Accept Client Certificates (PKI) Windows Integrated Authentication Accept Client Certificates (PKI) IIS IIS SIEM Log Agent Web Adaptor (Admin) Web Adaptor (User) SIEM Log Agent AD TCP 6443 TCP 6443 AD SIEM Log Agent ArcGIS Server Site SMB CIFS Config-Store SIEM Log Agent AD SMB CIFS File Store SIEM Log Agent RDBMS Ports RDBMS SIEM Log Agent
13 Product Based Security Initiatives ArcGIS Server Awareness of Relative Risk Security hardening best practices provide insights into relative risk of different services, and optional mitigation measures to reduce risk Service Map Map Feature Feature Feature Geocoding Geodata Geodata Geodata Geoprocessing Image Image Image Relative Service Risk Capability Mapping Query Read Edit Sync Geocode Query Data Extraction Replica Geoprocessing Imaging Edit Upload Default when Enabled Security Hardened Security Hardened Settings Red = Higher risk Yellow = Average risk Green = Low risk Providing new insights
14 Product Based Security Initiatives Desktop Esri performs self-certification of desktop products - Ensures smooth deployments within security constraints of systems - ArcGIS Desktop with all extensions is primary focus - Typically completed within 6 months of product release FDCC - Federal Desktop Certified Configuration - Versions Deprecated due to Windows XP focus USGCB - United States Government Configuration Baseline - Versions ArcGIS Pro (Expected Q1 2015) Eases your desktop deployment headaches
15 Solutions Based Security Initiatives
16 Solutions Based Security Initiatives Federal Geospatial Cloud Security Compliance Roadmap 2002 FISMA Law Established Required security baselines for Federal systems Feb 2010 Kundra Announces FedRAMP Security Working Group concept announced May 2013 First Agency Authorization HHS Issues ATO to Amazon June 2014 OMB FedRAMP Mandate FedRAMP now required for all cloud solutions covered by policy memo Planned ArcGIS Online FedRAMP Authorization Aug 2005 Esri GOS2 FISMA Authorization DOI Issues ATO to Esri May 2010 Esri Participates in First Cloud Computing Forum Esri begins active involvement in cloud standards & security programs Dec 2011 Esri Federal Cloud Computing Security Workshop Esri works with Agencies & FedRAMP to plan SaaS Compliance June 2014 ArcGIS Online FISMA Authorization USDA Issues ATO to Esri Jan 2015 EMCS FedRAMP Compliant Signoff by FedRAMP Director Planned for 2015 ArcGIS Online Hosted Feature Services Authorization DOI working with Esri towards Authorization Esri has actively participated in hosting and advancing secure compliant solutions for over a decade
17 Solutions Based Security Initiatives Esri Corporate Operations Compliance ISO Esri s Corporate Security Charter Privacy Assurance - US EU/Swiss SafeHarbor self-certified - TRUSTed cloud certified SSAE 16 Type 1 Previously SAS 70 - Esri Data Center Operations - Expanded to Managed Services in 2012
18 Solutions Based Security Initiatives ArcGIS Online Cloud Infrastructure Provider Compliance ArcGIS Online Utilizes World-Class Cloud Infrastructure Providers - Microsoft Azure - Amazon Web Services Cloud Infrastructure Security Compliance SSAE16 SOC1 Type2 Moderate
19 Solutions Based Security Initiatives Mind the Authorization Gap Common misconception - A cloud providers authorization should be good enough to meet Agency security requirements Useful facts - The majority of vulnerabilities are at the application level - Cloud providers IaaS authorizations don t cover the applications, or even operating system Result - There is a significant security authorization gap
20 Solutions Based Security Initiatives Options for Addressing the CSP Authorization Gap Generalized Expert Provider - Equivalent to service provider middleware - Lack of depth with advanced API services such as ArcGIS increases both security/availability risks Application Expert Provider - Obtain solutions that incorporate security infrastructure having their own FISMA or FedRAMP compliance that layers on top of the CSP FedRAMP Authorization - Examples - ArcGIS Online and Esri Managed Cloud Services Tunnel - Establish tunnel between on-premises security infrastructure and cloud deployment Do-It-Yourself - Establish your own security infrastructure in the cloud to use with applications Ostrich - Stick head in sand and pretend not a big deal (not recommended)
