Esri Managed Cloud Services and FedRAMP
|
|
- Geraldine Stevens
- 8 years ago
- Views:
Transcription
1 Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young
2 Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP Compliant Option Esri Managed Cloud Services FedRAMP Process Esri Managed Cloud Services Security Infrastructure How to Get Started Summary
3 Program Overview
4 ArcGIS Cloud Options SaaS PaaS ArcGIS Online or Custom Esri Apps and Data on fully Managed Cloud Services ArcGIS for Server on Esri managed cloud infrastructure IaaS ArcGIS for Server images available to use on cloud infrastructure
5 ArcGIS for Server on [Fill in the Blank] Supported on multiple cloud platforms - Virtual or bare metal Full ArcGIS for Server capabilities User-provisioned cloud infrastructure resources Pay for what you use BYOL or ArcGIS term licensing available
6 ArcGIS Online Create, share, collaborate Subscription-based - Named User - Credits pay as you go Updates and enhancements occur behind the scenes
7 Esri Managed Cloud Services Cloud-based GIS infrastructure support, including: - Enterprise system design - Infrastructure management - Software (Esri & 3 rd Party) Installation, updates and patching - Application deployment - Database management - 24/7 support and monitoring
8 ArcGIS Deployment Models Users Apps Anonymous Access Portal ArcGIS Online Server On-Premises Portal Server Esri Managed Cloud Services
9 Benefits of Esri Managed Cloud Services Increase efficiency and business focus High availability, quality and performance Reduce internal costs Preserves data integrity, privacy and availability Increase usage and productivity Cloud GIS experts managing your critical apps and content
10 How is it delivered? Available on GSA
11 Basic Packages Sandbox Ready to use cloud instance of ArcGIS for Server Remote access provided to user Ideal for development, prototyping...
12 Standard, Advanced, Advanced Plus Packages Esri loads, publishes and deploys on behalf of customer 24/7 system monitoring and support Ideal for production systems (internal or public facing) Staging Production Test Dev
13 Example Deployments
14 USGS Historical Topographic Maps More than 175,000 topographic maps published by the USGS since TB data x 2 for redundancy 1.6 million hits during Esri User Conference Consumed by several apps; premium service available in ArcGIS Online
15 Constellation Brands Improve sales by leveraging tools to drive volume and revenue 4 th of July deadline 2.7M records updated 2x / week via scripted tools Equipping staff with valuable information to increase sales
16 Power Outage Viewers Highly available, scalable systems ready to perform during major events Frequent, automated data updates Bringing critical outage information to the general public
17 Hurricane Sandy 14 additional servers (17 total) Central Maine Power - 34 million hits over 3 days New York State Electric & Gas 76 million hits over 3 days 2/10/ :30 am Peak Sandy Hours
18 Maine October 29
19 Maine October 30
20 Maine Ocbober 31
21 Maine November 1
22 Maine November 2
23 Who else uses Esri Managed Cloud Services? 80+ customers Leveraged across many sectors Manage over 500 servers, several TB of data
24 New FedRAMP Compliant Offering Michael Young
25 Federal Geospatial Cloud Security Compliance Roadmap 2002 FISMA Law Established Required security baselines for Federal systems Feb 2010 Kundra Announces FedRAMP Security Working Group concept announced May 2013 First Agency Authorization HHS Issues ATO to Amazon June 2014 OMB FedRAMP Mandate FedRAMP now required for all cloud solutions covered by policy memo Planned ArcGIS Online FedRAMP Authorization Aug 2005 Esri GOS2 FISMA Authorization DOI Issues ATO to Esri May 2010 Esri Participates in First Cloud Computing Forum Esri begins active involvement in cloud standards & security programs Dec 2011 Esri Federal Cloud Computing Security Workshop Esri works with Agencies & FedRAMP to plan SaaS Compliance June 2014 ArcGIS Online FISMA Authorization USDA Issues ATO to Esri Jan 2015 EMCS FedRAMP Compliant Signoff by FedRAMP Director Planned for 2015 ArcGIS Online Hosted Feature Services Authorization DOI working with Esri towards Authorization Esri has actively participated in hosting and advancing secure compliant solutions for over a decade
26 FedRAMP What does FedRAMP do? - Replace varied and duplicative procedures across government by providing agencies with a standard approach for conducting security assessments of cloud services What is core of FedRAMP? - An accepted set of baseline security controls and consistent processes that have been vetted and agreed upon by agencies across the government Why did Esri pursue FedRAMP Compliance? - Customers demanded FedRAMP compliance before rolling out future production operations - Customer risk has been increasing rapidly without security infrastructure - OMB mandate all low and moderate impact cloud services leveraged by more than one office or agency must comply with FedRAMP requirements Accelerates Review and Acceptance of Cloud Based Services
27 FedRAMP Government Entities Cross Government Support
28 EMCS FedRAMP Benefits What does EMCS provide? Contingency planning and risk management Patch and key management Data encryption and intrusion detection System logging and reporting Centralized identity and access management Regular security audits Well documented policies and procedures What are the benefits? Preserve data integrity Protect sensitive datasets Ensure availability and reliability Builds assurance and awareness Save costs by embracing Cloud First Shift the burden of managing enterprise GIS systems to the experts Penetration testing and vulnerability scanning CONTINUOUS MONITORING!
