08448380779 Call Girls In Friends Colony Women Seeking Men
2011 Draft: Recommended Cloud Best Practices
1. Extended Draft: Government Cloud Best Practices Recommendations
Table of Contents
A. Introduction .........................................................................................................1
B. Implementation Best Practice .............................................................................2
1. Design for Portability and Interoperability ...............................................................2
2. Define Government Approved Data Interfaces and Formats ......................................3
3. Use Emerging Standards ...................................................................................3
4. Implement a Federated Authentication Capability.....................................................4
5. Develop a Framework for Orchestration across Clouds .............................................5
6. Use Portable Tools for Monitoring and Managing Clouds ..........................................5
7. Choose Non-Mission Critical Applications for Initial Cloud Deployment..........................6
C Policy Best Practices ............................................................................................7
8. Develop an Enterprise Catalog............................................................................. 7
9. Document Business Use Cases.............................................................................7
10. Document Standardized Ways to Compare Cloud Computing Capabilities.....................8
11. Use Simulation-based Acquisition for Cloud Resources if possible................................9
12. Establish a Data Governance Policy ......................................................................9
13. Develop International Collaboration on Standardizations....................................................10
14. Maintain updated Cloud Reference Documents ......................................................11
D. Organizational Best Practices ...............................................................................11
15. Designate a Cloud Standards Group ...................................................................12
16. Create a Cloud Policy, Organization, and Resource Sharing Committee......................13
17. Create a Cloud Security, Auditing, Compliance, and Risk Management Group.............13
18. Create a Cloud Procurement Group ....................................................................14
19. Create a Cloud Center of Excellence ...................................................................15
20. Create a Cloud Community of Practice Group .......................................................15
E. Primary References ............................................................................................. 16
F. Additional References ...........................................................................................17
G. Guidance References (Patterns)...........................................................................18
==================================================
A. Introduction
==================================================
The U.S. government has initiated the rapid deployment of Cloud services for internal
and public use. There are many risks associated with possible lack of interoperability,
portability, and proven security for existing Cloud implementations. In the future,
emerging standards as documented in the Standards Roadmap document will help
solve this problem. While these standards are maturing, best practices can be used to
avoid vendor lock-in, Cloud silos, and security gaps.
1
2. The purpose of this draft is to list some best practices for Cloud implementation and
organizational support based on past experience with similar technologies e.g. service
oriented architectures. Accompanying each recommendation will be References to the
NIST Cloud Synopsis and Recommendations Draft (Draft-NIST-SP800-146), the NIST
Cloud Working Group outputs, and major external documents to provide context. See
Section E for all Primary References including NIST, US Government, UK Government,
Open Data Center Alliance, Cloud Standards Customer Council, and European sources.
Associated with each recommendation, there is also suggested support from Cloud
Providers and a link to guidance in implementing the recommended best practice. The
next step should be to expand and extend the current content to provide detailed
guidelines (e.g. patterns) for public sector Cloud Computing.
==================================================
B. Implementation Best Practices
==================================================
It is possible to reduce the cost and implementation time for individual projects using
Cloud resources. However best practices for implementation will be needed to ensure
that downstream costs for system integration, migration, operations, and maintenance
do not overwhelm the advantages of the initial deployment. The general principle is to
consider potential future requirements when planning Cloud projects.
-------------------------------------------------------------------------------------
1. Design for Future Portability and Interoperability across Multiple Clouds
-------------------------------------------------------------------------------------
a) For SaaS, ensure that data, documents, and other resources can be moved in and
out of the Cloud using government-approved formats
b) For PaaS, avoid proprietary single Cloud tools and languages for application
development, monitoring, and management
c) For IaaS, enable multiple external Clouds to be used for Cloud bursting and hybrid
Clouds
These recommendations will probably require the use of adaptors and brokers while
standards are emerging.
