Enterprise Governance and Planning



Similar documents
Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Legal Issues in the Cloud: A Case Study. Jason Epstein


Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Managing Cloud Computing Risk

Cloud Computing; What is it, How long has it been here, and Where is it going?

IS PRIVATE CLOUD A UNICORN?

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Strategies for Secure Cloud Computing

Technology & Business Overview of Cloud Computing

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

White Paper on CLOUD COMPUTING

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

LEGAL ISSUES IN CLOUD COMPUTING

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Credit Unions and The Cloud. By: Chris Sachse

Cloud Computing for SCADA

Developing a Risk-Based Cloud Strategy

AskAvanade: Answering the Burning Questions around Cloud Computing

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

CSO Cloud Computing Study. January 2012

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

IT Labor (Hourly Billable) Data Base Hosting

VIRGINIA DEPARTMENT OF MOTOR VEHICLES SECURITY ARCHITECTURE POLICY. 03/27/09 Version

The NIST Definition of Cloud Computing (Draft)

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

The NIST Definition of Cloud Computing

Validating Enterprise Systems: A Practical Guide

ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT

This is an RFI and not a RFQ or ITN. Information gathered will lead to possible RFQ/ITN. This is a general RFI for all proposed solutions.

Federal Cloud Computing Initiative Overview

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Hengtian Information Security White Paper

Tutorial on Client-Server Architecture

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

REQUEST FOR INFORMATION FLORIDA AGENCY FOR STATE TECHNOLOGY CLOUD SERVICES AND SOLUTIONS RFI NO.:

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Outsourcing. w os WORKPLACE. it os IT SERVICE MANAGEMENT SERVICES BPO OUTSOURCING. ITO dos DATACENTER OPERATION SERVICES.

ICT Category Sub Category Description Architecture and Design

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

PLATFORM & INFRASTRUCTURE AS A SERVICE

Cloud Less Talk, More Action. Find your starting place and take action that makes sense for your organization.

AL RAFEE ENTERPRISES Solutions & Expertise.

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

EDC Collaboration White Paper Cloud Companion SM IT Services Delivery Transformation

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Incident Handling in the Cloud and Audit s Role

Mobile Admin Architecture

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Security & Trust in the Cloud

Retention & Destruction

6 Cloud computing overview

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Cloud Computing: Risks and Auditing

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

KASEYA CLOUD SOLUTION CATALOG 2016 Q1. UPDATED & EFFECTIVE AS OF: February 1, Kaseya Catalog Kaseya Copyright All rights reserved.

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

Cloud Services Overview

Securing the Service Desk in the Cloud

Web Application Hosting Cloud Architecture

TRG Clients in the Cloud Today

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

How To Write An Ets Request For Proposal (Rfp)

Kent State University s Cloud Strategy

Seeing Though the Clouds

EDC COLLABORATION WHITE PAPER Cloud Computing IT Services Delivery Transformation

Introduction to Cloud Services

Cloud Computing. Bringing the Cloud into Focus

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

WHAT S ON YOUR CLOUD? Workload Deployment Strategies for Private and Hybrid Clouds RESEARCH AND ANALYSIS PROVIDED BY TECHNOLOGY BUSINESS RESEARCH

NIST Cloud Computing Reference Architecture

How to Turn the Promise of the Cloud into an Operational Reality

Cloud Models and Platforms

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

NCTA Cloud Architecture

HELP DESK SUPERVISOR

2012 Cloud Computing. Key Trends and Future Effects

DIVISION OF ENGINEERING COMPUTING SERVICES DECS SERVICE DESK. Fall & Spring: Monday Thursday 8am to 9pm. Summer & Breaks:

Auditing Cloud Computing and Outsourced Operations

Secure Cloud Computing through IT Auditing

Next generation enterprise communications

The HIPAA Security Rule: Cloudy Skies Ahead?

