Esri Managed Cloud Services and FedRAMP

Size: px
Start display at page:

Download "Esri Managed Cloud Services and FedRAMP"

Transcription

1 Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young

2 Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP Compliant Option Esri Managed Cloud Services FedRAMP Process Esri Managed Cloud Services Security Infrastructure How to Get Started Summary

3 Program Overview

4 ArcGIS Cloud Options SaaS PaaS ArcGIS Online or Custom Esri Apps and Data on fully Managed Cloud Services ArcGIS for Server on Esri managed cloud infrastructure IaaS ArcGIS for Server images available to use on cloud infrastructure

5 ArcGIS for Server on [Fill in the Blank] Supported on multiple cloud platforms - Virtual or bare metal Full ArcGIS for Server capabilities User-provisioned cloud infrastructure resources Pay for what you use BYOL or ArcGIS term licensing available

6 ArcGIS Online Create, share, collaborate Subscription-based - Named User - Credits pay as you go Updates and enhancements occur behind the scenes

7 Esri Managed Cloud Services Cloud-based GIS infrastructure support, including: - Enterprise system design - Infrastructure management - Software (Esri & 3 rd Party) Installation, updates and patching - Application deployment - Database management - 24/7 support and monitoring

8 ArcGIS Deployment Models Users Apps Anonymous Access Portal ArcGIS Online Server On-Premises Portal Server Esri Managed Cloud Services

9 Benefits of Esri Managed Cloud Services Increase efficiency and business focus High availability, quality and performance Reduce internal costs Preserves data integrity, privacy and availability Increase usage and productivity Cloud GIS experts managing your critical apps and content

10 How is it delivered? Available on GSA

11 Basic Packages Sandbox Ready to use cloud instance of ArcGIS for Server Remote access provided to user Ideal for development, prototyping...

12 Standard, Advanced, Advanced Plus Packages Esri loads, publishes and deploys on behalf of customer 24/7 system monitoring and support Ideal for production systems (internal or public facing) Staging Production Test Dev

13 Example Deployments

14 USGS Historical Topographic Maps More than 175,000 topographic maps published by the USGS since TB data x 2 for redundancy 1.6 million hits during Esri User Conference Consumed by several apps; premium service available in ArcGIS Online

15 Constellation Brands Improve sales by leveraging tools to drive volume and revenue 4 th of July deadline 2.7M records updated 2x / week via scripted tools Equipping staff with valuable information to increase sales

16 Power Outage Viewers Highly available, scalable systems ready to perform during major events Frequent, automated data updates Bringing critical outage information to the general public

17 Hurricane Sandy 14 additional servers (17 total) Central Maine Power - 34 million hits over 3 days New York State Electric & Gas 76 million hits over 3 days 2/10/ :30 am Peak Sandy Hours

18 Maine October 29

19 Maine October 30

20 Maine Ocbober 31

21 Maine November 1

22 Maine November 2

23 Who else uses Esri Managed Cloud Services? 80+ customers Leveraged across many sectors Manage over 500 servers, several TB of data

24 New FedRAMP Compliant Offering Michael Young

25 Federal Geospatial Cloud Security Compliance Roadmap 2002 FISMA Law Established Required security baselines for Federal systems Feb 2010 Kundra Announces FedRAMP Security Working Group concept announced May 2013 First Agency Authorization HHS Issues ATO to Amazon June 2014 OMB FedRAMP Mandate FedRAMP now required for all cloud solutions covered by policy memo Planned ArcGIS Online FedRAMP Authorization Aug 2005 Esri GOS2 FISMA Authorization DOI Issues ATO to Esri May 2010 Esri Participates in First Cloud Computing Forum Esri begins active involvement in cloud standards & security programs Dec 2011 Esri Federal Cloud Computing Security Workshop Esri works with Agencies & FedRAMP to plan SaaS Compliance June 2014 ArcGIS Online FISMA Authorization USDA Issues ATO to Esri Jan 2015 EMCS FedRAMP Compliant Signoff by FedRAMP Director Planned for 2015 ArcGIS Online Hosted Feature Services Authorization DOI working with Esri towards Authorization Esri has actively participated in hosting and advancing secure compliant solutions for over a decade