21 Solutions Based Security Initiatives Responsibility Across ArcGIS Deployment Options On-premises Esri Images & Cloud Builder Esri Managed Cloud Services FedRAMP Moderate Compliant ArcGIS Online FISMA Low ATO ArcGIS Server ArcGIS Server ArcGIS Server ArcGIS Online OS/DB/Network OS/DB/Network OS/DB/Network OS/DB/Network Security Infrastructure No Security Infrastructure by default Security Infrastructure Security Infrastructure Esri Compliance & ATO Scope Virtual / Physical Servers Cloud Infrastructure (IaaS) Cloud Infrastructure (IaaS) Cloud Infrastructure (IaaS) IaaS ATO Scope Customer Responsibility Esri Responsibility CSP Responsibility
22 Solutions Based Security Initiatives ArcGIS Online Assurance Layers Customer Web App Consumption ArcGIS Management Esri Web Server & DB software AGOL SaaS FISMA Low (USDA) SafeHarbor (TRUSTe) Operating system Instance Security Management Cloud Provider ISO SSAE16 FedRAMP Mod Cloud Providers Hypervisor Physical
23 Solutions Based Security Initiatives ArcGIS Online Federal Use Cases in FISMA Authorization Use Case 1 Public Dissemination - Publish tiles for fast, scalable visualizations - Share information with the public Agency Authoritative Source - Can be used for mashing up services with external non-ssl sites Tiles Public Consumers Use Case 2 USG Operations - Hybrid deployment of ArcGIS Server and ArcGIS Online - Share operational data within or between agencies Agency Consumer - Sensitive data maintained on Agency premises or other authorized environment - ArcGIS Online operates as a discovery portal - Utilize Enterprise Logins Agency Publisher Server Metadata ArcGIS Online
24 Solutions Based Security Initiatives ArcGIS Online Meeting security needs with Hybrid deployments Users Apps Anonymous Access On-Premises Ready in months/years Behind your firewall You manage & certify Esri Managed Cloud Services Ready in days All ArcGIS capabilities at your disposal in the cloud Dedicated services FedRAMP Moderate ArcGIS Online Ready in minutes Centralized geo discovery Segment anonymous access from your systems FISMA Low... All models can be combined or separate
25 Solutions Based Security Initiatives ArcGIS Online Value Proposition of FISMA Low offering Outreach and collaboration - Provision of USG non-sensitive content to public, more sensitive content to authorized groups - Easy content discovery (via single metadata catalogue) and integration Flexibility and agility - Rapid stand-up of new content/services, accommodate surge Efficiency - Avoid development/implementation of one-off systems - Off-load systems operations onto more cost effective platform(s)
26 Solutions Based Security Initiatives ArcGIS Online Authorization efforts going forwards Other agencies are pursuing ArcGIS Online Authorization - DoI is looking into supplementing their Authorization with Hosted Feature Services - EPA & NOAA are also actively pursuing authorization FedRAMP Agency-based Authorization - Low or Moderate based on feedback being gathered from customers now - Is supplementing ArcGIS Online s Low authorization, with a hybrid implementation combining EMCS moderate compliance, adequate for the majority of use-cases? Further discussion in Panel session on Tuesday - Panel being lead by DOI, with EPA and the FedRAMP Director from GSA - Tuesday 2:45pm Room 102B Join us for shaping our future authorization plans
27 Solutions Based Security Initiatives ArcGIS Online How can agencies obtain necessary assurance to authorize? ArcGIS Platform Authorization Briefing flyer available during Tuesday panel session ArcGIS Online - Esri can share current FISMA authorization materials with agencies under NDA - Contact SecureSoftwareServices@Esri.com Esri Managed Cloud Services (EMCS) - Materials available through FedRAMP Repository Public Info - Trust.ArcGIS.com - Privacy, SLA, Terms of Service, Availability trends, and best practices available - Answers to the most common cloud security questions about ArcGIS Online are addressed in the Cloud Security Alliance matrix
28 Esri Managed Cloud Services Erin Ross
29 What is Esri Managed Cloud Services? Esri cloud GIS experts supporting customer apps & data in the cloud