29 FedRAMP What is the process? Risk Management Framework (RMF) centric process
30 Esri Managed Cloud Services FedRAMP Documentation FIPS 199 Control Implementation Summary (CIS) System Security Plan (SSP) Information System Security Policies User Guide E-Authentication Template Privacy Threshold Analysis (PTA) Rules of Behavior (ROB) IT Contingency Plan Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M) Policies and procedures Business Impact Analysis Configuration Management Plan Incident Response Plan Interconnection Security Agreement (ISA / MOU) Penetration Test Plan 1000 s of pages ensuring rigorous security
31 EMCS FedRAMP Assessment Cloud Security Assessor Veris Group - Third Party Assessment Organization (3PAO) accredited by FedRAMP - 1 st to successfully inspect FedRAMP CSP Supplied, JAB, and Agency Approved Solutions - 5 month engagement - Three months of active Technical and Documentation assessments - System level scans - Web Interface scans - Database scans - Penetration testing FedRAMP Advisor Relevant Technologies - Laura Taylor - Wrote the initial Guide to Understanding FedRAMP Great advisors and skilled assessors keep the effort focused
32 EMCS FedRAMP Authorization 3 Baseline Security Control Levels - Low, Moderate*, High in draft 3 Status Levels - Ready, In Process, Compliant* 3 FedRAMP Authorization Levels - Cloud Service Provider (CSP) Supplied* - Agency Authorization To Operate (ATO) - Joint Agency Board (JAB) Provisional Authority To Operate Esri Managed Cloud Services is - FedRAMP Moderate - FedRAMP Compliant - CSP Supplied offering EMCS CSP Supplied Package can be consumed by your Agency
33 EMCS FedRAMP Continuous Monitoring FedRAMP Reporting Workflow Monitoring Workflow Ensures maintenance of acceptable risk posture
34 Esri Managed Cloud Services Security Infrastructure
35 Esri Managed Cloud Services - Security Infrastructure Overview Most government systems - Require moderate security baseline controls Most geospatial information sets - Only require low baseline controls - ArcGIS Online Low FISMA is adequate for many customer use cases Esri Managed Cloud Services FedRAMP Infrastructure Design Goals - Consumable by the widest range of customers - Amazon East-West Regions Not limited to GovCloud - Drive down customer expenses for secure, compliant geospatial services - Customer s can choose level of multi-tenancy vs dedicated services they are comfortable with - Meet and exceed current rigorous FedRAMP requirements for cloud services - First geospatial platform to be compliant with FedRAMP Rev 4 requirements A balance of robust security and business requirements drove infrastructure choices
36 Esri Managed Cloud Services - Security Infrastructure AWS Customer Infrastructure Active/Active Redundant across two Cloud Data Centers End Users Public-Facing Gateway Web Application Firewall WAF ArcGIS for Portal DMZ Security Ops Center (SOC) Security Service Gateway Intrusion Detection IDS / SIEM ArcGIS Server Cloud Infrastructure Centralized Management Backup, CM, AV, Patch, Monitor Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Bastion Gateway MFA Relational Database File Servers Authentication/Authorization LDAP, DNS, PKI Dedicated Customer Application Infrastructure Common Security Infrastructure Esri Administrators Esri Admin Gateway Cloud Infrastructure Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Common Cloud Infrastructure Legend Agency Application Cloud Provider Security
37 Esri Managed Cloud Services - Security Infrastructure Foundation built on FedRAMP Rev 4 Security controls First Geospatial solution to be assessed for compliance against latest cloud security controls
38 Esri Managed Cloud Services - Security Infrastructure (cont.) Technical, Operational, and Managerial Components Formalize Policies and Procedures Incorporate Security Components - Intrusion Detection System (IDS) - Web Application Firewall (WAF) - Multi-factor Authentication NSA Suite B alignment - Bastion Gateway / Jump Hosts Reduce administrative interface attack surface - Centralized advanced server and application monitoring and updates Incorporate Security Hardening Standards - Utilize pre-existing Center for Internet Security (CIS) benchmarks as feasible - Create a draft ArcGIS Server 10.3 STIG
39 Esri Managed Cloud Services - Security Infrastructure (cont.) DISA STIG for ArcGIS Server 10.3 Draft STIG Settings Provided to DISA - Undergoing SME Review
