Presented by: Harry Lee, Senior Computer Scientist for Infrastructure U.S. Census Bureau December...
description
Transcript of Presented by: Harry Lee, Senior Computer Scientist for Infrastructure U.S. Census Bureau December...
“Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are
Clouds” Federal Committee for Statistical Methodology (FCSM)
Policy Conference
Presented by:
Harry Lee, Senior Computer Scientist for InfrastructureU.S. Census Bureau
December 5, 2012
U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU
Census Bureau Cloud Approach OverviewAgenda
2U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU
• Cloud Computing Defined
• Why Cloud?
• Census Hybrid Cloud Approach
• Internal Census Use of Cloud Services
• External Access to Census Data and Services
• Shared Infrastructure and Services
• What Controls are Needed?
• Is the “Cloud” Safe Enough?
• Questions
Census Bureau Cloud Approach OverviewCloud Computing Defined
3U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU
The NIST Definition of Cloud Computing
“Cloud computing is a model for enabling
convenient, on-demand network access to a
shared pool of configurable computing
resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly
provisioned and released with minimal
management effort or service provider
interaction. This cloud model is composed of
five essential characteristics, three service
models, and four deployment models.”
Census Bureau Cloud Approach OverviewWhy Cloud?
4U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU
Alignment with Federal Government Goals, Objectives and Initiatives, primary examples include:
• 25 Point Implementation Plan to Reform Federal Information Technology Management (12/9/2010)• “Cloud First” Policy when looking to add IT resources
and or capabilities
• Federal Cloud Computing Strategy (2/8/2011)• Highly reliable, innovative services quickly
despite resource constraints
• Digital Government Strategy (5/23/2012)• Better content and data through
multiple channels
Census Bureau Cloud Approach OverviewWhy Cloud?
5U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU
Cloud Benefits - Better, Faster, Cheaper…….even “Greener”
Efficiency• Improved asset utilization (server utilization > 60-70%)• Aggregated demand and accelerated system consolidation
(e.g., Federal Data Center Consolidation Initiative)• Improved productivity in application development,
application management, network, and end-user
Agility• Purchase “as-a-service” from trusted cloud providers• Near-instantaneous increases and reductions in capacity• More responsive to urgent agency needs
Innovation• Shift focus from asset ownership to service management• Tap into private sector innovation• Encourages entrepreneurial culture• Better linked to emerging technologies (e.g., devices)
Census Bureau Cloud Approach OverviewHybrid Cloud Approach
(composition of two or more clouds that remain unique entities but are bound together, offering the
benefits of multiple deployment models.)
• 3 Cloud Model – Private, Government Community, Public
• 2 Consumer Groups – Internal (Census, Partners), External (Gov, Public)
• Multiple levels of security – data, apps, network, device, user
• Multiple methods of data access – web site, web apps, APIs, VDI, LAN
• Shared Infrastructure – network, servers, storage, security
• Shared Services – data management, collaboration, applications
• Governance & Compliance
7
Census Bureau Cloud Approach OverviewBoth internal and external Census customers use a growing list of IT services
8
Census Bureau Cloud Approach OverviewCensus’ public API - Makes data available to developers, both inside and outside of Census
9
Census Bureau Cloud Approach OverviewMobile applications provide powerful data visualization of the nation’s economy, people & places
10U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU
Census Bureau Private Cloud
Teleworker/WAH
Firewall
Authorized External
Using personally owned PCs, MACs,
or tablets users view work sessions run through a firewall
and processed in the Census Bureau’s
Private Cloud
#1
Users work with files and applications
which are centrally located
Session A
Session B
Session B
Session A
Idle (Available Resources)
Session C
Session C
Session D
Session D
Session E
Session E
#2
All system administration tasks, systems and
software upgrades, backup of user files, etc. occur
within the Census Bureau’s Private Cloud
#4
Users located at Census Headquarters
Virtual Desktop Infrastructure
Threats of the user’s device contaminating Census Bureau systems and/or network are eliminated#3
Note: The Census VDI infrastructure is currently capable of supporting over 10,000 users, is scalable to over a million users, and provides the opportunity to replace all desktops PCs with thin clients.
Census Bureau Cloud Approach Overview Enabling Telework via a Virtual Desktop Infrastructure (VDI)4 Points about VDI
Census Bureau Cloud Approach OverviewWhat Controls are Needed?
• Data Security – Secure the data as primary security control
• Application Security – Build security into the application as well as the data being accessed
• Network Security – User and device network access controls
• Device Security – Control and protect the devices accessing your data/systems
• User Authentication and Authorization – For access to “protected” data and associated services
• Web Browser Security - Cloud users and administrators rely heavily on Web browsers, so browser security features can lead to cloud security breaches
Census Bureau Cloud Approach OverviewIs the “Cloud” Safe Enough?
• With the proper security controls (based on level of data sensitivity)
• With the proper visibility (into access and usage)
• With the proper reviews (into who and what; and how to improve controls)
Questions?
Census Bureau Mission“The Census Bureau serves as the leading source of quality data about the nation's people and economy. We honor privacy, protect confidentiality,
share our expertise globally, and conduct our work openly. We are guided on this mission by our strong and capable workforce, our readiness to innovate, and our abiding commitment to our customers.”