Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service
|
|
- Katrina Bell
- 8 years ago
- Views:
Transcription
1 Cloud Computing Best Practices Cloud Computing Best Practices Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service
2 Overview Cloud Computing What is it? Cloud First Policy and Guidance The Cloud Procurement White Paper Minimizing Litigation Risk and Cost Slide 2
3 What is Cloud Computing? NIST Definition Cloud computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. Source: NIST, Definition of Cloud Computing, Draft version 15, computing/index.html Laymen's Definition Cloud is essentially utility computing Automated services (no humans needed for change in services) Services are consumed as used ( pay per drink ) Enabled via the internet (accessible anywhere) Elasticity in amount of services consumed (rapid provisioning and deprovisioning) Transition from capital expenses to operating expense Slide 3
4 What Services Are In The Cloud? Software SaaS (software as a service) Applications available as an on demand service End user applications Platform PaaS (platform as a service) IT and developer tools for database and testing environments to develop applications Development or deployment activities Infrastructure IaaS (infrastructure as a service) Computing, Storage and Hosting Services Network administrators Source: Common Examples Applications, Internet Services Social Media (Blogs, Wikis) , E Meetings Productivity Tools (Office) Application Development (Workflow and Automation) Security Services (Single Sign On, Authentication) Database Management Directory Services Mainframes Servers Storage IT Facilities/Hosting Services Slide 4
5 What Types of Clouds Are There? PRIVATE CLOUD Operated solely for an organization COMMUNITY CLOUD Shared by several organizations can be public or private PUBLIC CLOUD Available to the general public HYBRID CLOUD Composition of two or more clouds (private, community, or public) Source: Slide 5
6 Cloud: A Fundamental Shift in IT Source: Slide 6
7 Cloud: Cheaper, Better, Faster Cloud = Future State of Government IT A fundamental shift: Agencies get state of the art products and services when they need them, at lower, commodity based prices. Government can redirect scarce resources to mission critical efforts as opposed to managing IT. Cheaper Save money & help lower the cost of government operations while driving innovation by avoiding duplicative infrastructure by using pay as you go service models Better Allows key resources to focus on mission critical activities and/or use solutions and services on demand or as needed Faster Decrease time tomarket to deploy or implement IT solutions via secure, easy to use contract vehicles available to federal & state and local government Slide 7
8 Administration s Drive to the Cloud The Administration s Federal Cloud Computing Strategy requires agencies to default to cloud based solutions whenever a secure, reliable and cost effective cloud option exists however, the move to the cloud requires a dramatic shift in the way Federal agencies buy IT from capital expenditures to operating expenditures. With this shift comes a learning curve as the government analyzes how to best procure this new service based model.... Steven VanRoekel U.S. Chief Information Officer, OMB February 24, 2012 Slide 8
9 Federal Timeline for Cloud Cloud First 25 Point Plan to Reform Federal IT December 9, 2010 FedRAMP Policy Memo December 8, 2011 Federal Cloud Computing Strategy February 8, 2011 Creating Effective Cloud Computing Contracts February 24, 2012 Slide 9
10 Cloud: 25 Point Plan to Reform IT Cloud First Policy Point 3 of the White House s 25 Point Plan to Reform Federal IT Requires agencies to evaluate safe, secure cloud options before making any new investments. This means agencies should evaluate their technology sourcing plans to include cloud solutions as part of the budget process. Three Cloud Projects by June 9, 2012 Cloud First mandates agencies move three projects to the cloud At least 1 project had to move to the cloud by December 9, 2011; 2 additional must move by June 9, Slide 10
11 Cloud Computing Strategy Overview Details benefits of cloud to Federal government Provides decision framework for moving to the cloud Case examples to illustrate framework Promotes vision for catalyzing cloud adoption across Federal government Slide 11
12 Cloud Security: FedRAMP Federal Risk and Authorization Management Program Overview Mandatory for Federal agencies via OMB Policy Memo Creates government wide security process for cloud computing solutions Provides assessments, provisional authorizations, and continuous monitoring of cloud services Transparent processes for Federal agencies and cloud service providers Establishes a Federal government standard baseline for securing cloud environments Slide 12
13 Cloud Procurement White Paper Overview Top 10 areas Federal agencies need to address when procuring cloud Gives description of issues along with ways to address issues within contracts Provides tactical guidance through a questionnaire checklist Slide 13