30 ArcGIS Online and Esri Managed Cloud Services Users Desktop Web Mobile ArcGIS Online Online Basemaps Geocoding, Routing Hosted Feature & Tile Map Services App Templates Esri Managed Cloud Services Custom Web Apps GP, Reporting Services Imagery, Large Datasets Dynamic Map Services RDBMS (Oracle, SQL Server) ArcGIS Online front-end, Managed Cloud Services back-end
31 What is included? Provide Cloud-based GIS infrastructure support, including: - Enterprise system design - Infrastructure management - Software (Esri & 3 rd Party) Installation, updates and patching - Application deployment - Database management - 24/7 support and monitoring
32 Benefits of Esri Managed Cloud Services Increase efficiency and business focus High availability, quality and performance Reduce internal costs Preserves data integrity, privacy and availability Increase usage and productivity Cloud GIS experts managing your critical apps and content
33 How is it delivered? Available on GSA
34 Basic Packages Sandbox Ready to use cloud instance of ArcGIS for Server Remote access provided to user Ideal for development, prototyping...
35 Standard, Advanced, Advanced Plus Packages Esri loads, publishes and deploys on behalf of customer 24/7 system monitoring and support Ideal for production systems (internal or public facing) Staging Production Test Dev
36 Esri Managed Cloud Services Use Cases
37 USGS Historical Topographic Maps More than 175,000 topographic maps published by the USGS since TB data x 2 for redundancy 1.6 million hits during Esri User Conference Consumed by several apps; premium service available in ArcGIS Online
38 Power Outage Viewers Highly available, scalable systems ready to perform during major events Frequent, automated data updates Bringing critical outage information to the general public
39 Constellation Brands Improve sales by leveraging tools to drive volume and revenue 4 th of July deadline 2.7M records updated 2x / week via scripted tools Equipping staff with valuable information to increase sales
40 Who else uses Esri Managed Cloud Services? Manage over 500 servers, many TB of data 80+ customers Leveraged across many sectors
41 EMCS FedRAMP Moderate Option Michael Young
42 EMCS FedRAMP Moderate Option Why did Esri pursue FedRAMP Compliance? - Demand - Customers demanded FedRAMP compliance before rolling out future production operations - Risk - Customer risk increasing rapidly without security infrastructure - Mandate - OMB mandate all low and moderate impact cloud services leveraged by more than one office or agency must comply with FedRAMP requirements Accelerates Review and Acceptance of Cloud Based Services
43 EMCS FedRAMP Moderate Option FedRAMP Government Entities & Process Cross Government Support & Standardized RMF Process
44 EMCS FedRAMP Moderate Option Documentation FIPS 199 Control Implementation Summary (CIS) System Security Plan (SSP) Information System Security Policies User Guide E-Authentication Template Privacy Threshold Analysis (PTA) Rules of Behavior (ROB) IT Contingency Plan Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M) Policies and procedures Business Impact Analysis Configuration Management Plan Incident Response Plan Interconnection Security Agreement (ISA / MOU) Penetration Test Plan 1000 s of pages ensuring rigorous security
45 EMCS FedRAMP Moderate Option Assessment Cloud Security Assessor Veris Group - Third Party Assessment Organization (3PAO) accredited by FedRAMP - 1 st to successfully inspect FedRAMP CSP Supplied, JAB, and Agency Approved Solutions - 5 month engagement - Three months of active Technical and Documentation assessments - System level scans - Web Interface scans - Database scans - Penetration testing FedRAMP Advisor Relevant Technologies - Laura Taylor - Wrote the initial Guide to Understanding FedRAMP Great advisors and skilled assessors keep the effort focused
46 EMCS FedRAMP Moderate Option Authorization 3 Baseline Security Control Levels - Low, Moderate*, High in draft 3 Status Levels - Ready, In Process, Compliant* 3 FedRAMP Authorization Levels - Cloud Service Provider (CSP) Supplied* - Agency Authorization To Operate (ATO) - Joint Agency Board (JAB) Provisional Authority To Operate EMCS is - FedRAMP Moderate - FedRAMP Compliant - CSP Supplied offering EMCS CSP Supplied Package can be consumed by your Agency
