Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the.

Published byPatrick Olmsted Modified over 10 years ago

Similar presentations

Presentation on theme: "Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the."— Presentation transcript:

1 Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference in this presentation to any specific commercial products, processes, or services, or the use of any trade, firm, or corporation name is not intended to express endorsement, recommendation, or favoring by the United States Government or USITC of any views expressed, or commercial products or services offered by the commercial providers.

2 Gartner Hype Cycle: Where are we now?

3 Cloud Computing: What is it?

4 So what is this “cloud”….? Cloud computing is defined by the National Institute of Standards and Technology (NIST) as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST has identified five essential characteristics of cloud computing: on-demand service, broad network access, resource pooling, rapid elasticity, and measured service. Helpful, right? I’m from the Government and I’m here to help… - Federal Cloud Computing Strategy, February 8, 2011

5 In the traditional model of computing, both data and software are fully contained on the user's computer. Traditional Computing v. Cloud Computing http://blog.techfornonprofits.com/2008/12/tech-friday-small-business-network.html

6 In cloud computing, the user's computer may contain almost no software or data (perhaps a minimal operating system and web browser only), serving as little more than a display terminal for processes occurring on a network of computers far away. Traditional Computing v. Cloud Computing http://blog.techfornonprofits.com/2008/12/tech-friday-small-business-network.html

7 One last attempt to explain the Cloud…. PII HR Investigations Email Payroll Procurement Finance CLOUD Your Information

8 One last attempt to explain the Cloud…. PII Email Finance CLOUD Your Information Procurement Investigations Incident (that you had no control over or could mitigate) Payroll HR

9 Private cloud - The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community cloud - The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud - The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud - The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). Types of Clouds

10 Cloud Computing Service Models Client Application Platform Infrastructure Server You Your Information Cloud Service Models

11 Cloud Software as a Service (SaaS) - applications are accessible from various client devices through an interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Cloud Platform as a Service (PaaS) - the ability to deploy consumer- created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Cloud Infrastructure as a Service (IaaS) – provides processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Client Application Platform Infrastructure Server

12 Cloud Computing: What to worry about?

13 Some Questions to Think About Who has access to the data, both in its live state and when backups are made? How is the data handled? Encryption? What are the vendor obligations? What are the geographic boundaries? Where are the servers located and how will this impact the access and security of the data? What are the incident response guidelines? How are the upgrades and maintenance handled? Can the vendor access or use the information in aggregate? How do we cancel the contract and migrate the information? How are data and media destroyed?

14 Eight Concerns to Address Upfront 1.Data Security 2.Compliance 3.Termination & Transition 4.Asset Availability 5.Maintenance 6.Pricing and Time 7.Intellectual Property 8.Inspector General needs ** Always consider office specific issues But how do I do that? Negotiate!

15 1. Data Security/Access Access to live and backup data (ie – encryption, access, destruction, etc.) Access to network traffic (ie – monitoring, EINSTEIN, TIC, etc.) Incident Response (ie – timing, reporting, forensics, etc.) Physical security and location of data (ie – CONUS?) Vendor obligations and duties Disposal of data (and hardware)

16 2. Compliance Statutorily Required Compliance (ie - Privacy Act, FISMA, Federal Records Act, FOIA, e-discovery, etc.) Classified Information (Spills?) Law enforcement, intelligence data Non-disclosure agreements Timeliness Treatment of non-public information Government Indemnification

17 3. Termination & Transition How will data be protected, conveyed, and destroyed? Proof? What are the lasting data sensitivities after a contract ends? In what format will the data be provided for transition? Timing for termination and transition?

18 4. Asset Availability Data availability/disaster recovery? Hardware/software compatibility with agency? Software updates? Hardware refresh? Estimated outage time and frequency? Response time if an emergency takes system offline?

19 5. Maintenance Patching? Version control? Compatibility? 6. Pricing and Time Additional cost for information access (ie – FOIA, IG needs, etc.)? Address time requirements for compliance? Cost for “out of the box” v. government requirements? Cost for back up cloud?

20 Actual costs? Cloud Costs

21 Reality Cloud Costs Back-up for the Back-up Data Access / FOIA / e-discovery Incident Response

22 7. Intellectual Property Protect government and set boundaries for vendor How will infringing material be handled? Level of indemnity provided by vendor or government? (Consider ADA) Access to vendor IP (especially for IG investigations and audits)?

23 8. Inspector General needs Clear and clean access to agency information and vendor facilities Ability to conduct criminal investigations (Wiretapping? Network monitoring?) Provider agreement to procedures and processes (information preservation, reporting, etc.) Unencumbered auditability of systems IG access at no additional cost Inspectors General are responsible for promoting and preserving efficiency, effectiveness, and integrity within the agencies over which they have jurisdiction. They do this by conducting audits, evaluations, inspections, and criminal investigations.

24 Cloud Computing: What to negotiate?* * EVERYTHING!

25 Cloud Contracts and Service Level Agreements OCIO Client Office General Counsel Info Sec Management/Administration Inspector General And remember, present ALL aspects of the technology to decision makers – pros and cons. If any aspect is withheld, especially cons, it will be impossible to defend the decision. Have the right people at the table…

26 Thank you for your attention! Questions?

Download ppt "Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the."

Similar presentations

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Clouds: What’s new is old is new… Joseph Alhadeff, VP Global Public Policy; CPO, Oracle.

Clouds: What’s new is old is new… Joseph Alhadeff, VP Global Public Policy; CPO, Oracle.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Cloud Computing NSAA Tallahassee September 2010 Brian Rue

Cloud Computing NSAA Tallahassee September 2010 Brian Rue
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Cloud SUT proposal OSGcloud group. Objective To fill in the Research the group about the thinking within the OSG working group To solicit new ideas/proposals.

Cloud SUT proposal OSGcloud group. Objective To fill in the Research the group about the thinking within the OSG working group To solicit new ideas/proposals.
The Cloud: Demystified Neil Cattermull Frontier Technology.

The Cloud: Demystified Neil Cattermull Frontier Technology.
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.

SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
Design of New or Changed Services in the Cloud: An ISO/IEC 20000 Perspective Ronald Dattero Missouri State University, CIS Dept. Stuart D. Galup Florida.

Design of New or Changed Services in the Cloud: An ISO/IEC Perspective Ronald Dattero Missouri State University, CIS Dept. Stuart D. Galup Florida.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
NARA’s FAQ and Bulletin on Managing Federal Records in Cloud Computing Environments Arian D. Ravanbakhsh Electronic Records Policy Specialist RACO Chicago.

NARA’s FAQ and Bulletin on Managing Federal Records in Cloud Computing Environments Arian D. Ravanbakhsh Electronic Records Policy Specialist RACO Chicago.
Introduction to Cloud Computing Zsolt Németh MTA SZTAKI.

Introduction to Cloud Computing Zsolt Németh MTA SZTAKI.
Effectively and Securely Using the Cloud Computing Paradigm.

Effectively and Securely Using the Cloud Computing Paradigm.

Similar presentations

Ads by Google