AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016
Overview of GovCloud Today
-
Upload
tasc-inc -
Category
Technology
-
view
1.694 -
download
0
Transcript of Overview of GovCloud Today
An Overview of GovCloud Today
Kevin L. JacksonGeneral Manager Cloud ServicesNJVC, LLC
Cloud Computing Not a new technology but a new approach in the provisioning and
consumption of information technology A services oriented architecture (SOA) implemented typically on a
virtualized infrastructure (compute, storage, networks) using commodity components coupled with highly automated controls enable the five essential characteristics of cloud computing.
Key Concerns Standards Portability Control/Availability Security IT Policy Management /
Monitoring Ecosystem
Key Benefits Significant cost reductions Reduced time to capability Increased flexibility Elastic scalability Increase service quality Increased security Ease of technology refresh Ease of collaboration Increased efficiency
Cloud Computing: Value and Capabilities Time
Reduce time to deliver/execute mission Increased responsiveness/flexibility/availability
Cost Optimizing cost to deliver/execute mission Optimizing cost of ownership (lifecycle cost) Increased efficiencies in capital/operational
expenditures Quality
Environmental improvements Experiential improvements
Federal Information Technology Reform
U.S. Federal Cloud Computing Market Forecast 2010-2015
Market Media Research
Cloud Spending
Decision Framework for Cloud Migration
Framework is flexible and can be adjusted to meet individual agency needs
FedRAMP
FedRAMP A&A and Continuous Monitoring
Categorize (Low, Moderate, High) cloud service offering Assists sponsoring Federal Agencies to ensure appropriate
categorization of data Select and tailor FedRAMP Security Control baseline Assists Sponsoring Federal Agencies in supplementing the
FedRAMP Security Control Baseline Document generic controls implementation Joint Authorization Board review and approval process
assistance System Security Plan development Third party independent assessment of security control
effectiveness Security Assessment Report (SAR) document Plan of Action and Milestones for remediation Refinement until accepted by JAB Continuous Monitoring Plan for the cloud service offering
Continuous Monitoring Deliverables
Vulnerability/Patch Management Scanning and Reporting
Configuration Scanning and Reporting Incident Response Planning and
Response POA&M Mitigation and Remediation Change Management and Control Penetration Testing A&A Documentation Maintenance Contingency Plan Testing
GSA Infrastructure-as-a-Service Blanket Purchase Agreement
Lot 1: Cloud Storage Services Scalable, redundant, dynamic Web-based storage Procure and use data and file storage capabilities remotely via the Internet File and object data storage capabilities on-demand, dynamically scalable per
request and via the Internet Lot 2: Virtual Machines
Scalable, redundant, dynamic computing capabilities or virtual machines Procure and provision computing services or virtual machine instances online via
the Internet Remotely load applications and data onto the computing or virtual machine
instance from the Internet Configuration and management of virtual machines via a Web browser over the
Internet Procure and provision block storage capabilities for cloud virtual machines remotely
via the Internet Block storage capabilities on-demand, dynamically scalable per request for virtual
machine instances Lot 3: Cloud Web Hosting
Web application hosting services in the cloud: scalable, redundant, dynamic web hosting service
Procure and provision web hosting service online via the Internet Securely load applications and data onto the provider’s service remotely from the
Internet Configuration of Cloud Web hosting services via a Web browser over the Internet
GSA IaaS BPA Awardees and Capabilities
Vendor Cloud Storage
Virtual Machines
Web Hosting
Apptis, Inc. X X
AT&T X X
Autonomic Resources X
Carahsoft X
CGI Federal Inc. X X
Computer Literacy World (NJVC)
X X X
Computer Technology Consultants
X X X
Eyak Tech LLC X X X
General Dynamics Information Technology
X
Insight Public Sector X
Savvis Federal Systems X X
Verizon Federal Inc. X
Public Cloud vs. Federal Community CloudPublic Cloud Federal Community Cloud
Datacenters Worldwide Locations including foreign watchlist countries.
Facilities and the physical and virtual hardware that is located within the CONUS.
Users Worldwide public with no restrictions or controls.