14 Partnership of IT, Acquisition, Legal Today, the CIO Council, CAO Council, and Federal Cloud Compliance Committee released: Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service. This guide enables Federal agencies to make smarter, more informed cloud purchasing decisions by utilizing lessons learned and best practices of early adopters moving us to a more efficient and more effective government. Steven VanRoekel U.S. Chief Information Officer, OMB February 24, 2012 Slide 14
15 Development of White Paper Two Tier Approach to Creating Guidance. Existing Cloud Contracts Develop lessons learned from early adopters Informal data call through OMB to collect ~15 existing Federal cloud contracts Review of contracts to see variance of contract terms, establish baseline and identify themes Interview project managers and contracting officers of each contract: What worked What doesn t work How various issues were addressed FC3 Guidance Guidance Developed by Federal Cloud Compliance Committee (FC3) Informal interagency group comprised of Federal Attorneys, procurements officials, and cloud SMEs. Mission: create tactical guidance to proactively assist agencies when contracting cloud Created four working groups: Security Privacy E Discovery Records Management/FOIA Slide 15
16 Goals of White Paper Cloud Computing and the Federal Government: Effectively Acquiring IT as a Service Merge the Cloud First mandate and the visionary Cloud Computing Strategy The next step in government s move to cloud with specific guidance in effectively buying cloud services Provide guidance to agencies in developing requirements for a cloud computing contract. Highlight top ten areas for Federal agencies to address in cloud contracts Help shape the way that cloud computing services are purchased and consumed Establish common practices for the Federal government to take advantage of its position as the largest purchaser of IT Slide 16
17 Top 10 Focus Areas 1) Selecting a Cloud Service 2) CSP and End User Agreements 3) Service Level Agreements (SLAs) 4) CSP, Agency, and Integrator Roles and Responsibilities 5) Standards 6) Security 7) Privacy 8) E Discovery 9) Freedom of Information Act (FOIA) 10) E Records Slide 17
18 Selecting a Cloud, End User Agreements ONE Selecting a Cloud Service Agencies must choose the appropriate cloud to meet their needs Determine the appropriate service model to meet user needs Determine the appropriate deployment model that meets data protection needs TWO CSP & End User Agreements Terms of Service Agreements (TOS) need to be negotiated TOS must be compliant with Federal laws and statutes Need to ensure NDA enforceability End User Agreements need to be integrated fully into cloud contracts Slide 18
19 SLAs and CSP, Agency, Integrator Rs & Rs THREE Service Level Agreements SLAs should clearly define CSP performance standards Need clear terms and definitions Need to determine how CSP performance will be measured Needs to establish enforcement mechanisms for SLA compliance FOUR CSP, Agency, & Integrator Roles and Responsibilities Establishes a contract with (at least) three parties Determine integrator role with CSP Need to clearly define the roles and responsibilities of all actors to ensure effectiveness of the cloud contract Slide 19
20 Standards and Security FIVE Standards Agencies should ensure CSPs align with government standards Map services to NIST Reference Architecture Ensure government participation in standards creation Compliance with Internet Protocol version 6 SIX Security FedRAMP Compliance Clearly defined requirements Continuous monitoring activities Incident response to attacks and vulnerabilities Key escrow/encryption Forensic capabilities Multi factor authentication with HSPD 12 Audit capabilities Slide 20
21 Privacy and E Discovery SEVEN Privacy Ensure compliance with the Privacy Act of 1974 and PII requirements Privacy Impact Assessments Adequate privacy training Clearly defined data location requirements How to respond to a breach where privacy data was compromised EIGHT E Discovery Provide information management in the cloud Ability to locate relevant documents Ability to preserve data in a cloud environment Moving documents through the e discovery process Cost avoidance by inclusion of tools with CSP solution Slide 21
22 FOIA and Federal Recordkeeping NINE FOIA Access Ability to conduct a reasonable search to meet Freedom of Information Act (FOIA) obligations Ensure the processing of information is pursuant to FOIA requirements Allow for the tracking and reporting of information pursuant to FOIA TEN Federal Recordkeeping Agencies should have proactive records planning before using a cloud service Ensure the ability to have timely and actual destruction of records in accordance with mandated records schedules How to deal with permanent records Process for transitioning to a new CSP Slide 22
23 Appendix A: Questionnaire Overview Translates the paper to tactical questions to ask when reviewing or creating a cloud contract Maps to the ten areas of focus within the paper Tactical approach for Agencies to use Slide 23
24 White Paper: Key Takeaway All necessary stakeholders should be included when creating cloud computing contracts. OCIO OGC Privacy Records E Discovery FOIA Acquisition staff This will enable Federal agencies to more effectively procure and manage IT as a service Slide 24
