Federal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration



Similar documents
Seeing Though the Clouds

Managing Cloud Computing Risk

Cloud Computing. What is Cloud Computing?

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Cloud Security Introduction and Overview

Cloud Courses Description

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

journey to a hybrid cloud

Cloud Courses Description

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

How To Cloud Compute At The Cloud At The Cyclone Center For Cnc

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Validating Enterprise Systems: A Practical Guide

IBM EXAM QUESTIONS & ANSWERS

Securing Government Clouds Preparing for the Rainy Days

Security Issues in Cloud Computing

6 Cloud computing overview

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Cloud Computing Thunder and Lightning on Your Horizon?

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Delivering Security From The Cloud: Turning a Risk into a Weapon. John Pescatore SANS, Director Emerging Security Trends

Cloud Computing Technology

Cloud Brokerage Industry Day August 2, Panel Questions & Answers

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Overview. FedRAMP CONOPS

Cloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Computing Security Issues

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

CHAPTER 8 CLOUD COMPUTING

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

Cloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA

How To Protect Your Cloud From Attack

Fundamental Concepts and Models

security in the cloud White Paper Series

FAA Cloud Computing Strategy

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

Cloud Computing are you ready?

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Enterprise Managed Cloud Computing at NASA. Karen Petraska NASA Office of the CIO Computing Services Service Office (CSSO) October 1, 2014

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

AskAvanade: Answering the Burning Questions around Cloud Computing

IS PRIVATE CLOUD A UNICORN?

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

1 America Square, London 30 th May Cloud Computing: What Are My Options?

Chapter 14 Applying What You Have Learned

Securing the Physical, Virtual, Cloud Continuum

Cloud Virtualization Specialist Certification Self-Study Kit Bundle

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Fundamental Concepts and Models

What Cloud computing means in real life

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

Federal Cloud Security

Cloud Security Trust Cisco to Protect Your Data

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE

Getting Familiar with Cloud Terminology. Cloud Dictionary

Lecture 02b Cloud Computing II

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

NIST Cloud Computing Reference Architecture

Electronic Records Storage Options and Overview

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Module 1: Facilitated e-learning

Cloud Computing Terms:

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Capability Paper. Today, aerospace and defense (A&D) companies find

TESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY

Delivering Managed Services Using Next Generation Branch Architectures

Cloud Computing, and REST-based Architectures Reid Holmes

Private vs. Public Cloud Solutions

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Leveraging the Cloud. September 22, Digital Government Institute Cloud-Enabled Government Conference Washington, DC

Cloud Computing; What is it, How long has it been here, and Where is it going?

From the Bottom to the Top: The Evolution of Application Monitoring

Security Threat Risk Assessment: the final key piece of the PIA puzzle

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Esri Managed Cloud Services and FedRAMP

Re: Proposed Change to Add a Cloud Computing Special Item Number (SIN) on IT Schedule 70

Refresher on cloud computing

Architecting the Cloud

CLOUD BASED SCADA. Removing Implementation and Deployment Barriers. Liam Kearns Open Systems International, Inc.

EXIN Cloud Computing Foundation

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Transcription:

efast Cloud Computing Services 25 October 2012 1

Bottom Line Up Front The FAA Cloud Computing Vision released in 2012 identified the agency's road map to meet the Cloud First Policy efast must provide the contractual tools, labor categories and vehicle to assist the agency achieving the Cloud First mandate by adding a Cloud Services functional area. 2

Cloud Fundamentals On-demand self-service. The ability for an end user to sign up and receive services without the long delays that have characterized traditional IT Broad network access. Ability to access the service via standard platforms (desktop, laptop, mobile etc.) Resource pooling. Resources are pooled across multiple customers Rapid elasticity. Capability can scale to cope with demand peaks Measured Service. Billing is metered and delivered as a utility service 3

Deployment Models Private Cloud Community Cloud Public Cloud Hybrid Cloud 4

Cloud Services Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Cloud Security 5

Cloud Security Firewall: Customer Managed, Broker Managed, Co-Managed Intrusion Detection Systems: Network and Host Based Intrusion Prevention Systems: Network and Host Based Logging: Export to Client or Brokers Log Aggregation Servers and Security Event and Information Manager Managed Secure information Event and Information manager and 24/7 SOC monitoring Encryption: Various Solutions for data in motion and at rest and in archive (VPN s, Database and Tape Encryption) Managed File Integrity monitoring Managed Application Layer Firewalls: Host and Network Based Managed Scanning: Vulnerability Analysis for Network, Application and Database Managed Netflow Aggregation and Anomalous Behavior Monitoring Managed Full Network Packet/Disk/Memory Image Capture and Forensics Managed Incident Response Managed End User Analytics and Root Cause Analysis 3 rd Party Auditor Cloud Architecture and requirements 6

CLOUD BROKER A cloud broker provides the bridge functions from cloud consumer to Cloud Service Provider (CSP). The role of a CSP can blur the security responsibilities between both parties involved. Consideration of security zones and the resulting risk assumptions by the entities need to be identified, assigned, and mitigated during implementation. Ideally any implementation of a cloud brokerage contract vehicle would provide significant baseline security to streamline customer agency effort in obtaining a security authorization to operate (ATO) for the services provided. FedRAMP will serve as the baseline security authorization avenue for all cloud services. 7

Service Level Agreement Metrics Customer-based SLA: An agreement with an individual customer group, covering all the services they use. Service-based SLA: An agreement for all customers using the services being delivered by the service provider. For example: Multilevel SLA: The SLA is split into the different levels, each addressing different set of customers for the same services, in the same SLA. Corporate-level SLA: Covering all the generic service level management (often abbreviated as SLM) issues appropriate to every customer throughout the organization.. Customer-level SLA: covering all SLM issues relevant to the particular customer group, regardless of the services being used. Service-level SLA: covering all SLM issue relevant to the specific services, in relation to this specific customer group. 8

SWOT Strengths Weaknesses Opportunities Threats Increased Cost Efficiency Performance data center consolidation venerable Increased Provisioning Speed Security net-centricity limited competition Scalability Reliability information sharing IT cost savings Safety shared services Bandwidth innovation Single point of failure 9

Recommendations Amend the efast master MOA to add a functional areas to support Cloud Services. Identify efast companies that can provide cloud broker services to assist migration to cloud. Consider offering consulting services for migrating to Cloud PaaS, IaaS and SaaS services (with the corresponding engineering, analysis, management and security labor categories by leveraging the exiting functional labor categories). Conduct additional analysis to add labor categories to support the 3 rd party auditors to support FedRamp Certification and Accreditation. Leverage the contractual documents used by the GSA to the fullest extent and modifying those documents (SOO, Evaluation Criteria etc.) to meet the efast acquisition standards and templates saving the contract office both time and money. 10

Recommendations efast contract not offer Email as a Service (EaaS) since the FAA is currently working that effort in another initiative. Since many of the CSPs are large businesses with small business partners, recommend that the small business ratio be waived for the first two years to enable efast contractors to perform less than 51% or work. efast contract coordinates closely with the Agency s Strategic Cloud Plan to ensure both compliance and interoperability. 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information