47 EMCS FedRAMP Moderate Option Continuous Monitoring FedRAMP Reporting Workflow Monitoring Workflow Ensures maintenance of acceptable risk posture
48 EMCS FedRAMP Moderate Option Security Infrastructure Most government systems - Require moderate security baseline controls Most geospatial information sets - Only require low baseline controls - ArcGIS Online Low FISMA is adequate for many customer use cases EMCS FedRAMP Infrastructure Design Goals - Consumable by the widest range of customers - Amazon East-West Regions Not limited to GovCloud - Drive down customer expenses for secure, compliant geospatial services - Customer s can choose level of multi-tenancy vs dedicated services they are comfortable with - Meet and exceed current rigorous FedRAMP requirements for cloud services - First geospatial platform to be compliant with FedRAMP Rev 4 requirements A balance of robust security and business requirements drove infrastructure choices
49 EMCS Security Infrastructure AWS Customer Infrastructure Active/Active Redundant across two Cloud Data Centers End Users Public-Facing Gateway Web Application Firewall WAF ArcGIS for Portal DMZ Security Ops Center (SOC) Security Service Gateway Intrusion Detection IDS / SIEM ArcGIS Server Cloud Infrastructure Centralized Management Backup, CM, AV, Patch, Monitor Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Bastion Gateway MFA Relational Database File Servers Authentication/Authorization LDAP, DNS, PKI Dedicated Customer Application Infrastructure Common Security Infrastructure Esri Administrators Esri Admin Gateway Cloud Infrastructure Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Common Cloud Infrastructure Legend Agency Application Cloud Provider Security
50 EMCS FedRAMP Moderate Option How do I get started? Express an interest in service offering and let your security team know EMCS is FedRAMP compliant Agency Authorized FedRAMP Approver can facilitate download and review of FedRAMP package for If you are unsure of your FedRAMP approver the FedRAMP PMO: info@fedramp.gov What else is available outside FedRAMP repository? - Cloud Security Alliance (CSA) answers for EMCS coming Complete Agency Authority To Operate (ATO) - Utilize pre-existing EMCS and AWS FedRAMP moderate docs Simplifies obtaining an ATO for your organization
51 Summary
52 Summary Resources Available for Agency Review Cloud infrastructure provider - SSAE16 and ISO Report available from cloud providers under NDA FedRAMP Repository - EMCS FedRAMP Moderate Compliance Package - Cloud Service Provider FedRAMP Moderate Packages Esri - SSAE16 for Esri Datacenter Operations - System Security Plan (SSP) Agency references removed - Reports available from Esri under NDA - Cloud Security Alliance (CSA) Answers Publically Available
53 Summary Solution/Services Accreditation Roadmap ArcGIS Online FISMA Low Accreditation - Agency Authorization June 6, 2014 Esri Managed Cloud Services (EMCS) FedRAMP Moderate Compliance - CSP Supplied Compliant Package Authorized January 29, Establishes validated secure clouds deployment patterns - Documentation and assessment materials enable FISMA or FedRAMP authorization - Initially AWS based, other cloud providers based on demand Upcoming ArcGIS Online FedRAMP Agency Authorization - Cross-cloud provider authorization Azure/AWS - Includes hosted feature services
54 Summary Esri is working with security leaders to create standardized security hardened deployment guidance for our customers Esri self-certifies desktop based products to ensure alignment with Federal security configurations ArcGIS Online is FIMSA Low authorized and we can work with you to support your Agency s authorization Join the Tuesday Panel session to solidify your authorization roadmap Esri will be pursuing FedRAMP authorization for ArcGIS Online New Esri Managed Cloud Services FedRAMP moderate compliant option ready for your agency to review and authorize Information readily available on Trust.ArcGIS.com We welcome your feedback concerning any authorization needs or gaps not addressed in this presentation
55 Summary Where do I go for more information? Trust.ArcGIS.com is no longer limited to primarily ArcGIS Online information NEW site expansion rolled out this past weekend - Server, Desktop, Mobile, ArcGIS Online and even the new EMCS FedRAMP compliant offering
