An Overview of GovCloud Today

Kevin L. JacksonGeneral Manager Cloud ServicesNJVC, LLC

Cloud Computing Not a new technology but a new approach in the provisioning and

consumption of information technology A services oriented architecture (SOA) implemented typically on a

virtualized infrastructure (compute, storage, networks) using commodity components coupled with highly automated controls enable the five essential characteristics of cloud computing.

Key Concerns Standards Portability Control/Availability Security IT Policy Management /

Monitoring Ecosystem

Key Benefits Significant cost reductions Reduced time to capability Increased flexibility Elastic scalability Increase service quality Increased security Ease of technology refresh Ease of collaboration Increased efficiency

Cloud Computing: Value and Capabilities Time

Reduce time to deliver/execute mission Increased responsiveness/flexibility/availability

Cost Optimizing cost to deliver/execute mission Optimizing cost of ownership (lifecycle cost) Increased efficiencies in capital/operational

expenditures Quality

Environmental improvements Experiential improvements

Federal Information Technology Reform

U.S. Federal Cloud Computing Market Forecast 2010-2015

Market Media Research

Cloud Spending

Decision Framework for Cloud Migration

Framework is flexible and can be adjusted to meet individual agency needs

FedRAMP

FedRAMP A&A and Continuous Monitoring

Categorize (Low, Moderate, High) cloud service offering Assists sponsoring Federal Agencies to ensure appropriate

categorization of data Select and tailor FedRAMP Security Control baseline Assists Sponsoring Federal Agencies in supplementing the

FedRAMP Security Control Baseline Document generic controls implementation Joint Authorization Board review and approval process

assistance System Security Plan development Third party independent assessment of security control

effectiveness Security Assessment Report (SAR) document Plan of Action and Milestones for remediation Refinement until accepted by JAB Continuous Monitoring Plan for the cloud service offering

Continuous Monitoring Deliverables

Vulnerability/Patch Management Scanning and Reporting

Configuration Scanning and Reporting Incident Response Planning and

Response POA&M Mitigation and Remediation Change Management and Control Penetration Testing A&A Documentation Maintenance Contingency Plan Testing

GSA Infrastructure-as-a-Service Blanket Purchase Agreement

Lot 1: Cloud Storage Services Scalable, redundant, dynamic Web-based storage Procure and use data and file storage capabilities remotely via the Internet File and object data storage capabilities on-demand, dynamically scalable per

request and via the Internet Lot 2: Virtual Machines

Scalable, redundant, dynamic computing capabilities or virtual machines Procure and provision computing services or virtual machine instances online via

the Internet Remotely load applications and data onto the computing or virtual machine

instance from the Internet Configuration and management of virtual machines via a Web browser over the

Internet Procure and provision block storage capabilities for cloud virtual machines remotely

via the Internet Block storage capabilities on-demand, dynamically scalable per request for virtual

machine instances Lot 3: Cloud Web Hosting

Web application hosting services in the cloud: scalable, redundant, dynamic web hosting service

Procure and provision web hosting service online via the Internet Securely load applications and data onto the provider’s service remotely from the

Internet Configuration of Cloud Web hosting services via a Web browser over the Internet

GSA IaaS BPA Awardees and Capabilities

Vendor Cloud Storage

Virtual Machines

Web Hosting

Apptis, Inc. X X

AT&T X X

Autonomic Resources X

Carahsoft X

CGI Federal Inc. X X

Computer Literacy World (NJVC)

X X X

Computer Technology Consultants

X X X

Eyak Tech LLC X X X

General Dynamics Information Technology

X

Insight Public Sector X

Savvis Federal Systems X X

Verizon Federal Inc. X

Public Cloud vs. Federal Community CloudPublic Cloud Federal Community Cloud

Datacenters Worldwide Locations including foreign watchlist countries.

Facilities and the physical and virtual hardware that is located within the CONUS.

Users Worldwide public with no restrictions or controls.

NGA employees, approved/authorized national & worldwide partners and contractors

Legal and regulatory environment

Multinational with no single point of accountability

US Federal modified IAW Federal Cloud Computing Initiative requirements

IT Governance Multinational with no common governance structure

US Federal modified IAW Federal Cloud Computing Initiative requirements with NGA organizational modification

Security Certifications Commercial best practices with limited adaptability and flexibility

Infrastructure certified and authorized to operate by General Services Administration at a Federal Information Security Management Act (FISMA) Moderate level. IAW Federal Cloud Computing Initiative and FedRAMP requirements

Risk Management Commercial best practices Infrastructure certified and authorized to operate by General Services Administration at a FISMA Moderate level.IAW Federal Cloud Computing Initiative and FedRAMP requirements 

Data ownership In Accordance With (IAW) negotiated service provider Service Level Agreement (SLA) The Government shall retain ownership of any user created/loaded data and applications hosted on vendor’s

infrastructure, and maintains the right to request full copies of these at any time.Cloud Computing Services IAW negotiated service provider SLA

Cloud Computing solution that aligns to the “Essential Characteristics” as defined in the National Institute of Standards and Technology (NIST) Working Definition

Internet Access IAW negotiated service provider SLAA Tier 1 network is an Internet Protocol (IP) network that participates in the Internet solely via Settlement Free Interconnection, also known as settlement free peering.

