The Government Cloud Computing Initiative

lovingbangInternet και Εφαρμογές Web

3 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

62 εμφανίσεις

U.S. General Services Administration

Stanley
Kaczmarczyk
, FAS
-
ITS Director of the Cloud Computing Service

Tom
Kireilis
, FAS
-
ITS Email as a Service Solutions Architect

Marcelo
Olascoaga
, FAS
-
ITS Service Line Manager

Terrance
Rountree
, FAS
-
ITS Chief Information Assurance & Security



GSA Expo 2012

May 17


19, 2012 San Antonio, TX

The Government Cloud Computing Initiative

Value to the Customer

A

Modernization of Information Technology


Reduce the cost of IT infrastructure by utilizing market
innovations based on Cloud Computing Technology.


A

Service oriented approach


Where common infrastructure, information, and solutions can
be shared across the Government.


A more agile Federal enterprise


Where services can be reused and provisioned on demand to


meet business needs.


2

Office of Integrated Technology Services (
ITS)

3

Our Mission

To excel at providing customers easy access to IT solutions through
quality industry partners to fulfill government mission requirements


Our Vision

Great Government through Technology


Our Value

To reduce
total acquisition time
,
cost
, and
risk
, allowing our customers to
focus on their mission


ITS Program Offices

ITS

IT Schedule 70

Fair and reasonable
prices for IT products
and services

Governmentwide
Acquisition
Contracts

Comprehensive and
flexible contracts that
provide virtually

any IT service

IT Commodity
Program

IT commodities and
ancillary services
through innovative
ordering

Center for

Strategic Solutions

and Security Services

Good for Government Programs

Network Services
Programs

Your one
-
stop shop

for telecommunications
solutions


ITS Program Offices
administer
contract vehicles and deliver
acquisition services

to customer
agencies to buy IT and
telecommunications offerings and
strategic solutions


Assisted Acquisition Services
(AAS) provides complete
acquisition lifecycle support to
government agencies

4


ITS offers government customers access to IT
products, services, and
strategic solutions


ITS


Great Government

through Technology


Offerings

Strategic

Solutions

Green IT

Cloud IT Services

Telepresence

Data Center Services

Telecommunications

Cybersecurity

ITS Offerings and Solutions

Software
Products and
Services

Professional
Services

Hardware
Products and
Services

Communications and
Network Services

Security

5

6

What is Cloud
Computing
?

NIST Cloud

Characteristics

(SP 800
-
145)


GSA Confidential and Proprietary

On
-
demand Self
-
Service

Self Service Portals

Broad Network
Access

Available to all devices/locations

Location Independent Resource Pooling

Multiple Data Centers (DR/COOP)

Rapid Elasticity

Scale Up or Down On Demand

Measured Service

Pay only for what you use

Cloud Computing Value

Private

Public

Community

Hybrid

4 Deployment Models

IaaS


Infrastructure
-
as
-
a
-
Service

(Virtual Computers for IT)

PaaS


Platform
-
as
-
a
-
Service

(For Software Developers)

SaaS


Software
-
as
-
a
-
Service

(Software for End Users)

3 Service Models

Apps.gov

FedRAMP

Data Center
Consolidation
Initiative

Infrastructure
-
as
-
a
-
Service

Software
-
as
-
a
-
Service Email

Platform
-
as
-
a
-
Service
(Geospatial)

Promoting adoption and removing obstacles in the government
-
wide acquisition and
utilization of cost effective, green and sustainable
Federal cloud
computing solutions.

Federal Cloud Computing Initiative

http://
info.apps.gov

1
st

Federal
storefront offers
commoditize
cloud services



“Authorize
Once, Use
Many”
approach to
A&A of Cloud
Service
Providers

Commodity
Computing
Resources
available GSA
Blanket Purchase
Agreement (BPA)
Vehicles

Cloud Email to be
made available
through BPA

Creating Common
Platforms
encapsulating
enablers required
to run in
application in the
cloud

Assist OMB with
their initiative to
collect statistics
on Federal Data
Centers, and
reduce a number
by 2015

7

What is FedRAMP?