40 Esri Managed Cloud Services - Security Infrastructure (cont.) Separation of duties Security Operating Center backed by Certified Security Experts Applications managed by Certified ArcGIS Platform Experts Managed by certified experts in their field
41 How to get started
42 How do I get started? Express an interest in service offering and let your security team know EMCS is FedRAMP compliant Agency Authorized FedRAMP Approver can facilitate download and review of FedRAMP package for If you are unsure of your FedRAMP approver the FedRAMP PMO: info@fedramp.gov What else is available outside FedRAMP repository? - Cloud Security Alliance (CSA) answers for EMCS coming Complete Agency Authority To Operate (ATO) - Utilize pre-existing EMCS and AWS FedRAMP moderate docs Simplifies obtaining an ATO for your organization
43 Summary Erin Ross
44 Summary Esri Managed Cloud Services is FedRAMP compliant Esri has experts available to support your cloud GIS and security infrastructure Esri Managed Cloud Services has a range of options available to meet your operational needs Customer s can now visit the FedRAMP repository and request our Esri Managed Cloud Services security package
45 Federal GIS Conference February 9 10, 2015 Washington, DC Don t forget to complete a session evaluation form!
46
ArcGIS Security Authorization Advancements
Federal GIS Conference February 9 10, 2015 Washington, DC ArcGIS Security Authorization Advancements Michael Young & Erin Ross Overview Authorization Past & Present Products - ArcGIS Server - ArcGIS Desktop
More informationDeploying ArcGIS for Server Using Esri Managed Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Deploying ArcGIS for Server Using Esri Managed Services Andrew Sakowicz Erin Ross Cloud Overview Deploying ArcGIS for Server What is Cloud:
More informationDeploying ArcGIS for Server Using Managed Services
Deploying ArcGIS for Server Using Managed Services Andrew Sakowicz Erin Ross Sridhar Karra Agenda Introduction Program Overview - Overview - Methodology - Tools Customer Deployments - Architecture and
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationFedRAMP Government Discussion Matt Goodrich, FedRAMP Director
FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14, 2015 [classification marking] PAGE FedRAMP Overview Ensuring Secure Cloud Computing FedRAMP was established via OMB Memo in December
More informationFederal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationArcGIS and Enterprise Security
ArcGIS and Enterprise Security Leveraging ArcGIS in Cybersecurity Ken Stoni Secure Enterprise ArcGIS Best Practices Michael Young Visualizing the Virtual: A geospatial approach to cyber operations and
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationFedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO
FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO www.fedramp.gov www.fedramp.gov 1 Today s Training Welcome to Part Four of the FedRAMP Training Series:
More informationDeploying ArcGIS for Server using Managed Services
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Deploying ArcGIS for Server using Managed Services Erin Ross Andrew Sakowicz Esri UC2013. Technical cal
More informationArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young
ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies Michael E. Young Agenda Introduction ArcGIS Cloud Capabilities ArcGIS Online (SaaS) Security ArcGIS Cloud Providers ArcGIS IaaS Security
More informationArcGIS for Server: In the Cloud
DevSummit DC February 11, 2015 Washington, DC ArcGIS for Server: In the Cloud Bonnie Stayer, Esri Session Outline Cloud Overview - Benefits - Types of clouds ArcGIS in AWS - Cloud Builder - Maintenance
More informationFedRAMP Standard Contract Language
FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationHow To Cloud Compute At The Cloud At The Cyclone Center For Cnc
Cloud Computing at CDC Current Status and Future Plans Earl Baum March, 2014 1 Background Current Activities Agenda Use Cases, Shared Services and Other Considerations What s Next 2 Background Cloud Definition
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationDesigning an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain
Designing an Enterprise GIS Security Strategy 2014 Michael E. Young Matt Lorrain Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud Compliance Summary Introduction What is a secure GIS?
More informationDEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES
DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 Washington, DC 20420 Transmittal Sheet February 28, 2012 CLOUD COMPUTING SERVICES 1. REASON FOR ISSUE: This Directive establishes the Department of Veterans
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationInformation Assurance in the Cloud
Information Assurance in the Cloud The Status of FedRAMP, April 2013 AGA - Montgomery/Prince George s Chapter cliftonlarsonallen.com Session Outline 1. Cloud Services in Federal Government The Opportunity
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationSecurity Authorization Process Guide
Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...
More informationCloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent
Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationUsing ArcGIS for Server in the Amazon Cloud
Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder
More informationAppendix C Pricing Index DIR Contract Number DIR-TSO-2724
Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers
More informationDoD Cloud Computing Security Requirements Guide (SRG) Overview
DoD Cloud Computing Security Requirements Guide (SRG) Overview 1 General SRG Information Released 12 January 2015 Version 1, release 1 Provides comprehensive security guidance for components (missions)
More informationFedRAMP Master Acronym List. Version 1.0
FedRAMP Master Acronym List Version 1.0 September 10, 2015 Revision History Date Version Page(s) Description Author Sept. 10, 2014 1.0 All Initial issue. FedRAMP PMO How to Contact Us For questions about
More informationCloud Assessments. Federal Computer Security Managers Forum. John Connor, IT Security Specialist, OISM, NIST. Meeting.
Cloud Assessments SaaS Email Working Group John Connor, IT Security Specialist, OISM, NIST Meeting August, 2015 Background Photo - JILA strontium atomic clock (a joint institute of NIST and the University
More informationMicrosoft Azure. White Paper Security, Privacy, and Compliance in
White Paper Security, Privacy, and Compliance in Security, Privacy, and Compliance in Executive Summary The adoption of cloud services worldwide continues to accelerate, yet many organizations are wary
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationIntel IT Cloud 2013 and Beyond. Name Title Month, Day 2013
Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the
More informationPetroleum Web Applications to Support your Business. David Jacob & Vanessa Ramirez Esri Natural Resources Team
Petroleum Web Applications to Support your Business David Jacob & Vanessa Ramirez Esri Natural Resources Team Agenda Petroleum Web Apps to Support your Business The ArcGIS Location Platform Introduction
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationGuide to Understanding FedRAMP. Guide to Understanding FedRAMP
Guide to Understanding FedRAMP Version 1.0 June 5, 2012 Executive Summary This document provides helpful hints and guidance to make it easier to understand FedRAMP s requirements. The primary purpose of
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationDeploying Federal Geospatial Services
Deploying Federal Geospatial Services in the Cloud: Federal Geographic Data Committee (FGDC) and GSA GeoCloud Sandbox Initiative Doug Nebert USGS/FGDC December 2010 Draft For Official Use Only 1 Background
More informationWhy Migrate to the Cloud. ABSS Solutions, Inc. 2014
Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationSecurity Language for IT Acquisition Efforts CIO-IT Security-09-48
Security Language for IT Acquisition Efforts CIO-IT Security-09-48 Office of the Senior Agency Information Security Officer VERSION HISTORY/CHANGE RECORD Change Number Person Posting Change Change Reason
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationRisk Management Framework (RMF): The Future of DoD Cyber Security is Here
Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationSecurity of Cloud Computing for the Power Grid
ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 Security of Cloud Computing for the Power Grid Industry Panel November 12, 2014 UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY
More informationHow to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing
How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015.
ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015. This addendum is applicable to each purchase order that is subject to the State of Maryland s contract number 060B2490021-2015.
