Identity Proofing in the Cloud February 15, 2012 Greg Capella Deputy Executive Director DHS/OCIO/ESDO
Established on November 25, 2002 DHS’s History Established on November 25, 2002 Cabinet level post created Incorporated 22 agencies into one organization “The creation of DHS constituted the most significant government reorganization since the Cold War, and the most substantial reorganization of federal agencies since the National Security Act of 1947” Reference: Peter Andreas: “Redrawing the line “
DHS Data Center Consolidation Consolidating to 2 operational centers Lift and shift approach not viable Expensive Inefficient for most applications Takes too long New guidance reinforced desire for a “better way” Enhance Security Posture and Information Sharing Capabilities
“Shift to a “Cloud First” policy” IT Reform @ DHS IT Reform @ DHS Departmental Plan Federal Plan Cloud First Enable and leverage secure XaaS (i.e., SaaS, PaaS, IaaS) Standup and enable IT commodity services (e.g., SharePoint, Email, CRM, and Auth as a Service, Service Catalog) Public and Private Offerings Consolidate IT Assets Data Center consolidation (i.e., EDC) Network consolidation (i.e., OneNet) IT buying services (i.e., EAGLE II, FirstSource II, GSA IaaS) ICAM Collaboration & Best Practices IT Councils (i.e., ASC, SIOC, CISOC, etc) Executive Steering Committees (ESCs) (i.e., TASC, Screening, HC/HR, etc) Portfolio Governance and Integrated Investment Lifecycle (i.e., PMCOE, SEWG, etc) FedSpace/Best Practice Platform The department views the benefits of this transformative approach include: A disruptive shift from the legacy business model of building custom systems to adopting pre-built, secure, multi-tenant solutions. Move to a pay per use model and reduce Capital Expenditure risk exposure Improve operating efficiencies by leveraging cloud based solutions to efficiently share demand, and costs across infrastructure assets and reduce the overall reserve capacity across the enterprise. Robust governance and Acquisition models are being developed to enable greater efficiencies and improved mission performance Leverage shared services of “commodity” applications such as e-mail and Sharepoint across functional organizations allowing redirection towards value-added activities. Agile - Deploy working business functionality in release cycles no longer than 6 months, with initial deployment to end users no later than 18 months after programs begins. Adopting an open-sourced business model to improve reuse across enterprise and mission services, code and infrastructure. “Shift to a “Cloud First” policy” 4/21/2017
“Private and Public Cloud Services” DHS established a model for enabling available, secure, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud Attributes 1. Services Based Computing resources are consumed as services 2. Multi Tenant Resources are shared among many customers Reuse – Source Forge Concept 3. Pay Per Use Customers pay based on usage; not for full stand up 4. Scalable and Elastic Resources and provisioned or released in near real-time 5. Access Role Based access and Authentication 6. Compliant Security Profile for Production Environment 508 Compliant Templates Cloud Services Software as a Service (SaaS): Delivery of business applications over the Intranet on demand. Customers leverage ESDO development capabilities to provide complete end-user applications. Platform as a Service (PaaS): Delivery of a combination of infrastructure and “middleware” software combined together Provides an end-to-end software development and production pipeline in a “hosted” model on demand. Customers use the platform solutions develop and launch new applications Infrastructure as a Service (IaaS): Customers use the secure, reusable infrastructure to run their platform and business services Delivery of technology infrastructure on demand (e.g., network, servers, memory, storage, and database). The Public Cloud: Leverages commercial service delivered over the Internet in real time as a fully outsourced service. The infrastructure is managed by the supplier in supplier-owned facilities. DHS can provision and access the infrastructure via the internet. Non – Sensitive Data The Private Cloud: Virtualization and distributed computing allows DHS datacenter providers to provide most efficient processes and resources to meet the needs of the Department. Sensitive Data Includes increased scalability, metering, and time-to- market benefits of a public cloud service while incorporating DHS control and security across a virtualized infrastructure. 4/21/2017
DHS Identity Proofing in the Cloud VIS provides ability for employer to confirm workers right to work in US Congress requested the DHS (USCIS) create a program so the worker could check their status Confirm right to work Obtain information on next steps if there was an issue DHS (USCIS) created the SelfCheck program to provide this capability to workers
www.uscis.gov/everifyselfcheck
Identifying Information
Self Check: Identity Proofing in the Cloud US Workforce: Self Check is available to the entire US workforce, regardless of employment with an E-Verify employer Identity Assurance: Level 2 Identity Proofing, including knowledge based questioning, ensures Self Check is only used by identity information owners Web Based: Self Check is offered over the Internet and other channels are being investigated Fraud Prevention: A user is only able to use Self Check if he is able to successfully authenticate his identity One of Services we have already deployed in the public Cloud. Allows workers to check their employment eligibility status on-line. First of its kind in the government. Self Check Employment Eligibility Verification: Self Check returns either an affirmative response or any data mismatches found in DHS or SSA records Results Sample Sample Sample X Sample Mismatch Resolution: Users receive instructions on how to correct any data mismatches in SSA or DHS records E-Verify Self Check March 2010
DHS has embraced both the Public and Private Clouds Summary DHS has embraced both the Public and Private Clouds Reduce costs and time to deploy Increase flexibility and responsiveness Decrease carbon footprint Decrease floor space DHS is rolling out numerous Public and Private Cloud efforts Need to apply sound security management practices to use Clouds safely and effectively