Government Transparency: Cross-cutting Business Use ... - NASA

lovingbangInternet και Εφαρμογές Web

3 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

84 εμφανίσεις

Government Transparency:

Cross
-
cutting Business Use Cases for Cloud Computing

Dr. Richard L. Klobuchar, SAIC

August 17,
2011

Introduction


“Cloud
-
First” Strategy and 25
-
Point Plan


Important Role of NIST


Definitions,
FedRAMP
, Reference
Architecture, SAJACC, Business Use Cases


Why, When, and Where does it make good business sense to

migrate to a cloud?


Cross
-
cutting business use cases


What business functions

make sense?


Role of GSA Infrastructure
-
as
-
a
-
Service (IAAS) and

Email
-
as
-
a
-
Service (EAAS)


NEW!!!


Observations and final thoughts to ponder


Late breaking news from the Cloud PMO

What is the Cloud (Really) and Where is It Useful?

Federal Government Drivers and Trends:

25
-
Point Plan including “Cloud
-
First” Strategy (Dec 9, 2010)

PART I: ACHIEVING OPERATIONAL
EFFICIENCY

A.
Apply “Light Technology "and
Shared Solutions

1.
Complete detailed
implementation plans to
consolidate at least 800 data
centers by 2015

2.
Create a government
-
wide
marketplace for data center
availability

3.
Shift to a “Cloud First” policy


4.
Stand
-
up contract vehicles for
secure
IaaS

solutions

5.
Stand
-
up contract vehicles for
commodity services

6.
Develop a strategy for shared
services

“Cloud

First”
Strategy


Begins immediately with
three (3) parts:


U
se commercial cloud technologies
where feasible


L
aunch

private government clouds


U
tilize

regional clouds with state and
local governments


Default to cloud
-
based solutions

3.1 Publish cloud strategy


Federal CIO will publish a strategy to
accelerate the safe and secure adoption


NIST will facilitate and lead the
development of standards

3.2 Jump
-
start the migration to cloud


technologies



required to identify three “must move”
services and create a project plan for
migrating each of them to cloud solutions
and retiring the associated legacy
systems. Of the three, at least one of the
services must fully migrate to a cloud
solution within 12 months and the
remaining two within 18 months.

Federal Cloud Computing Strategy

subsequently published on Feb 8, 2011

Primary Activities within the Federal Cloud PMO

Business Use Cases Addressed Here

Other related:



Trusted Internet


Connections (TIC)



Green IT



IPv6

Apps.gov

FedRAMP

Federal Data

Center

Consolidation

Initiative

Infrastructure
-

as
-
a
-
Service

(IAAS)

S
oftware
-

as
-
a
-
Service

Email

Platform
-

as
-
a
-
Service

(Geospatial)

1st Federal
storefront

o
ffering
commoditized

c
loud services

“Authorize Once,
Use Many”
approach to

security for Cloud

Service Providers

Assist agencies
to consolidate
at least 800 data
centers by

FY15

Commodity
computing

resources made

available through
GSA BPA

Cloud Email to be
made available
(Summer 2011)

through BPA

Geospatial PAAS
work currently
underway

Reinforcing the Federal Strategic Decision re Cloud Computing


Federal Cloud Computing Strategy called out the important role of NIST in
promoting standards and security measures for cloud computing:


Cloud Definitions and Guidance:


Formal Definition of Cloud Computing in Special Publication SP800
-
145


Security and Privacy Guidelines for Public Cloud Computing in SP800
-
144


Industry/Government Working Groups/Committees established for:


FedRAMP

(Federal Risk Assessment Management Program) for cross
agency C&A with utilization of NIST SP800
-
53 as a tech basis under FISMA


SAJACC (Standards Acceleration to Jumpstart Adoption of Cloud Computing)


Reference Architecture definition


Business Use Cases definition

Recently established Cloud “Best Practices” Working Group

(now addressing details of how business use cases should be implemented)

Most organizations perform a
common set of business
functions that are amenable to
a cloud
-
based approach
within the 4 NIST deployment
models


Cross
-
cutting BUCs

NIST 3
-
Part Cloud Definition

Software
-
as
-
a
-
Service

is access to virtualized

applications via thin

clients (e.g., Web browser)

Platform
-
as
-
a
-
Service

Is access to programming

environments and tools

Infrastructure
-
as
-
a
-
Service

Is access to an operating

environment (e.g., servers,

storage, network)

Cloud infrastructure

operated solely for a

single organization;

can be 3
rd

party; on
-

or off
-
premises

Cloud infrastructure shared

by multiple organizations

with similar mission or

interest; can be 3
rd

party;

on
-
or off
-
premises

Cloud infrastructure is

property of the cloud

provider and open

to everyone

Combination of two (2)

or more deployment types;

enabling portability and

cloud bursting

On
-
Demand

Self
-
Service

Broad Network

Access

Resource Pooling

Rapid Elasticity

(scale up/down)

Measured Service

Important to Appreciate the Tradeoffs between Cost and
Security for the Cloud Deployment Models

Risk Reduction

Cost Savings

Public

Private

Community

Why Government

Is
Turning to the Cloud?