56 Federal GIS Conference February 9 10, 2015 Washington, DC Don t forget to complete a session evaluation form!
57
Esri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationArcGIS and Enterprise Security
ArcGIS and Enterprise Security Leveraging ArcGIS in Cybersecurity Ken Stoni Secure Enterprise ArcGIS Best Practices Michael Young Visualizing the Virtual: A geospatial approach to cyber operations and
More informationDeploying ArcGIS for Server Using Esri Managed Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Deploying ArcGIS for Server Using Esri Managed Services Andrew Sakowicz Erin Ross Cloud Overview Deploying ArcGIS for Server What is Cloud:
More informationDeploying ArcGIS for Server Using Managed Services
Deploying ArcGIS for Server Using Managed Services Andrew Sakowicz Erin Ross Sridhar Karra Agenda Introduction Program Overview - Overview - Methodology - Tools Customer Deployments - Architecture and
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young
ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies Michael E. Young Agenda Introduction ArcGIS Cloud Capabilities ArcGIS Online (SaaS) Security ArcGIS Cloud Providers ArcGIS IaaS Security
More informationDesigning an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain
Designing an Enterprise GIS Security Strategy 2014 Michael E. Young Matt Lorrain Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud Compliance Summary Introduction What is a secure GIS?
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationFederal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationFedRAMP Government Discussion Matt Goodrich, FedRAMP Director
FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14, 2015 [classification marking] PAGE FedRAMP Overview Ensuring Secure Cloud Computing FedRAMP was established via OMB Memo in December
More informationEnterprise GIS Architecture Deployment Options. Andrew Sakowicz
Enterprise GIS Architecture Deployment Options Andrew Sakowicz Audience Audience - Architects - Developers - Administrators - Project Managers Level: - Beginner / Intermediate Introduction Andrew Sakowicz
More informationFedRAMP Standard Contract Language
FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal
More informationPortal for ArcGIS. Satish Sankaran Robert Kircher
Portal for ArcGIS Satish Sankaran Robert Kircher ArcGIS A Complete GIS Data Management Planning & Analysis Field Mobility Operational Awareness Constituent Engagement End to End Integration Collect, Organize,
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationDeploying ArcGIS for Server using Managed Services
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Deploying ArcGIS for Server using Managed Services Erin Ross Andrew Sakowicz Esri UC2013. Technical cal
More informationUsing ArcGIS for Server in the Amazon Cloud
Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder
More informationFISMA Cloud GovDataHosting Service Portfolio
FISMA Cloud Advanced Government Oriented Cloud Hosting Solutions Cyber FISMA Security Cloud Information Security Management Compliance Security Compliant Disaster Recovery Hosting Application Cyber Security
More informationFedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO
FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO www.fedramp.gov www.fedramp.gov 1 Today s Training Welcome to Part Four of the FedRAMP Training Series:
More informationDoD Cloud Computing Security Requirements Guide (SRG) Overview
DoD Cloud Computing Security Requirements Guide (SRG) Overview 1 General SRG Information Released 12 January 2015 Version 1, release 1 Provides comprehensive security guidance for components (missions)
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationSecurity Authorization Process Guide
Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationRisk Management Framework (RMF): The Future of DoD Cyber Security is Here
Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003
More informationRunning Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments
Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments Working in Partnership Today s Presenters Working in Partnership Paul Calvert IT Services Solution Line Director
More informationVIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS
VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables
More informationIntro to Web App Builder. Mark Scott, Solutions Engineer, Esri County Government Team mscott@esri.com
Intro to Web App Builder Mark Scott, Solutions Engineer, Esri County Government Team mscott@esri.com The ArcGIS Platform enables Web GIS Enabling GIS Everywhere Desktop Web Device Simple Integrated Open
More informationDesigning an Enterprise GIS Security Strategy
Esri International User Conference San Diego, California Technical Workshops July 26, 2012 Designing an Enterprise GIS Security Strategy Michael E Young Agenda Introduction Strategy Trends Mechanisms ArcGIS
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationHow To Use Arcgis For Free On A Gdb 2.2.2 (For A Gis Server) For A Small Business
Esri Middle East and Africa User Conference December 10 12 Abu Dhabi, UAE Understanding ArcGIS in Virtualization and Cloud Environments Marwa Mabrouk Powerful GIS capabilities Delivered as Web services
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationArcGIS for Server: In the Cloud
DevSummit DC February 11, 2015 Washington, DC ArcGIS for Server: In the Cloud Bonnie Stayer, Esri Session Outline Cloud Overview - Benefits - Types of clouds ArcGIS in AWS - Cloud Builder - Maintenance
More informationIntroduction to Web AppBuilder for ArcGIS: JavaScript Apps Made Easy
Introduction to Web AppBuilder for ArcGIS: JavaScript Apps Made Easy OKSCAUG Pamela Kersh September 22, 2015 The ArcGIS Platform enables Web GIS Enabling GIS Everywhere Desktop Web Device Simple Integrated
More informationPortal. from the trenches!