8

FedRAMP is a government
-
wide program that provides
a standardized approach to security assessment,
authorization, and continuous monitoring for cloud
products and services.


This
approach uses a “do once, use
many times”
framework that will save
cost, time, and staff required to conduct
redundant agency security assessments.

Why FedRAMP?

9

Problem:


A duplicative, inconsistent,

time consuming,
costly
, and inefficient cloud security risk
management
approach with little
incentive
to leverage existing
Authorizations to
Operate (ATOs)
among agencies
.

Solution: FedRAMP


Unified risk
management
approach


Uniform set
of approved, minimum security
controls (FISMA Low and Moderate Impact)


Consistent assessment process


Provisional ATO

Key Benefits:


Increases
re
-
use of existing security assessments across agencies


Saves
significant cost, time and resources


do once, use many times


Improves
real
-
time security visibility


Supports
risk
-
based security management


Provides
transparency between government and cloud service providers (CSPs)


Improves
trustworthiness, reliability, consistency, and quality of the federal
security
authorization process.

FedRAMP

FedRAMP Goals and Objectives

10

Goals:


Maximize the rapid adoption of cloud computing technologies within government


Ensure information security and privacy requirements are being verifiably satisfied by cloud service
providers


Enable government agencies to quickly and efficiently share security
-
related information for common
cloud
-
based services needed for risk based decisions


Objectives:


Provide a cost
-
effective, risk
-
based approach to the use of cloud computing services


Establish clear expectations for security and privacy based on current cyber threats


Leverage innovative, open, and state
-
of
-
the
-
practice solutions


Ensure a high degree of transparency to promote a climate of trust between the consumers
and providers of cloud services

FedRAMP is a shared security assessment and continuous monitoring
service for Cloud Systems


designed to gain efficiencies y leveraging
standardization, best practices and automation across government

FedRAMP Briefing

11

Email as a Service

(
E
aaS
)

Blanket Purchase Order (BPA)

12

Lot 1:

Email
-
as
-
a
-
Service (EaaS)

Lot 2:

Office
Automation
(Virtual Office)

Lot 3:

Electronic
Records
Management

Lot 4:

Migration
Services

Lot 5:

Integration
Services

The key service offerings for EaaS are divided into five Lots:

Vendors must bid on at least 1 sub
-
lot in Lot 1 as well as
Lots 4 and 5 to be eligible for award

12

12

EaaS

BPA Procurement Structure




Sub
-
Lot a:


Govt. Community
Cloud

Sub
-
Lot b:

Private Cloud

Sub
-
Lot c:

Secret Enclave
Cloud

Sub
-
Lot d:

Public Cloud


Multi
-
tenant,
Govt. Only


Provider
Supplied
Equipment



Single
-
Tenant


Provider
Supplied
Equipment




Meets DOD
Secret
Requirements


Evaluated by
DOD



Data stored in
public cloud


Provider
Supplied
Equipment


13

Each of the five lots contains four sub
-
lots:

Key Messaging


Email as a Service


Email Service operated as a utility by a Cloud Provider has multiple
benefits:

o
Pay as you go, pay as you grow

o
Provider supplies and maintains all infrastructure

o
Broadly available by any internet
-
enabled client



Gives CIOs an opportunity to become a service broker i.e. move from a
decentralized / silo
-
ed

approach to a centralized enterprise
-
wide
solution


Moving email to a cloud solution potentially allows for better
integration with existing applications



14

Agencies benefit in cost, technology and mission

15

Cloud computing services present several economic and operational advantages
over traditional premise
-
based IT architectures:

Cost

Technology

Mission

Reduce IT capital spending


Pay only for what you use


Shift IT costs from expenditures to actual usage


Significantly reduces lifecycle sustainment cost


Increase flexibility and speed in IT implementations


Scale up and down to meet immediate demands


Real time deployment capabilities


Improve COOP and disaster recovery operation capabilities

Efficient use of resources


Allocate resources to mission
-
critical activities
as IT requirements
are reduced


Aligning to OMB practices


Responding in a timely manner to federal mandates and agency
requirements

External and internal drivers push cloud adoption

16

A number of external and internal drivers necessitate the adoption of cloud
computing across the Federal government.