25 Cloud Resources CIO Council Federal Cloud Computing Initiative FedRAMP NIST NARA mgmt/bulletins/2010/ html Slide 25
26 Questions? Matt Goodrich Federal Cloud Computing Initiative, GSA Cloud Computing Best Practices Allison Stanton Director, E Discovery, DOJ Civil Division allison.stanton@usdoj.gov
Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division. U.S. Department of Agriculture
Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division Benjamin Young, Assistant General Counsel U.S. Department of Agriculture 1 Disclaimer The views expressed in this presentation
More informationAllison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division
Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Jason R. Baron Director of Litigation National Archives and Records Administration 1 Overview Cloud Computing Defined
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationAudit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services
O F F I C E O F IN S P E C TO R GENERAL Audit Report 2014-IT-C-016 Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services September 30, 2014 B O A R D O F G O V E R
More informationCreating Effective Cloud Computing Contracts for the Federal Government
Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service A joint publication of the In coordination with the Federal Cloud Compliance Committee
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationFederal Cloud Computing Initiative Overview
Federal Cloud Computing Initiative Overview Program Status To support the Federal Cloud Computing Direction and Deployment Approach, the ITI Line of Business PMO has been refocused as the Cloud Computing
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationWritten Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications
Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee
More informationManagement of Cloud Computing Contracts and Environment
Management of Cloud Computing Contracts and Environment Audit Report Report Number IT-AR-14-009 September 4, 2014 Cloud computing contracts did not comply with Postal Service standards. Background The
More informationHow To Use Cloud Computing For Federal Agencies
Cloud Computing Briefing Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov Cloud Computing Basics Style of computing Cloud Computing: What Does it Mean? Close public/private sector
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationThe Cloud Seen from the U.S.A.
The Cloud Seen from the U.S.A. Stephen R. Bell, Counselor to the U.S. Coordinator, International Communications and Information Policy, U.S. Department of State OUTLINE Commercial drivers of Cloud services
More informationCloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent
Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012
More informationThe Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative
The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative September 2014 Council of the Inspectors General on Integrity and Efficiency Cloud Computing Initiative Executive
More informationFederal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide
More informationCLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance
United States Government Accountability Office Report to Congressional Requesters April 2016 CLOUD COMPUTING Agencies Need to Incorporate Key Practices to Ensure Effective Performance GAO-16-325 April
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationStatus of Cloud Computing Environments within OPM (Report No. 4A-CI-00-14-028)
MEMORANDUM FOR KATHERINE ARCHULETA Director FROM: SUBJECT: PATRICK E. McFARLAND Inspector General Status of Cloud Computing Environments within OPM (Report No. 4A-CI-00-14-028) The purpose of this memorandum
More informationCloud Computing. Report No. OIG-AMR-74-14-03. UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General.
UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General Cloud Computing Report No. OIG-AMR-74-14-03 October 21, 2014 CONTENTS EXECUTIVE SUMMARY... 1 BACKGROUND... 2 OBJECTIVE,
More informationOffice of Inspector General Audit Report
Office of Inspector General Audit Report DOT LACKS AN EFFECTIVE PROCESS FOR ITS TRANSITION TO CLOUD COMPUTING Department of Transportation Report Number: FI-2015-047 Date Issued: June 16, 2015 U.S. Department
More informationITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
More informationCisco Cloud Assessments. Justin Tang
Cisco Cloud Assessments Justin Tang Cisco Landscape Evolution of Cloud Assessments Performing Cloud Assessments Challenges 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Definition:
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationCloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA
Cloud Services The Path Forward Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA November 1, 2012 Agenda Integrated Technology Services (ITS) Cloud Acquisition
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationKent State University s Cloud Strategy
Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology
More informationCloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.
Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference
More informationReport via OMB s Integrated Data Collection (IDC), https://community.max.gov/x/lhtgjw 10
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 June 2, 2016 M-16-12 MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES FROM: Anne E. Rung United States Chief
More informationFederal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration
efast Cloud Computing Services 25 October 2012 1 Bottom Line Up Front The FAA Cloud Computing Vision released in 2012 identified the agency's road map to meet the Cloud First Policy efast must provide
More informationEnterprise Managed Cloud Computing at NASA. Karen Petraska NASA Office of the CIO Computing Services Service Office (CSSO) October 1, 2014
Enterprise Managed Cloud Computing at NASA Karen Petraska NASA Office of the CIO Computing Services Service Office (CSSO) October 1, 2014 What is Cloud Computing? Cloud Computing in a Nutshell Cloud computing
More informationHow to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing
How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov
More informationDEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES
DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 Washington, DC 20420 Transmittal Sheet February 28, 2012 CLOUD COMPUTING SERVICES 1. REASON FOR ISSUE: This Directive establishes the Department of Veterans
More informationGAO INFORMATION TECHNOLOGY REFORM. Progress Made but Future Cloud Computing Efforts Should be Better Planned
GAO July 2012 United States Government Accountability Office Report to the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationCloud Computing Contract Clauses
Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security
More informationA Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011
A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationHow To Manage Cloud Computing In The United States Of American Agriculture
United States Department of Agriculture Office of Inspector General USDA s Implementation of Cloud Computing Services Audit Report 50501-0005-12 What Were OIG s Objectives Our objective was to evaluate
More informationEPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017
EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017 Collection and Retention Procedures for Electronically Stored Information (ESI)
More informationCLOUD COMPUTING. A Primer
CLOUD COMPUTING A Primer A Mix of Voices The incredible shrinking CIO CIO Magazine, 2004 IT Doesn t Matter, The cloud will ship service outside the institution and ship power from central IT groups to
More informationDEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE
DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE 1 Introduction and Instructions This sample Statement
More informationTESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY
TESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY
More information1. From the CIO 3. 2. Strategic Direction for Cloud Computing at Kent State 4. 3. Cloud Computing at Kent State University 5
Kent State University ss Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology
More informationSTATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE
STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE
More informationFederal Data Center Consolidation Initiative
Federal Data Center Consolidation Initiative United States Agency for International Development (USAID) 2011 Data Center Consolidation Plan & Progress Report September 30, 2011 1 Introduction...2 2 Agency
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationCloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division
Cloud Computing A NIST Perspective & Beyond Robert Bohn, PhD Advanced Network Technologies Division ISACA National Capital Area Chapter Arlington, VA, USA 17 March 2015 Cloud Program Overview Launch &
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationOFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationThe Hybrid Cloud: Bringing Cloud-Based IT Services to State Government
The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises
More informationPerspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009
Perspectives on Moving to the Cloud Paradigm and the Need for Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 2 NIST Cloud Computing Resources NIST Draft Definition of
More informationProject Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January 2014. PPM Project Type Custom Development
Project Planning and Management (PPM) V2.0 Project Type Guide Custom Development Version 1.1 January 2014 Last Revision: 1/22/2014 Page 1 Project Type Guide Summary: Custom Development Custom software
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud Computing. Course: Designing and Implementing Service Oriented Business Processes
Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,
More informationCloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems
eenviper White Paper #4 Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems 1 Executive Summary Cloud computing could revolutionise public services
More informationFederal Cloud Security
Federal Cloud Security The views, opinions and/or findings contained in this report are those of The MITRE Corporation and should not be construed as an official government position, policy, or decision,
More informationA New Way to Compute or: How I Learned to Stop Worrying and Love the Cloud
A New Way to Compute or: How I Learned to Stop Worrying and Love the Cloud Robert Bohn NIST March 7, 2012 DC/SLA Washington, DC Chapter History Cloud" is borrowed from telephony. Telecoms once offered
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationCloud Computing Best Practices and Considerations for Project Managers Mike Lamoureux, PMP, MBA. Page 1
Cloud Computing Best Practices and Considerations for Project Managers Mike Lamoureux, PMP, MBA Page 1 Cloud Computing is the 5 th Utility Water Electricity Gas Telephone Computing Page 2 Why does a Project
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationEast African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?
East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationSecurity Authorization Process Guide
Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...