1.1 References:
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 2, 4, 5 )
- Draft Cloud Reference Architecture (Slide 23 Cloud Brokers)
- Cloud Synopsis and Recommendations (Suggest Multiple Cloud Extension to Section
9 General Recommendations)
- Federal Cloud Computing Strategy (Section IV. 4 Establishing Cloud Computing
Standards)
- UK Government ICT Strategy (Point 33 and Point 34 and Point 35)
- TechAmerica’s Cloud2 Buyers Guide (Agency Preparation 2)
- Open Data Center Alliance (Usage: Virtual Machine Interoperability)
2
3. 1.2 Possible Support from Cloud Providers
a) Support standard well-defined formats for importing and exporting data for SaaS
b) Support application generation from multiple tools and standard models
c) Support standardized VM movement and interfaces between IaaS Clouds and
enterprise systems
1.3 Guidance - Choosing delivery models
- Cloud Computing Delivery Models from Technofriend
http://m.technofriends.in/2011/03/17/cloud-computing-delivery-models/
1.4 Practical Guide to Cloud Computing (Step 4. Select a Cloud Service Model)
-------------------------------------------------------------------------------------
2. Define Government Approved Data Interfaces and Formats for Creating,
Reading, Updating, Deleting, and Batch Movement of Cloud Data and Documents.
-------------------------------------------------------------------------------------
a. Transferring data between Clouds will be necessary for future interoperability and
portability. Official standards e.g. Storage Networking Industry Associations’s (SNIA)
Cloud Data Management Interface (CDMI) and Open Grid Forum’s (OGF) Open
Cloud Computing Interface (OCCI) will simplify this transfer in the future. In the short
run, the government should define approved interfaces and formats that can migrate
to emerging official standards. Adaptors may be necessary to proprietary Cloud
interfaces and formats. Cloud providers should be requested to supply these
adaptors as part of the procurement process.
b. Contractual agreements should be used to penalize Cloud Providers for failure to
support data operations (e.g. data deletion) using government approved data
interfaces and formats.
2.1 References:
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 3)
- Cloud Synopsis and Recommendations (Section 9.2 Data Governance and 7.5.6 Data
Erase Practices)
- Federal Cloud Computing Strategy (Section II. 2 Provisioning Cloud Services
Effectively and Section IV. 6 Laying a Solid Governance Foundation)
-UK Government ICT Strategy (Point 39 and Part 3 Action 15)
-TechAmerica’s Cloud2 (Recommendation 10)
-TechAmerica’s Cloud2 Buyers Guide (Agency Preparation 4)
2.2 Possible Support from Cloud Providers
- Support standards for accessing and moving Cloud data and files
3
4. 2..3 Guidance: Choosing Formats for Moving Data into and out of Clouds
- Linked Data
http://en.wikipedia.org/wiki/Linked_Data
- A JSON supporter
http://devcentral.f5.com/weblogs/macvittie/archive/2011/04/27/the-stealthy-ascendancy-of-json.aspx
-------------------------------------------------------------------------------------
3. Use Emerging Standards (e.g. DMTF’s Open Virtual Format) for Moving VMs
between Infrastructure as a Service (IaaS) Clouds
-------------------------------------------------------------------------------------
OVF is an ANSI standard that is becomingly increasing mature.See the NIST SAJACC
WG’s VM Portability White Paper for a detailed discussion. OVF 1.1 is ANSI INCITS
469 2010 is . being submitted to JTC 1 as a PAS submission. DMTF is engaged in
consideration of a subsequent version that may have relevance in the not too distant
future.
3.1 References:
- NIST SAJACC WG VM Portability White Paper (http://collaborate.nist.gov/twiki-cloud-
computing/bin/view/CloudComputing/SAJACCVMPortability)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 2)
- Cloud Synopsis and Recommendations (7.6 Recommendations for Infrastructure as a
Service)
- Federal Cloud Computing Strategy (Section IV. 4 Establishing Cloud Computing
Standards)
- Open Data Center Alliance (Usage: Virtual Machine Interoperability)
3.2 Possible Support from Cloud Providers
- Support OVF standards for VM movement between IaaS Clouds
3.3 Guidance - Using Emerging Standards (Standards Roadmap)
- Status update on OCCI and CDMI
http://www.ogf.org/SAUCG/materials/2342/Cloud+Standards+Interoperability+-+Status
+Update+on+OCCI+and+CDMI+Implementations.pdf
- Cloud Standards advice from David Linthicum
http://www.ebizq.net/blogs/cloudsoa/2011/02/the-truth-behind-standards-soa-and-cloud-computing.php
-------------------------------------------------------------------------------------
4. Implement a Federated Authentication Capability across Clouds
-------------------------------------------------------------------------------------
A federated authentication mechanism will enable more efficient access to multiple
Clouds. This could be accomplished by the use of a cloud broker layer or future
standards.