Firewalls IAW negotiated service provider SLAA firewall policy that allows the Government to administer it remotely, or the service provider administers firewall policy in accordance with the Government’s direction, allowing the Government to have read-only access to inspect the firewall configuration.

IP Addressing IAW negotiated service provider SLAAllow mapping IP addresses to domains owned by the Government, allowing websites or other applications operating in the Cloud to be viewed externally as Government URLs and services as well as an infrastructure that is IPv6 capable.

Section 508 Compliance IAW negotiated service provider SLA All electronic and information technology procured through any resultant Blanket Purchase Agreement (BPA) must meet the applicable accessibility standards at 36 CFR 1194, unless an agency exception to this requirement exists. The 36 CFR 1194 implements Section 508 of the Rehabilitation Act of 1973, as amended.

Personnel IAW negotiated service provider SLA Documentation furnished reflecting favorable adjudication of background investigations for all personnel supporting the system. Service providers shall comply with GSA order 2100.1 – IT Security Policy and GSA Order CIO P 2181 – HSPD-12 Personal Identity Verification and Credentialing Handbook.

IC Cloud Computing

16

DISA Enterprise Cloud Services Reduce Attack Surface

Configure securely, automatically Enhance perimeter defenses – defense in depth Drive out anonymity

Improved And Safe Sharing Cross domain flows as an enterprise service Evolve directory, identity, and access control to support net-centricity

Improved Network C2 Improved cyber readiness Improved situational awareness Cyber attack detection, diagnosis, reaction at network speed

Increased Operational Effectiveness Increased Warfighter access to required information and services, especially across

organizational and security boundaries Increase network flexibility, allowing for rapid response to operational conditions (e.g.

Haiti) Increased Information Security

Strong cryptographic authentication (PKI) Standardize access policies to enable more consistent access decisions Increase agility and interoperability with the implementation of commercial standards

17

A Combat Support Agency

Defense Information Systems Agency

Death of the Relational Database

Country

Germany

BMW

Truck

Car

SUV

Volkswagen

…

…

…Audi

Japan

Toyota

Honda

Mazda

US

Ford

Chrysler

GM …

18

Search

German, BMW, Truck

German, BMW, Car

German, BMW, SUV

German Volkswagen,

Truck

…

…

…

…

US, GM, SUV

3t 1t

The economics of data storage led to the use of content addressable storage, flat storage architectures and internet scaling.

Database design, database tuning no longer required with infinite scalability and consistent responsiveness

Traditional Analytics

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

19NJVC, LLC Proprietary Data. Do Not

Distribute

Traditionally, lexical searches, filtering or Boolean search attributes are used to reduce data to a “working set”. Analytical tools are then applied to this “working set”.

All Data Sources / Types

Tools/Analysis Reports/Conclusions

Cloud Enables Searching All the Data, All the Time

20NJVC, LLC Proprietary Data. Do Not

Distribute

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

Reports/Conclusions

Hybrid Enterprise

Enterprise IT Outsourced IT Cloud Services

Datacenter Operations

Manual Automated

Operational Funding Model

CAPEX – Buy, Build, Run, Refresh OPEX – Select, manage and monitor

IT services

Security

Infrastructure-centric security Data-centric security

Conclusions Cloud computing is a technological evolution “Drive for scale” (Internet) and “Drive for cheap”

(Commodity components, Extensive automation) and the economics of Moore’s Law (Cheap storage) led to a new business model and a revolutionary economic model

Fiscal realities and business model economics are driving rapid government adoption of cloud computing

Cloud computing is accelerating in the global marketplace. Government cloud computing is also accelerating

Shift from infrastructure-centric to data-centric security is inevitable

Cloud computing can also enable significant enhancements in many agency mission areas

US Federal Agencies are responding quickly to the “Cloud First” policy

If you don’t have a cloud computing strategy in place now, you’re behind the curve

Thank You !Kevin L. JacksonDirector, Cloud ServicesNJVC, LLC(703) 335-0830Kevin.jackson@NJVC.comhttp://www.NJVC.com http://kevinljackson.blogspot.com http://govcloud.ulitzer.com