Managed Services Computing

Public Versus Private Cloud Services

Private Cloud for WebSphere Virtual Enterprise Application Hosting

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Security Officer s Checklist in a Sourcing Deal

Hosted SharePoint: Questions every provider should answer

Cloud Computing. What is Cloud Computing?

Transcription:

GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15, 2011 Effective Date: July 15, 2011 POC for Changes: Synopsis: Enterprise Governance and Planning Specifies Georgia s Enterprise Operational Environment, Establishes Application Conversion Priorities, and Provides for Exceptions PURPOSE In 2008 and 2009, GTA executed a major project, acquiring by competitive bid comprehensive IT infrastructure services and managed network services for use by State agencies. By bundling together the IT infrastructure and managed network services requirements of the major agencies and leveraging resulting capabilities for the enterprise, GTA was able to acquire services that minimize the total cost of infrastructure ownership for the State while maximizing the benefits received. The cost model relies on maintaining the State s bulk acquisition power by using the winning service providers for the State s entire IT infrastructure and networking needs. To that end, it serves the best interest of the State for GTA to specify these IT infrastructure services and managed network services as Georgia s Enterprise Operational Environment (EOE). The purpose of this document is: To establish a Statewide requirement to use the EOE, To specify high level parameters of the EOE for agency awareness, and To provide specific conditions that alternatives to EOE must meet that reduce risk to the State. A major consideration in the execution of many IT investment projects involves the target operational environments of resulting systems or services. In order to appropriately specify the new IT system and, assuming no existing environmental constraints, one would either: Start from scratch to build a new environment, incurring infrastructure costs along with system costs, Design the new IT system to operate within an established environment, possibly making system design tradeoffs to fit into an established environment.

Use the software and environment delivered by a third party via pay-for-use or subscription basis costs. This option may allow agencies to avoid a lengthy, expensive State development project. An additional purpose of this standard is to foster communication between the agency and GTA when design/build decisions are being made. SCOPE and AUTHORITY See Information Technology Policies, Standards and Guidelines, policy (PM-04-001) STANDARD The IT infrastructure services and managed network services offered by the Georgia Technology Authority shall be Georgia s IT Enterprise Operational Environment (see below: Capabilities of the Enterprise Operational Environment). 1. All State agencies proposing to acquire new IT systems or services, or implementing significant modifications to the operational components of current IT systems or services, shall use the Enterprise Operational Environment to support the resulting IT systems or services operational requirements. Agencies experiencing exceptional circumstances when planning new IT systems or services, or significant modifications to current systems or services, including but not limited to circumstances such as financial constraints or beneficial outsourcing opportunities, may seek specific exemption from this provision from the State CIO. An exemption request should be processed no later than the investment s Planning Stage of the Enterprise Performance Lifecycle. 2. Third parties who provide IT as a service which is approved as an exemption to this standard shall meet specific minimum provisions to protect the State (agency) in the areas of security and recoverability. The following minimum provisions must be specified fully in the State/vendor contract and associated documents which describe the service: a) If the State (agency) is the data owner, the State (agency) shall retain all ownership of data. Likewise, if the State (agency) is granted custodial authority by the data owner, the State (agency) shall retain custodial authority of the data. b) The third party shall satisfy all provisions of State, federal and other regulatory requirements imposed on the State agency (such as HIPAA), c) The third party s operational environment(s) design topology shall be designed with an appropriate level (Tier I through Tier IV, Uptime Institute s Data Center Tier Classification System ) to meet the business needs of the agency/solution. d) Data in storage, in processing and in transit between agency and third party physical locations shall be protected by appropriate encryption, security and data protection based on the data categorization assigned by the data owner. Vendor practices for encryption, access monitoring, security and privacy audits shall be defined. e) The third party shall be in compliance with State and agency information technology and security standards, f) The third party shall segregate State (agency) data from other customers