More informationHow To Cloud Compute At The Cloud At The Cyclone Center For Cnc
Cloud Computing at CDC Current Status and Future Plans Earl Baum March, 2014 1 Background Current Activities Agenda Use Cases, Shared Services and Other Considerations What s Next 2 Background Cloud Definition
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationNIST Cloud Computing Program
NIST Program USG Roadmap Top 10 high priority requirements to accelerate USG adoption of the model NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science,
More informationjourney to a hybrid cloud
journey to a hybrid cloud Virtualization and Automation VI015SN journey to a hybrid cloud Jim Sweeney, CTO GTSI about the speaker Jim Sweeney GTSI, Chief Technology Officer 35 years of engineering experience
More informationCloud Computing. by Civic Consulting (research conducted October 2011 January 2012)
Cloud Computing by (research conducted October 2011 January 2012) for the European Parliament, DG Internal Policies of the Union, Directorate A (Economic and Scientific Policy); presentation for the EP
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationThe NIST Definition of Cloud Computing (Draft)
Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication
More informationWhy Migrate to the Cloud. ABSS Solutions, Inc. 2014
Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System
More informationExpert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II
Expert Reference Series of White Papers Understanding NIST s Cloud Computing Reference Architecture: Part II info@globalknowledge.net www.globalknowledge.net Understanding NIST s Cloud Computing Reference
More informationClOP CHAPTER 1351.39. Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1
ClOP CHAPTER 1351.39 Departmental Information Technology Governance Policy TABLE OF CONTENTS Section 39.1 Purpose... 1 Section 39.2 Section 39.3 Section 39.4 Section 39.5 Section 39.6 Section 39.7 Section
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationDoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL
DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL Version 1.0 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD) EXECUTIVE SUMMARY The 26 June 2012 DoD
More informationFederal CIO: Cloud Selection Toolkit. Georgetown University: Chris Radich Dana Christiansen Doyle Zhang India Donald
Federal CIO: Cloud Selection Toolkit Georgetown University: Chris Radich Dana Christiansen Doyle Zhang India Donald Agenda Project Introduction Agency Cloud Challenges Toolkit Solution Overview Step 1:
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationNew Computing Models, and What They Mean to the Small and Mid-Sized Business Consumer
New Computing Models, and What They Mean to the Small and Mid-Sized Business Consumer How your business can make practical decisions between The Cloud, Utility Computing and Hosted Services 1 Business
More informationCLOUD COMPUTING. Additional Opportunities and Savings Need to Be Pursued
United States Government Accountability Office Report to Congressional Requesters September 2014 CLOUD COMPUTING Additional Opportunities and Savings Need to Be Pursued GAO-14-753 September 2014 CLOUD
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationDoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO
DoD CIO s 10-Point Plan for IT Modernization Ms. Teri Takai DoD CIO Executive Summary Proactive Partnerships for IT Modernization IT Modernization Strategy Consolidate Infrastructure Streamline Processes
More informationNAVIGATING THE MAZE. 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona. 2013 CIO Roundtable Retreat
NAVIGATING THE MAZE 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona The Legal Cloud What is Cloud Computing? Working in the Cloud Cloud Computing is A way to work
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More information{Moving to the cloud}
{Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have
More informationCloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013
From Science to Solutions Cloud Computing Cluster Introduction to Cloud Computing Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 Senior IT Strategist SAIC What is Cloud Computing? Cloud
More informationAUDIT REPORT. The Department of Energy's Management of Cloud Computing Activities
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Management of Cloud Computing Activities DOE/IG-0918 September 2014 Department
More information2.0 ROLES AND RESPONSIBILITIES
2.0 ROLES AND RESPONSIBILITIES This handout describes applicable roles and responsibilities for the Capital Planning and Investment Process (CPIC) as presented in the NIST Integrating IT Security into
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationCloud-Based ICT Services Checklist
Cloud-Based ICT Services Checklist Guideline A non-exhaustive list of considerations to be made when evaluating, purchasing, implementing and managing cloud-based ICT services. Keywords: Cloud-based ICT
More informationCloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationCloud Computing are you ready?
Cloud Computing are you ready? Steven Krenz ITSM Practice Lead Agenda Introduction Presentation Topics The traditional Data Center: How it compares to The Cloud Cloud Computing and IT Service Management:
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More information