26 FedRAMP What does FedRAMP do? - Replace varied and duplicative procedures across government by providing agencies with a standard approach for conducting security assessments of cloud services What is core of FedRAMP? - An accepted set of baseline security controls and consistent processes that have been vetted and agreed upon by agencies across the government Why did Esri pursue FedRAMP Compliance? - Customers demanded FedRAMP compliance before rolling out future production operations - Customer risk has been increasing rapidly without security infrastructure - OMB mandate all low and moderate impact cloud services leveraged by more than one office or agency must comply with FedRAMP requirements Accelerates Review and Acceptance of Cloud Based Services

27 FedRAMP Government Entities Cross Government Support

28 EMCS FedRAMP Benefits What does EMCS provide? Contingency planning and risk management Patch and key management Data encryption and intrusion detection System logging and reporting Centralized identity and access management Regular security audits Well documented policies and procedures What are the benefits? Preserve data integrity Protect sensitive datasets Ensure availability and reliability Builds assurance and awareness Save costs by embracing Cloud First Shift the burden of managing enterprise GIS systems to the experts Penetration testing and vulnerability scanning CONTINUOUS MONITORING!

29 FedRAMP What is the process? Risk Management Framework (RMF) centric process

30 Esri Managed Cloud Services FedRAMP Documentation FIPS 199 Control Implementation Summary (CIS) System Security Plan (SSP) Information System Security Policies User Guide E-Authentication Template Privacy Threshold Analysis (PTA) Rules of Behavior (ROB) IT Contingency Plan Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M) Policies and procedures Business Impact Analysis Configuration Management Plan Incident Response Plan Interconnection Security Agreement (ISA / MOU) Penetration Test Plan 1000 s of pages ensuring rigorous security

31 EMCS FedRAMP Assessment Cloud Security Assessor Veris Group - Third Party Assessment Organization (3PAO) accredited by FedRAMP - 1 st to successfully inspect FedRAMP CSP Supplied, JAB, and Agency Approved Solutions - 5 month engagement - Three months of active Technical and Documentation assessments - System level scans - Web Interface scans - Database scans - Penetration testing FedRAMP Advisor Relevant Technologies - Laura Taylor - Wrote the initial Guide to Understanding FedRAMP Great advisors and skilled assessors keep the effort focused

32 EMCS FedRAMP Authorization 3 Baseline Security Control Levels - Low, Moderate*, High in draft 3 Status Levels - Ready, In Process, Compliant* 3 FedRAMP Authorization Levels - Cloud Service Provider (CSP) Supplied* - Agency Authorization To Operate (ATO) - Joint Agency Board (JAB) Provisional Authority To Operate Esri Managed Cloud Services is - FedRAMP Moderate - FedRAMP Compliant - CSP Supplied offering EMCS CSP Supplied Package can be consumed by your Agency

33 EMCS FedRAMP Continuous Monitoring FedRAMP Reporting Workflow Monitoring Workflow Ensures maintenance of acceptable risk posture

34 Esri Managed Cloud Services Security Infrastructure

35 Esri Managed Cloud Services - Security Infrastructure Overview Most government systems - Require moderate security baseline controls Most geospatial information sets - Only require low baseline controls - ArcGIS Online Low FISMA is adequate for many customer use cases Esri Managed Cloud Services FedRAMP Infrastructure Design Goals - Consumable by the widest range of customers - Amazon East-West Regions Not limited to GovCloud - Drive down customer expenses for secure, compliant geospatial services - Customer s can choose level of multi-tenancy vs dedicated services they are comfortable with - Meet and exceed current rigorous FedRAMP requirements for cloud services - First geospatial platform to be compliant with FedRAMP Rev 4 requirements A balance of robust security and business requirements drove infrastructure choices