Agility, speed, and flexibility


Rapid deployment and change management

(Minutes vs. months to provision IT resources)


Adaptable to changing/unpredictable

business
needs


Ideal for cyclical or episodic circumstances


User self
-
service capabilities possible


Financial benefits


Cost savings vs. legacy (some perceived, some real)


“Pay
-
as
-
you
-
go” model reduces financial risk and exposure


Move from capital (
CapEx
) to operating expense (
OpEx
)


A “natural” for Green IT and data center consolidation
mandates

Why Government

Is
Turning to the Cloud?


Simplicity and convenience


Easy, on
-
demand procurement of cloud

services “promised”


Encourages use of standardized
resources/applications


Easy mobile access to applications globally


New capabilities


New integrated solutions not feasible before


Most security risks well mitigated and being
addressed by
FedRAMP


New citizen services opportunities facilitated by
wide cloud adoption

Besides, “Cloud
-
First” is now mandated

for Government!!!

Mission Areas for Government Business Use Cases
Leveraging NIST Cloud Characteristics. Agencies with:


Large
eGovernment
, public, info dissemination mission
,
and those subject to “flash” crowds should be among
the first adopters. NO BRAINER!

w
ith m
inimal

security
r
isk



A
cyclical and seasonal set of requirements

(e.g., Census, IRS, NOAA, DOE, Agriculture)



Large databases and statistical responsibility
requiring
large
-
scale scientific and technical computing resources
(to largely be on standby)

Mission Areas for Government Business Use Cases
L
everaging NIST Cloud Characteristics. Agencies with:


Episodic requirements
which can benefit from rapid, on
-
demand cloud provisioning


Emergency management per the Federal Response
Plan with 28 agencies and FEMA


International support (e.g.,
Japanese Earthquake and
Tsunami; Middle East crises, etc.)




e
-
Filing
, complex multi
-
directional object submission,
public collaboration, benefits transfer, and grants
management
--


eGovernment

Applications”

Mission Areas for Government Business Use Cases


L
everaging NIST Cloud Characteristics

Agencies with:


Broad and distributed defense, international, financial,
and intelligence responsibility
needing to:


Gather information, collaborate, analyze, visualize,
develop situational awareness, and deliver
information


Also includes

mobile delivery


Examples: border surveillance; financial market
surveillance, environmental

monitoring


Mission Areas for Government Business Use Cases
Leveraging NIST Cloud Characteristics. Agencies with:



Well
-
defined communities and regulatory responsibility to
adopt a “push/pull” scenario for secure access to

“regulated distributed databases”



Collaboration
with states, localities, and regulated
industries (within 1
-

2 years)


Examples:

Smartgrid
”, Healthcare, Energy, Financial,
Environmental, Emergency Management, etc.



Well
-
defined business
functions that can be typically out
-
sourced and acquired as
SaaS
, such as HR and Financial
Management (FM)



Most organizations perform a common set of business functions that are

amenable to a cloud
-
based approach within the 4 NIST delivery models:



Development and test


Search and retrieval


Records management services

and digital notary


Information dissemination


e
-
Filing


electronic submission of

documents/data with receipts

and validation (“electronic mailroom”)


Benefits and grant transfer


Collaboration and information sharing


Social networking


Mobile access / delivery


Communications (email & messaging)





eDiscovery
, statistical analysis, and analytics


Geospatial services (PAAS)


Workflow management


Archiving and data storage


Document management


Backup and Recovery and Continuity of
Operations (COOP)


Data gathering and situational awareness


FOIA support services


ITIL and SLA Management
-
as
-
a
-
Service


Managed Security Services (e.g., Identity
Mgmt, Penetration Testing, Persistent PKI ,
Continuous Monitoring, Intrusion Detection,
Managed Endpoint Security)