4
5. 4.1 References:
- Cloud Synopsis and Recommendations (Suggest addition to Section 9.3 Security and
Reliability)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 6)
-Federal Cloud Computing Strategy (Section IV. 2 Ensuring a Secure Trustworthy
Environment)
-TechAmerica’s Cloud2 Report (Recommendation 2
4.2 Possible Support from Cloud Providers
- Support common authentication standards (e.g. OpenID).
4.3 Guidance - Choosing a Federated Authentication Capability
- Choosing the Right federation from GFIPM
http://gfipm.net/choosing-the-right-federation.html
-------------------------------------------------------------------------------------
5. Use Portable Tools for Monitoring and Managing Cloud Resources if possible
-------------------------------------------------------------------------------------
The use of portable tools will facilitate portability if necessary across Cloud providers
(e.g. IaaS). It will also be useful for multiple Cloud architectures. .
5.1 References:
- Cloud Synopsis and Recommendations (Suggest addition to Section 7.6
Recommendations for Infrastructure as a Service)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 4)
- Open Data Center Alliance (Usage: Virtual Machine Interoperability)
5.2 Possible Support from Cloud Providers
- Support common error messages, notifications, and alerts from Cloud applications
5.3 Guidance - Selecting tools for development, deployment, monitoring, and
managing Clouds
- How to Select Tools for Managing the Clouds
http://www.cioupdate.com/trends/article.php/3919446/How-to-Select-Tools-to-Manage-the-Cloud.htm
-------------------------------------------------------------------------------------
6. Develop a Framework for Orchestrating Processes across Multiple Clouds and
Enterprise Systems
-------------------------------------------------------------------------------------
One of he most difficult tasks will be orchestrating processes across multiple
heterogeneous Clouds and possibly including enterprise systems. A pre-defined
framework to support these process will reduce deployment complexity, cost, and time.
The framework should utilize standards when possible. If there are no standards, cloud
brokers and adaptors can be used following government policies to avoid lock-in.
5
6. 6.1 References:
- Cloud Synopsis and Recommendations(Suggest addition to Section 9 General
Recommendations)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 7)
6.2 Possible Support from Cloud Providers
- Develop adaptors to support standardized interfaces to core functionality. Develop
Cloud Brokers with standardized interfaces that enable orchestrating processes across
multiple Clouds.
6.3 Guidance - Role of Cloud Broker
- Cloud Brokers Presentation
http://www.soasymposium.com/home2011/pdf_brazil/
Pethuru_Cheliah_and_Zaigham_Mahmood_Cloud_Brokerages.pdf
-------------------------------------------------------------------------------------
7. Choose Non-mission Critical Applications for initial Cloud deployments.
-------------------------------------------------------------------------------------
It is prudent to gain experience and confidence in Cloud resources before migrating
mission-critical applications. Some examples include productivity applications (SaaS),
test and development (IaaS), offloading high transient processing (IaaS),
and hosting Web sites (PaaS or IaaS)
7.1 References:
- Cloud Computing Business Use Case Examples (http://collaborate.nist.gov/twiki-
cloud-computing/bin/view/CloudComputing/BusinessUseCases )
- Federal Cloud Computing Strategy (Section II. 1 Selecting Services for Move to the
Cloud)
- UK Government ICT Strategy(Part 2 Action 12)
- See External References 5 and 6
- TechAmerica’s Cloud2 Buyers Guide (Agency Preparation 1)
7.2 Possible Support from Cloud Providers
- Create a Maturity Model that will enable customers to determine the type of Cloud
deployments that are most suitable based on their current experience and expertise
7.3 Guidance - Choosing the first Cloud Application
- Development and Testing is a good first choice.
http://www.cio.com/article/505660/Your_First_Cloud_App_Dev_Test_a_Smart_Choice
7.4 Practical Guide to Cloud Computing (Step 8. Develop a Proof-of-Concept
before Moving to Production)
6
7. ==================================================
C. Policy Best Practices
==================================================
The efficient deployment of multiple Cloud Computing solutions across government (or
any large enterprise) departments will require a common policy framework to enable
future interoperability, portability, reuse of resources, and trusted security.