from the trenches! Deployment Patterns Scaling and High Availability Reference Implementations Common Challenges Extending Engagement patterns Esri UC 2014 Technical Workshop for ArcGIS Technology Transfer
More informationAppendix C Pricing Index DIR Contract Number DIR-TSO-2724
Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers
More informationCloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013
From Science to Solutions Cloud Computing Cluster Introduction to Cloud Computing Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 Senior IT Strategist SAIC What is Cloud Computing? Cloud
More informationNOTICE: This publication is available at: http://www.nws.noaa.gov/directives/.
Department of Commerce National Oceanic & Atmospheric Administration National Weather Service NATIONAL WEATHER SERVICE INSTRUCTION 60-703 23 April 2013 Information Technology IT Security VULNERABILITY
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationWhy Migrate to the Cloud. ABSS Solutions, Inc. 2014
Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationPetroleum Web Applications to Support your Business. David Jacob & Vanessa Ramirez Esri Natural Resources Team
Petroleum Web Applications to Support your Business David Jacob & Vanessa Ramirez Esri Natural Resources Team Agenda Petroleum Web Apps to Support your Business The ArcGIS Location Platform Introduction
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationInformation Assurance in the Cloud
Information Assurance in the Cloud The Status of FedRAMP, April 2013 AGA - Montgomery/Prince George s Chapter cliftonlarsonallen.com Session Outline 1. Cloud Services in Federal Government The Opportunity
More informationADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015.
ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015. This addendum is applicable to each purchase order that is subject to the State of Maryland s contract number 060B2490021-2015.
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationIntel IT Cloud 2013 and Beyond. Name Title Month, Day 2013
Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the
More informationThe Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative
The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative September 2014 Council of the Inspectors General on Integrity and Efficiency Cloud Computing Initiative Executive
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationSecurity Language for IT Acquisition Efforts CIO-IT Security-09-48
Security Language for IT Acquisition Efforts CIO-IT Security-09-48 Office of the Senior Agency Information Security Officer VERSION HISTORY/CHANGE RECORD Change Number Person Posting Change Change Reason
More informationSecurity Control Standard
Department of the Interior Security Control Standard Maintenance January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information Officer
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationFedRAMP Master Acronym List. Version 1.0
FedRAMP Master Acronym List Version 1.0 September 10, 2015 Revision History Date Version Page(s) Description Author Sept. 10, 2014 1.0 All Initial issue. FedRAMP PMO How to Contact Us For questions about
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationPortal for ArcGIS: An Introduction
2013 Esri Mid-Atlantic User Conference December 10-11 Baltimore, MD Portal for ArcGIS: An Introduction Derek Law Esri, Redlands Agenda Web GIS Deployment patterns Portal for ArcGIS overview Security Integration
More informationSoftware AG and the AWS cloud. Past, Present and Best Practices. Jonathan Madamba Director, Solution Cloud John Fitzgerald Director, Product Marketing
Software AG and the AWS cloud Past, Present and Best Practices Jonathan Madamba Director, Solution Cloud John Fitzgerald Director, Product Marketing Agenda How Software AG Uses The cloud Software AG s
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCloud Assessments. Federal Computer Security Managers Forum. John Connor, IT Security Specialist, OISM, NIST. Meeting.