data at all times. g) The third party shall operate business continuity and disaster recovery processes to meet the business needs of the agency. h) Exit clauses and merger-and-acquisition protections. i) Uptime and performance service-levels with contractual incentives and/or financial penalties to ensure vendor support. j) Key schedules defining how work will be performed, scope of work, deliverables, roles and responsibilities. BACKGROUND and DEFINITIONS: SERVICES PROVIDED BY GEORGIA S INFRASTRUCTURE AND MANAGED NETWORK CONTRACTS The Infrastructure and Managed Network Services contracts include but are not limited to acquisition, operation and support of the following technologies service areas: a. Mainframe (IBM) b. Application Server (Windows and Unix) c. Utility Server (Email, DNS, DHCP, Blackberry, etc.) d. Server Storage e. Firewall / DMZ f. End User Computing i. Personal computers, Laptops, Thin Client, Tablet PC ii. Network Printers and Scanners iii. Non-Standard or Specialized Equipment & Software, e.g. time clocks, finger printing equipment, etc. g. Telephony (Digital and Analog) i. Premise Based Systems, e.g. PBX and Key System ii. Central Office Based Systems, e.g. Centrex iii. Voice Mail iv. Contact Center Seat h. Interactive Voice Response Systems (IVR) and Auto Attendants i. Local and Wide Area Networks to include Wireless Access Points and Internet Access j. Virtual Private Networks (VPN) to include single and two factor authentication k. Video Conferencing l. Related Cross Functional Services (Disaster Recovery, Security, Service Desk, etc.) CAPABILITIES OF THE ENTERPRISE OPERATIONAL ENVIRONMENT Georgia s Enterprise Operational Environment (EOE) operated via Georgia Enterprise Technology Services (GETS) is a Tier 4 data center with redundant power, network, and cooling. GETS provides and supports the computing hardware, network, storage, operating systems, and physical database. Computing platforms supported by GETS include several flavors of UNIX (AIX, Solaris, and Linux) and all supported versions of Windows, Z/OS, and AS/400. Other platforms can be

supported on request. GETS provides database support for DB/2, Oracle, and SQL Server, with other relational databases on request. APPLICATION LAYER AND DATABASE RESPONSIBILITIES OF AGENCIES USING EOE The application layer and logical database services are not provided by GETS and is the sole responsibility of the business owner agency. For application services, the business owner agency should understand that most mainstream computing platforms are supported by GETS. Agencies planning to source the EOE for its applications services should specify what computing platform their application service uses, as well as dependencies for operating system, database, application servers, web servers, and other middleware, as well as enumerate any other specific software services (Active Directory, clustering, etc.). Access to production is limited for agency and third party developers, so the application and any patches or updates must be packaged such that they can deployed by EOE personnel through a formal change control process. Access to development, test, and production environments are typically through an SSL-VPN and secure shell or remote desktop. Infrastructure security services are provided by GETS (firewalls, virus protection, intrusion protection, etc.), as are backup services. The application layer is the sole responsibility of the respondent. Any regulatory requirements requiring the encryption of data in motion or data at rest should be provided at the application layer. DEFINITIONS IT System: An IT system is a discrete set of information resources (workstations, servers, applications, network, etc) working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Operational systems are those IT systems that are readily available, in use and actively supporting the business. It is also common in the industry nomenclature to call these systems Production Systems. IT as a Service: Services, which are information technology based, utilizing IT assets that are owned, delivered and managed remotely by one or more providers. Services based on common assets (code, platform, and/or infrastructure) that are consumed in a one-to-many model by all contracted customers anytime, typically on a pay-for-use basis, or as a subscription based on use metrics. EXCEPTIONS THAT MAY APPLY SUBJECT TO GTA APPROVAL Several IT as a Service offerings are found in today s market, often in subscription or service-on-demand solutions. The following generic descriptions of service and deployment models should be referred to by agencies when requesting an exception from this standard:

Service Models: Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Deployment Models: Private Cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community Cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public Cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid Cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information