NGA employees, approved/authorized national & worldwide partners and contractors
Legal and regulatory environment
Multinational with no single point of accountability
US Federal modified IAW Federal Cloud Computing Initiative requirements
IT Governance Multinational with no common governance structure
US Federal modified IAW Federal Cloud Computing Initiative requirements with NGA organizational modification
Security Certifications Commercial best practices with limited adaptability and flexibility
Infrastructure certified and authorized to operate by General Services Administration at a Federal Information Security Management Act (FISMA) Moderate level. IAW Federal Cloud Computing Initiative and FedRAMP requirements
Risk Management Commercial best practices Infrastructure certified and authorized to operate by General Services Administration at a FISMA Moderate level.IAW Federal Cloud Computing Initiative and FedRAMP requirements
Data ownership In Accordance With (IAW) negotiated service provider Service Level Agreement (SLA) The Government shall retain ownership of any user created/loaded data and applications hosted on vendor’s
infrastructure, and maintains the right to request full copies of these at any time.Cloud Computing Services IAW negotiated service provider SLA
Cloud Computing solution that aligns to the “Essential Characteristics” as defined in the National Institute of Standards and Technology (NIST) Working Definition
Internet Access IAW negotiated service provider SLAA Tier 1 network is an Internet Protocol (IP) network that participates in the Internet solely via Settlement Free Interconnection, also known as settlement free peering.
Firewalls IAW negotiated service provider SLAA firewall policy that allows the Government to administer it remotely, or the service provider administers firewall policy in accordance with the Government’s direction, allowing the Government to have read-only access to inspect the firewall configuration.
IP Addressing IAW negotiated service provider SLAAllow mapping IP addresses to domains owned by the Government, allowing websites or other applications operating in the Cloud to be viewed externally as Government URLs and services as well as an infrastructure that is IPv6 capable.
Section 508 Compliance IAW negotiated service provider SLA All electronic and information technology procured through any resultant Blanket Purchase Agreement (BPA) must meet the applicable accessibility standards at 36 CFR 1194, unless an agency exception to this requirement exists. The 36 CFR 1194 implements Section 508 of the Rehabilitation Act of 1973, as amended.
Personnel IAW negotiated service provider SLA Documentation furnished reflecting favorable adjudication of background investigations for all personnel supporting the system. Service providers shall comply with GSA order 2100.1 – IT Security Policy and GSA Order CIO P 2181 – HSPD-12 Personal Identity Verification and Credentialing Handbook.
IC Cloud Computing
16
DISA Enterprise Cloud Services Reduce Attack Surface
Configure securely, automatically Enhance perimeter defenses – defense in depth Drive out anonymity
Improved And Safe Sharing Cross domain flows as an enterprise service Evolve directory, identity, and access control to support net-centricity
Improved Network C2 Improved cyber readiness Improved situational awareness Cyber attack detection, diagnosis, reaction at network speed
Increased Operational Effectiveness Increased Warfighter access to required information and services, especially across
organizational and security boundaries Increase network flexibility, allowing for rapid response to operational conditions (e.g.
Haiti) Increased Information Security
Strong cryptographic authentication (PKI) Standardize access policies to enable more consistent access decisions Increase agility and interoperability with the implementation of commercial standards
17
A Combat Support Agency
Defense Information Systems Agency
Death of the Relational Database
Country
Germany
BMW
Truck
Car
SUV
Volkswagen
…
…
…Audi
Japan
Toyota
Honda
Mazda
US
Ford
Chrysler
GM …
18
Search
German, BMW, Truck
German, BMW, Car
German, BMW, SUV
German Volkswagen,
Truck
…
…
…
…
US, GM, SUV
3t 1t
The economics of data storage led to the use of content addressable storage, flat storage architectures and internet scaling.
Database design, database tuning no longer required with infinite scalability and consistent responsiveness
Traditional Analytics
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
19NJVC, LLC Proprietary Data. Do Not
Distribute
Traditionally, lexical searches, filtering or Boolean search attributes are used to reduce data to a “working set”. Analytical tools are then applied to this “working set”.
All Data Sources / Types
Tools/Analysis Reports/Conclusions
Cloud Enables Searching All the Data, All the Time
20NJVC, LLC Proprietary Data. Do Not
Distribute
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
Reports/Conclusions
Hybrid Enterprise
Enterprise IT Outsourced IT Cloud Services
Datacenter Operations
Manual Automated
Operational Funding Model
CAPEX – Buy, Build, Run, Refresh OPEX – Select, manage and monitor
IT services
Security
Infrastructure-centric security Data-centric security
Conclusions Cloud computing is a technological evolution “Drive for scale” (Internet) and “Drive for cheap”
(Commodity components, Extensive automation) and the economics of Moore’s Law (Cheap storage) led to a new business model and a revolutionary economic model
Fiscal realities and business model economics are driving rapid government adoption of cloud computing
Cloud computing is accelerating in the global marketplace. Government cloud computing is also accelerating
Shift from infrastructure-centric to data-centric security is inevitable
Cloud computing can also enable significant enhancements in many agency mission areas
US Federal Agencies are responding quickly to the “Cloud First” policy
If you don’t have a cloud computing strategy in place now, you’re behind the curve
Thank You !Kevin L. JacksonDirector, Cloud ServicesNJVC, LLC(703) [email protected]://www.NJVC.com http://kevinljackson.blogspot.com http://govcloud.ulitzer.com