36 Esri Managed Cloud Services - Security Infrastructure AWS Customer Infrastructure Active/Active Redundant across two Cloud Data Centers End Users Public-Facing Gateway Web Application Firewall WAF ArcGIS for Portal DMZ Security Ops Center (SOC) Security Service Gateway Intrusion Detection IDS / SIEM ArcGIS Server Cloud Infrastructure Centralized Management Backup, CM, AV, Patch, Monitor Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Bastion Gateway MFA Relational Database File Servers Authentication/Authorization LDAP, DNS, PKI Dedicated Customer Application Infrastructure Common Security Infrastructure Esri Administrators Esri Admin Gateway Cloud Infrastructure Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Common Cloud Infrastructure Legend Agency Application Cloud Provider Security

37 Esri Managed Cloud Services - Security Infrastructure Foundation built on FedRAMP Rev 4 Security controls First Geospatial solution to be assessed for compliance against latest cloud security controls

38 Esri Managed Cloud Services - Security Infrastructure (cont.) Technical, Operational, and Managerial Components Formalize Policies and Procedures Incorporate Security Components - Intrusion Detection System (IDS) - Web Application Firewall (WAF) - Multi-factor Authentication NSA Suite B alignment - Bastion Gateway / Jump Hosts Reduce administrative interface attack surface - Centralized advanced server and application monitoring and updates Incorporate Security Hardening Standards - Utilize pre-existing Center for Internet Security (CIS) benchmarks as feasible - Create a draft ArcGIS Server 10.3 STIG

39 Esri Managed Cloud Services - Security Infrastructure (cont.) DISA STIG for ArcGIS Server 10.3 Draft STIG Settings Provided to DISA - Undergoing SME Review

40 Esri Managed Cloud Services - Security Infrastructure (cont.) Separation of duties Security Operating Center backed by Certified Security Experts Applications managed by Certified ArcGIS Platform Experts Managed by certified experts in their field

41 How to get started

42 How do I get started? Express an interest in service offering and let your security team know EMCS is FedRAMP compliant Agency Authorized FedRAMP Approver can facilitate download and review of FedRAMP package for - - If you are unsure of your FedRAMP approver the FedRAMP PMO: What else is available outside FedRAMP repository? - Cloud Security Alliance (CSA) answers for EMCS coming Complete Agency Authority To Operate (ATO) - Utilize pre-existing EMCS and AWS FedRAMP moderate docs Simplifies obtaining an ATO for your organization

43 Summary Erin Ross

44 Summary Esri Managed Cloud Services is FedRAMP compliant Esri has experts available to support your cloud GIS and security infrastructure Esri Managed Cloud Services has a range of options available to meet your operational needs Customer s can now visit the FedRAMP repository and request our Esri Managed Cloud Services security package

45 Federal GIS Conference February 9 10, 2015 Washington, DC Don t forget to complete a session evaluation form!

46

ArcGIS Security Authorization Advancements

ArcGIS Security Authorization Advancements Federal GIS Conference February 9 10, 2015 Washington, DC ArcGIS Security Authorization Advancements Michael Young & Erin Ross Overview Authorization Past & Present Products - ArcGIS Server - ArcGIS Desktop

More information

Deploying ArcGIS for Server Using Esri Managed Services

Deploying ArcGIS for Server Using Esri Managed Services Federal GIS Conference 2014 February 10 11, 2014 Washington DC Deploying ArcGIS for Server Using Esri Managed Services Andrew Sakowicz Erin Ross Cloud Overview Deploying ArcGIS for Server What is Cloud:

More information

Deploying ArcGIS for Server Using Managed Services

Deploying ArcGIS for Server Using Managed Services Deploying ArcGIS for Server Using Managed Services Andrew Sakowicz Erin Ross Sridhar Karra Agenda Introduction Program Overview - Overview - Methodology - Tools Customer Deployments - Architecture and

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

FedRAMP Government Discussion Matt Goodrich, FedRAMP Director

FedRAMP Government Discussion Matt Goodrich, FedRAMP Director FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14, 2015 [classification marking] PAGE FedRAMP Overview Ensuring Secure Cloud Computing FedRAMP was established via OMB Memo in December

More information

Overview. FedRAMP CONOPS

Overview. FedRAMP CONOPS Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,

More information

Federal Risk and Authorization Management Program (FedRAMP)

Federal Risk and Authorization Management Program (FedRAMP) Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide

More information

ArcGIS and Enterprise Security

ArcGIS and Enterprise Security ArcGIS and Enterprise Security Leveraging ArcGIS in Cybersecurity Ken Stoni Secure Enterprise ArcGIS Best Practices Michael Young Visualizing the Virtual: A geospatial approach to cyber operations and

More information

Cloud Security for Federal Agencies

Cloud Security for Federal Agencies Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service

More information

FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO

FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO www.fedramp.gov www.fedramp.gov 1 Today s Training Welcome to Part Four of the FedRAMP Training Series:

More information

Deploying ArcGIS for Server using Managed Services

Deploying ArcGIS for Server using Managed Services 2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Deploying ArcGIS for Server using Managed Services Erin Ross Andrew Sakowicz Esri UC2013. Technical cal

More information

ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young

ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies Michael E. Young Agenda Introduction ArcGIS Cloud Capabilities ArcGIS Online (SaaS) Security ArcGIS Cloud Providers ArcGIS IaaS Security

More information

ArcGIS for Server: In the Cloud

ArcGIS for Server: In the Cloud DevSummit DC February 11, 2015 Washington, DC ArcGIS for Server: In the Cloud Bonnie Stayer, Esri Session Outline Cloud Overview - Benefits - Types of clouds ArcGIS in AWS - Cloud Builder - Maintenance

More information

Cloud Computing at CDC Current Status and Future Plans Earl Baum. March, 2014

Cloud Computing at CDC Current Status and Future Plans Earl Baum. March, 2014 Cloud Computing at CDC Current Status and Future Plans Earl Baum March, 2014 1 Background Current Activities Agenda Use Cases, Shared Services and Other Considerations What s Next 2 Background Cloud Definition

More information

FedRAMP Standard Contract Language

FedRAMP Standard Contract Language FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal

More information

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 Washington, DC 20420 Transmittal Sheet February 28, 2012 CLOUD COMPUTING SERVICES 1. REASON FOR ISSUE: This Directive establishes the Department of Veterans

More information

Designing an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain

Designing an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain Designing an Enterprise GIS Security Strategy 2014 Michael E. Young Matt Lorrain Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud Compliance Summary Introduction What is a secure GIS?

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012

More information

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Security Authorization Process Guide

Security Authorization Process Guide Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...

More information

Information Assurance in the Cloud

Information Assurance in the Cloud Information Assurance in the Cloud The Status of FedRAMP, April 2013 AGA - Montgomery/Prince George s Chapter cliftonlarsonallen.com Session Outline 1. Cloud Services in Federal Government The Opportunity

More information

Using ArcGIS for Server in the Amazon Cloud

Using ArcGIS for Server in the Amazon Cloud Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder

More information

FedRAMP Master Acronym List. Version 1.0

FedRAMP Master Acronym List. Version 1.0 FedRAMP Master Acronym List Version 1.0 September 10, 2015 Revision History Date Version Page(s) Description Author Sept. 10, 2014 1.0 All Initial issue. FedRAMP PMO How to Contact Us For questions about

More information

DoD Cloud Computing Security Requirements Guide (SRG) Overview

DoD Cloud Computing Security Requirements Guide (SRG) Overview DoD Cloud Computing Security Requirements Guide (SRG) Overview 1 General SRG Information Released 12 January 2015 Version 1, release 1 Provides comprehensive security guidance for components (missions)

More information

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE

More information

Cloud Assessments. Federal Computer Security Managers Forum. John Connor, IT Security Specialist, OISM, NIST. Meeting.

Cloud Assessments. Federal Computer Security Managers Forum. John Connor, IT Security Specialist, OISM, NIST. Meeting. Cloud Assessments SaaS Email Working Group John Connor, IT Security Specialist, OISM, NIST Meeting August, 2015 Background Photo - JILA strontium atomic clock (a joint institute of NIST and the University

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

Deploying Federal Geospatial Services

Deploying Federal Geospatial Services Deploying Federal Geospatial Services in the Cloud: Federal Geographic Data Committee (FGDC) and GSA GeoCloud Sandbox Initiative Doug Nebert USGS/FGDC December 2010 Draft For Official Use Only 1 Background