Cross
-
cutting Business Use Cases

Secure
eFiling

with Records Management and Interchange Across
Business Partners

Infrastructure
-
as
-
a
-
Service

1.
Apptis

Inc. partnered with

Amazon Web Services

2.
AT&T

3.
Autonomic Resources partnered with
Carpathia
,
Enomaly
, and Dell

4.
CGI Federal

5.
Computer Literacy World partnered with
Electrosoft
, XO Communications and
Secure Networks

6.
Computer Technology Consultants
partnered with
Softlayer
, Inc.

7.
Eyak

Tech LLC

8.
General Dynamics Information Technology
(GDIT) partnered with
Carpathia

9.
Insight Public Sector partnered with
Microsoft

10.
Savvis

Federal Systems

11.
Verizon Federal Inc (now with
Terremark
).


Issues and Observations:


Number of awardees is very high. Looks

like every firm/organization that applied
received an award


Awardees currently

striving to a
chieve
FISMA Moderate security assessment via
FedRAMP
.


The GSA BPA for IAAS DID NOT provide
for SI services, nor any labor services for
actual development and migration of
agency apps/data/use

cases

to the cloud


IAAS was pure, low
-
cost, commodity
cloud services BPA for servers, storage,
and network resources


Agencies are beginning

to be i
nundated
and perplexed as to whom to select?
Why? How do they get to the promised
land? What functions and business use
cases should they implement?


GSA IAAS Provides the Infrastructure for Hosting the BUCs

Major Agency Systems Integration Concerns

Needing to be Addressed Under GSA IAAS


“What should agencies do?” (Especially, in light of the OMB 25
-
Point
Federal IT Reform Plan)


“How should they do it?”


“How should they interact with
FedRAMP
?”


“Which cloud vendor(s) should they select and why?” SLA differences?


“What applications and data should be migrated?”


“How much is it going to cost?”


“How do they manage and govern the process of cloud migration?”


“What are the key risks and mitigation measures?”


“Should they use existing contract vehicles or issue a new
development/migration purchase order?”


Even more competitors are
expected with $2.5B ceiling


Now c
ontains

applications migration
and integration services
with 1
1
labor categories


FedRAMP

up to FISMA HIGH


Many NIST cross
-
cutting business
use cases now incorporated in lots:


Email and collaboration


eDiscovery

and searching


Archiving, storage, backup and
restore services


Social networking

(ala Web page development)


Records management services


Mobile delivery


Five (5) service offerings:


Lot 1: Email
-
as
-
a
-
Service


Lot 2: Office Automation


Lot 3: Electronic Records
Management


Lot 4: Migration Services


Lot 5: Integration Services



Four (4) categories of cloud
computing:


Government community cloud


Provider
-
furnished equipment
private cloud


Secret enclave


Public cloud

NEW: GSA EAAS Embeds Many NIST Business Use Cases

Observations and Final Thoughts To Ponder…


NIST Business Use Cases are viable for implementation in a cloud.
Several implementations already exist as exemplars with lessons
learned


Many organizations are beginning with
a private cloud
--
a safe but
less cost
-
effective starting point.


Many IT
organizations view a cloud computing roadmap as a
technology implementation rather than a change agent for business
processes.


They
need to partner with the CFO and other internal stakeholders to deliver
business process value first and
foremost


More of a business transformation than a technology revolution


An enlightened design can securely integrate internal and external
resources


learn and appreciate the standards


especially security
and interoperability

Observations and Final Thoughts To Ponder…


The
public cloud will become more secure and less risky as time
goes on. Virtually every organization has
something like information
dissemination or e
-
learning that
can be a test case for the public
cloud


Besides you can always encrypt and store the keys in your trusted private
environment


Community
clouds will initially form around classes of users. Over
time, however, communities will align to feature certain capabilities
(like financial management providers) in clouds optimized to provide
that kind of service.


Prescient organizations will redefine the role of the IT department as
part of a move to cloud computing. Personnel will need training and
eventual redeployment to harness the talent and achieve
efficiencies.


21

Late
-
Breaking News….


NIST Business Use Cases, Best Practices,
Reference Architecture, and Standards


Infrastructure
-
as
-
a
-
Service (IAAS) Availability


E
-
Mail
-
as
-
a
-
Service (EAAS)


FedRAMP

Implementation

22

Transparency in Government

Contact Info

Dr. Richard L. Klobuchar

SAIC

VP and Chief Scientist/Engineer

Homeland and Civilian Solutions

Richard.L.Klobuchar@saic.com

(757) 560
-
5590