Cloud
Computing


Federal budget deficit


Data Center consolidation


Increasing Fed CIO and OMB
scrutiny of large IT projects


“Cloud First” policy


Fed CIO IT Reform agenda

-

3
applications to the Cloud by 2013


Executive Order 13514

-

Sustainability


Open Government Initiative


Comprehensive National
Cybersecurity

Initiative


Lack of resources


Distraction from mission focus


Complexities of managing large IT
projects


Slow IT deployment time


Challenging IT asset management


Difficult in sharing data


Need to reduce IT maintenance
and capital costs


Need to reduce energy use and
costs


Lack of collaboration solutions


Push for teleworking capabilities

Internal Drivers

External Drivers

17

Infrastructure as a Service

(
IaaS
)

Blanket Purchase Order (BPA)

18

Lot 1: Cloud Storage

Provides scalable, redundant, dynamic web
-
based storage and provides users with the ability
to procure and use data and file storage capabilities remotely via the internet. Provides file and
object data storage capabilities on
-
demand, dynamically scalable per request and via the
internet.

Lot 2: Virtual Machines

Provides scalable, redundant, dynamic computing capabilities or virtual machines. Allows users
to procure and provision computing services or virtual machine instances online via the internet

Lot 3: Web Hosting

Provides Web application hosting services in the cloud enabling scalable, redundant, dynamic
web hosting services. Allows government users to procure and provision Web hosting services
online via the internet. Allows users to securely load applications and data onto the provider’s
service remotely from the Internet. Configuration is enabled via a Web browser over the internet

12 Awardees across 3 Lots:


Cloud Storage • Virtual Machines •Web Hosting

Access leading players and technology through IaaS BPA

Vendor

Cloud Storage

Virtual Machines

Web Hosting

Teaming
Partner(s
)

Apptis, Inc.

X

X

Amazon Web Services, LLC

AT&T

X

X

No

Teaming Arrangement

Autonomic Resources

X

Carpathia

Hosting Inc.,

Enomaly
, Dell

Carahsoft

X

Carpathia

Hosting, Inc.

CGI Federal Inc.

X

X

No

Teaming Arrangement

Computer Literacy World

X

X

X

XO Communications,
Electrosoft
, SNS

Computer Technology Consultants

X

X

X

SoftLayer
,

Inc.

Eyak Tech LLC

X

X

X

Horizon Data Center
Solutions

General Dynamics Information
Technology

X

Carpathia

Hosting, Inc.

Insight Public Sector

X



Microsoft

Savvis Federal Systems

X

X

No

Teaming Arrangement

Verizon Federal Inc.

X

No

Teaming Arrangement

19

IaaS

Continuous Monitoring Events

(Major Events Requiring ISSO Support)

20

ATO

Granted

10/14/2015

BPA Expires

Conditional ATO


Review updated SSP,
SAR and POA&M for
compliance with ATO
Conditions


Recommend ATO or
DATO

≤60 days

Quarterly
Deliverables

Annual

Deliverables

Biennial
Deliverables

Every

2 Years

IaaS Vendor
Significan
t
Change Event

Updated Authorization
Package


Review proposed change


Review updated artifacts


Recommend action to AO

3 Year

Reauthorization


(OMB may change)

Deliverable updates
, recommendations and GSA actions
provided to leveraging agencies.

Every 90
Days

Every
Year

21

Q & A