More information

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application

More information

Guide to Understanding FedRAMP. Guide to Understanding FedRAMP

Guide to Understanding FedRAMP. Guide to Understanding FedRAMP Guide to Understanding FedRAMP Version 1.0 June 5, 2012 Executive Summary This document provides helpful hints and guidance to make it easier to understand FedRAMP s requirements. The primary purpose of

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

Microsoft Azure. White Paper Security, Privacy, and Compliance in

Microsoft Azure. White Paper Security, Privacy, and Compliance in White Paper Security, Privacy, and Compliance in Security, Privacy, and Compliance in Executive Summary The adoption of cloud services worldwide continues to accelerate, yet many organizations are wary

More information

Security Language for IT Acquisition Efforts CIO-IT Security-09-48

Security Language for IT Acquisition Efforts CIO-IT Security-09-48 Security Language for IT Acquisition Efforts CIO-IT Security-09-48 Office of the Senior Agency Information Security Officer VERSION HISTORY/CHANGE RECORD Change Number Person Posting Change Change Reason

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

Petroleum Web Applications to Support your Business. David Jacob & Vanessa Ramirez Esri Natural Resources Team

Petroleum Web Applications to Support your Business. David Jacob & Vanessa Ramirez Esri Natural Resources Team Petroleum Web Applications to Support your Business David Jacob & Vanessa Ramirez Esri Natural Resources Team Agenda Petroleum Web Apps to Support your Business The ArcGIS Location Platform Introduction

More information

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013 Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments

More information

NOTICE: This publication is available at: http://www.nws.noaa.gov/directives/.

NOTICE: This publication is available at: http://www.nws.noaa.gov/directives/. Department of Commerce National Oceanic & Atmospheric Administration National Weather Service NATIONAL WEATHER SERVICE Instruction 60-701 28 May 2012 Information Technology IT Security Assignment of Responsibilities

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

KeyLock Solutions Security and Privacy Protection Practices

KeyLock Solutions Security and Privacy Protection Practices KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

Federal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration

Federal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration efast Cloud Computing Services 25 October 2012 1 Bottom Line Up Front The FAA Cloud Computing Vision released in 2012 identified the agency's road map to meet the Cloud First Policy efast must provide

More information

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...

More information

Security of Cloud Computing for the Power Grid

Security of Cloud Computing for the Power Grid ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 Security of Cloud Computing for the Power Grid Industry Panel November 12, 2014 UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY

More information

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015.

ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015. ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015. This addendum is applicable to each purchase order that is subject to the State of Maryland s contract number 060B2490021-2015.

More information

DLT Solutions and Amazon Web Services

DLT Solutions and Amazon Web Services DLT Solutions and Amazon Web Services For a seamless, cost-effective migration to the cloud PREMIER CONSULTING PARTNER DLT Solutions 2411 Dulles Corner Park, Suite 800 Herndon, VA 20171 Duane Thorpe Phone:

More information

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend: CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification

More information

NetIQ FISMA Compliance & Risk Management Solutions

NetIQ FISMA Compliance & Risk Management Solutions N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a

More information

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including

More information

DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1. 12 January 2015

DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1. 12 January 2015 DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1 12 January 2015 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense

More information

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Portal for ArcGIS: An Introduction

Portal for ArcGIS: An Introduction 2013 Esri Mid-Atlantic User Conference December 10-11 Baltimore, MD Portal for ArcGIS: An Introduction Derek Law Esri, Redlands Agenda Web GIS Deployment patterns Portal for ArcGIS overview Security Integration

More information

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015 For Person Authentication Service (PAS) Date: January 9, 2015 Point of Contact and Author: Hanan Abu Lebdeh Hanan.Abulebdeh@ed.gov System Owner: Ganesh Reddy Ganesh.Reddy@ed.gov Office of Federal Student

More information

How to Turn the Promise of the Cloud into an Operational Reality

How to Turn the Promise of the Cloud into an Operational Reality TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company

More information

Microsoft Azure. Microsoft Azure Security, Privacy, & Compliance

Microsoft Azure. Microsoft Azure Security, Privacy, & Compliance Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale

More information

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables

More information

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Ensuring the Security of Your Company s Data & Identities. a best practices guide a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management

More information

CompTIA Cloud+ 9318; 5 Days, Instructor-led

CompTIA Cloud+ 9318; 5 Days, Instructor-led CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,

More information

Review of the SEC s Systems Certification and Accreditation Process

Review of the SEC s Systems Certification and Accreditation Process Review of the SEC s Systems Certification and Accreditation Process March 27, 2013 Page i Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Securing Government Clouds Preparing for the Rainy Days

Securing Government Clouds Preparing for the Rainy Days Securing Government Clouds Preparing for the Rainy Days Majed Saadi Director, Cloud Computing Practice Agenda 1. The Cloud: Opportunities and Challenges 2. Cloud s Potential for Providing Government Services

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Cloud Technologies and GIS Nathalie Smith

Cloud Technologies and GIS Nathalie Smith Cloud Technologies and GIS Nathalie Smith nsmith@esri.com Agenda What is Cloud Computing? How does it work? Cloud and GIS applications Esri Offerings Lots of hype Cloud computing remains the latest, most

More information

GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project

GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project Description of Application The Spatial Data Warehouse project at the USGS/EROS distributes services and data in support of The National

More information

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Time to Value: Successful Cloud Software Implementation

Time to Value: Successful Cloud Software Implementation Time to Value: Successful Cloud Software Implementation Cloud & Data Security 2015 Client Conference About the Presenter Scott Schimberg, CPA, CMA Partner, Consulting, Armanino Scott became a Certified

More information

EAaaS Cloud Security Best Practices

EAaaS Cloud Security Best Practices EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult

More information

Flying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues

Flying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues Flying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues M. Peter Adler (SRA International, Inc.) David Z. Bodenheimer (Crowell & Moring LLP) Annejanette

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Cloud and Regulations: A match made in heaven, or the worst blind date ever? Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing

More information

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS

More information

Vodafone Total Managed Mobility

Vodafone Total Managed Mobility Vodafone Total Managed Mobility More productivity, less complexity Vodafone Power to you What s inside? What you get see how your business benefits 4 In detail find out how it all works 5 Service lifecycle

More information

Building Out Your Cloud-Ready Solutions. Clark D. Richey, Jr., Principal Technologist, DoD

Building Out Your Cloud-Ready Solutions. Clark D. Richey, Jr., Principal Technologist, DoD Building Out Your Cloud-Ready Solutions Clark D. Richey, Jr., Principal Technologist, DoD Slide 1 Agenda Define the problem Explore important aspects of Cloud deployments Wrap up and questions Slide 2

More information

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template G-Cloud Service Pan Government Security Accreditation Scope This form is intended for Suppliers of services on the G-Cloud to complete. Upon receipt, the G-Cloud Programme will check Section A, Reference

More information

Amazon Web Services: Risk and Compliance July 2015

Amazon Web Services: Risk and Compliance July 2015 Amazon Web Services: Risk and Compliance July 2015 (Consult http://aws.amazon.com/compliance/aws-whitepapers/ for the latest version of this paper) Page 1 of 128 This document is intended to provide information

More information

GRC and Cloud Services. By David Lingenfelter 2012

GRC and Cloud Services. By David Lingenfelter 2012 GRC and Cloud Services By David Lingenfelter 2012 Background > MaaS360 SaaS Cloud Model > Mobile Device Management > FISMA Moderate Certified > SAS-70/SOC-2 > Member of the Cloud Security Alliance > Participant

More information

Cloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013

Cloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 From Science to Solutions Cloud Computing Cluster Introduction to Cloud Computing Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 Senior IT Strategist SAIC What is Cloud Computing? Cloud

More information

Anypoint Platform Cloud Security and Compliance. Whitepaper

Anypoint Platform Cloud Security and Compliance. Whitepaper Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Third Party Cloud Services Its Adoption in the New Age

Third Party Cloud Services Its Adoption in the New Age Solutions for higher performance! Third Party Cloud Services Its Adoption in the New Age 1 Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals

More information

Information Security for Managers

Information Security for Managers Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize

More information