More informationFederal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration
efast Cloud Computing Services 25 October 2012 1 Bottom Line Up Front The FAA Cloud Computing Vision released in 2012 identified the agency's road map to meet the Cloud First Policy efast must provide
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationDLT Solutions and Amazon Web Services
DLT Solutions and Amazon Web Services For a seamless, cost-effective migration to the cloud PREMIER CONSULTING PARTNER DLT Solutions 2411 Dulles Corner Park, Suite 800 Herndon, VA 20171 Duane Thorpe Phone:
More informationNetIQ FISMA Compliance & Risk Management Solutions
N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationNetop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing
Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationPortal for ArcGIS: An Introduction
2013 Esri Mid-Atlantic User Conference December 10-11 Baltimore, MD Portal for ArcGIS: An Introduction Derek Law Esri, Redlands Agenda Web GIS Deployment patterns Portal for ArcGIS overview Security Integration
More informationMicrosoft Azure. Microsoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale
More informationHow to Turn the Promise of the Cloud into an Operational Reality
TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing
More informationEnsuring the Security of Your Company s Data & Identities. a best practices guide
a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management
More informationCompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:
CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification
More informationDEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1. 12 January 2015
DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1 12 January 2015 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense
More informationSecuring Government Clouds Preparing for the Rainy Days
Securing Government Clouds Preparing for the Rainy Days Majed Saadi Director, Cloud Computing Practice Agenda 1. The Cloud: Opportunities and Challenges 2. Cloud s Potential for Providing Government Services
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationNOTICE: This publication is available at: http://www.nws.noaa.gov/directives/.
Department of Commerce National Oceanic & Atmospheric Administration National Weather Service NATIONAL WEATHER SERVICE Instruction 60-701 28 May 2012 Information Technology IT Security Assignment of Responsibilities
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationTime to Value: Successful Cloud Software Implementation
Time to Value: Successful Cloud Software Implementation Cloud & Data Security 2015 Client Conference About the Presenter Scott Schimberg, CPA, CMA Partner, Consulting, Armanino Scott became a Certified
More informationHealthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation
Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationHow To Run A Cloud Computer System
Cloud Technologies and GIS Nathalie Smith nsmith@esri.com Agenda What is Cloud Computing? How does it work? Cloud and GIS applications Esri Offerings Lots of hype Cloud computing remains the latest, most
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationPrivacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015
For Person Authentication Service (PAS) Date: January 9, 2015 Point of Contact and Author: Hanan Abu Lebdeh Hanan.Abulebdeh@ed.gov System Owner: Ganesh Reddy Ganesh.Reddy@ed.gov Office of Federal Student
More informationFlying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues
Flying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues M. Peter Adler (SRA International, Inc.) David Z. Bodenheimer (Crowell & Moring LLP) Annejanette
More informationReview of the SEC s Systems Certification and Accreditation Process
Review of the SEC s Systems Certification and Accreditation Process March 27, 2013 Page i Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationAmazon Web Services: Risk and Compliance July 2015
Amazon Web Services: Risk and Compliance July 2015 (Consult http://aws.amazon.com/compliance/aws-whitepapers/ for the latest version of this paper) Page 1 of 128 This document is intended to provide information
More informationCompTIA Cloud+ 9318; 5 Days, Instructor-led
CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,
More informationVIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS
VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationBuilding Out Your Cloud-Ready Solutions. Clark D. Richey, Jr., Principal Technologist, DoD
Building Out Your Cloud-Ready Solutions Clark D. Richey, Jr., Principal Technologist, DoD Slide 1 Agenda Define the problem Explore important aspects of Cloud deployments Wrap up and questions Slide 2
More informationCloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013
From Science to Solutions Cloud Computing Cluster Introduction to Cloud Computing Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 Senior IT Strategist SAIC What is Cloud Computing? Cloud
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationDISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015
DISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015 New leadership breeds new policies and different approaches to a more rapid adoption of cloud services for the
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationSecuring Amazon It s a Jungle Out There
ANALYST BRIEF Securing Amazon It s a Jungle Out There PART 1 CONTROLS AND OPTIONS OFFERED BY AMAZON Author Rob Ayoub Overview Infrastructure as a service (IaaS) is a foundational component of modern cloud
More informationThird Party Cloud Services Its Adoption in the New Age
Solutions for higher performance! Third Party Cloud Services Its Adoption in the New Age 1 Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals
More informationHyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1.
HyTrust Product Applicability Guide For Federal Risk and Authorization Management Program (FedRAMP) VMware Compliance Reference Architecture Framework to the VMware Product Applicability Guide For Federal
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company
More informationGeoCloud Project Report USGS/EROS Spatial Data Warehouse Project
GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project Description of Application The Spatial Data Warehouse project at the USGS/EROS distributes services and data in support of The National
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationCost effective methods of test environment management. Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA
Cost effective methods of test environment management Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA 2013 Agenda Basic complexity Dynamic needs for test environments Traditional
More informationCloud and Data Center Security
solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More information