Cloud Assessments SaaS Email Working Group John Connor, IT Security Specialist, OISM, NIST Meeting August, 2015 Background Photo - JILA strontium atomic clock (a joint institute of NIST and the University
More informationCONTENT OUTLINE. Background... 3 Cloud Security... 3. Instance Isolation:... 4. SecureGRC Application Security... 5
Page 2 Disclaimer THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF THE LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET
More informationScott Moore, Esri April 4, 2016 2016 Intermountain, Great Falls, MT
Create Great Web Apps No Coding Required Scott Moore, Esri April 4, 2016 2016 Intermountain, Great Falls, MT Agenda Product overview Web AppBuilder for ArcGIS tour What s New November 2015 ArcGIS Online
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationMicrosoft Azure. White Paper Security, Privacy, and Compliance in
White Paper Security, Privacy, and Compliance in Security, Privacy, and Compliance in Executive Summary The adoption of cloud services worldwide continues to accelerate, yet many organizations are wary
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationAWS Worldwide Public Sector
15 Minute Introduction to AWS and Q&A April 2015 Mark Fox Sr. Manager DoD Sales I love/hate relationship with the term cloud Now the IT norm Commercial Cloud should not be scary nor considered less secure
More informationCloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent
Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012
More informationDLT Solutions and Amazon Web Services
DLT Solutions and Amazon Web Services For a seamless, cost-effective migration to the cloud PREMIER CONSULTING PARTNER DLT Solutions 2411 Dulles Corner Park, Suite 800 Herndon, VA 20171 Duane Thorpe Phone:
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationSecuring Amazon It s a Jungle Out There
ANALYST BRIEF Securing Amazon It s a Jungle Out There PART 1 CONTROLS AND OPTIONS OFFERED BY AMAZON Author Rob Ayoub Overview Infrastructure as a service (IaaS) is a foundational component of modern cloud
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationGuide to Understanding FedRAMP. Guide to Understanding FedRAMP
Guide to Understanding FedRAMP Version 1.0 June 5, 2012 Executive Summary This document provides helpful hints and guidance to make it easier to understand FedRAMP s requirements. The primary purpose of
More informationSecurity Practices, Architecture and Technologies
Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1 CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture...
More informationCost effective methods of test environment management. Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA
Cost effective methods of test environment management Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA 2013 Agenda Basic complexity Dynamic needs for test environments Traditional
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationHow to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing
How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov
More informationThe Webcast will begin at 1:00pm EST. www.gig-werks.com
SharePoint 2013 & SharePoint Online Security, Compliance & ediscovery The Webcast will begin at 1:00pm EST Today s Presentation: Introduction & About Gig Werks Gig Werks Experience with SharePoint Office
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationHow To Cloud Compute At The Cloud At The Cyclone Center For Cnc
Cloud Computing at CDC Current Status and Future Plans Earl Baum March, 2014 1 Background Current Activities Agenda Use Cases, Shared Services and Other Considerations What s Next 2 Background Cloud Definition
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationDeploying Federal Geospatial Services
Deploying Federal Geospatial Services in the Cloud: Federal Geographic Data Committee (FGDC) and GSA GeoCloud Sandbox Initiative Doug Nebert USGS/FGDC December 2010 Draft For Official Use Only 1 Background
More informationInformation System Security Officer (ISSO) Guide
Information System Security Officer (ISSO) Guide Information Security Office Version 8.0 June 06, 2011 DEPARTMENT OF HOMELAND SECURITY Document Change History INFORMATION SYSTEM SECURITY OFFICER (ISSO)
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationDEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES
DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 Washington, DC 20420 Transmittal Sheet February 28, 2012 CLOUD COMPUTING SERVICES 1. REASON FOR ISSUE: This Directive establishes the Department of Veterans
More informationMicrosoft Azure. Microsoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale
More information