-------------------------------------------------------------------------------------
8. Develop an Enterprise Catalog to Enable the Discovery of Existing and
Available Cloud Resources
-------------------------------------------------------------------------------------
One of the advantages of Cloud computing is the ability to share resources across
projects and agencies. A catalog of existing resources and access procedures will add
value and reduce costs as the number of Cloud deployments increase. An “application
store” capability can be used to make existing resources available to new projects.
8.1 References:
- Cloud Synopsis and Recommendations(7.4.3 Portability, Interoperability with Legacy
Applications)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 8)
- UK Government ICT Strategy( Points 17 and Point 31 and Part 2 Action 1 and Part 2
Action 14)
- Open Data Center Alliance (Usage: Service Catalog)
8.2 Possible Support from Cloud Providers
- Create and support a standard format for describing Cloud resources in a catalog
8.3 Guidance - Utilization of Existing Resources
- Data Center Consolidation and Cloud Computing Presentation
http://www.actgov.org/events/managementofchange/MOC2011/MOC%202011%20Documents%20and
%20Presentations/federal%20cloud%20computing%20and%20data%20center%20consolidation.pdf
8.4 Practical Guide to Cloud Computing (Step 6. Integrate with Existing
Enterprise Services)
-------------------------------------------------------------------------------------
9. Document Business Use Cases using the Template from the Business Use
Case Working Group
-------------------------------------------------------------------------------------
The Business Use Case Working Group has developed a template for describing Use
Cases and used it to document several examples. Employing a standard template will
foster a more standardized development process and make it easier to exchange
information across projects.
7
8. 9.1 References:
- Cloud Synopsis and Recommendations (Suggest addition to Section 9 General
Recommendations)
- Cloud Computing Business Use Case Template (http://collaborate.nist.gov/twiki-cloud-
computing/pub/CloudComputing/TemplateCoordinationSG/
Cloud_Computing_Business_Use_Case_Template.pdf )
- Federal Cloud Computing Strategy (Section IV. 1 Leveraging Cloud Computing
Accelerators)
- TechAmerica’s Cloud2 Buyers Guide (Agency Preparation 3)
9.2 Possible Support from Cloud Providers
- Develop business use case templates in a standard format that can be made available
to customers planning Cloud deployments
9.3 Guidances - Determining Benefits
- Open Group Building ROI with Clouds
http://www.opengroup.org/cloud/whitepapers/ccroi/roi.htm
9.4 Practical Guide to Cloud Computing (Step 2. Develop Business Justification
and a Strategic Plan)
-------------------------------------------------------------------------------------
10. Document Standardized Ways of Comparing Cloud Capabilities for
Procurements and Cloud Brokers
-------------------------------------------------------------------------------------
A standard way of comparing product offerings and prices will be valuable for
procurement decisions.
10.1 References:
- Cloud Synopsis and Recommendations (Section 7.4.2 Flexible, Efficient Renting of
Computing Hardware and suggest addition to Section 8.3 Economic Goals)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis)
- Federal Cloud Computing Strategy (Section II. 2 Provisioning Cloud Services
Effectively and IV. 3 Streamlining Procurement Process)
- TechAmerica’s Cloud2 Buyers Guide (Agency Preparation)
- Open Data Center Alliance (Usage: Standard Units of Measurement for IaaS)
10.2 Possible Support from Cloud Providers
- Create and support a common Cloud capability and pricing description for IaaS
resources.
10.3 Guidance - Standards for SLAs
- SLA@SOI publications
http://sla-at-soi.eu/results/publications/
8
9. 10.4 Practical Guide to Cloud Computing (Step 7. Develop and Manage Service
Level Agreements)
-------------------------------------------------------------------------------------
11. Use Simulated-based Acquisition for Cloud Solutions if possible.
-------------------------------------------------------------------------------------
Simulation-based acquisition is a procurement practice that uses simulated test
evaluations before finalizing procurement and full scale development. It has been
advocated in the past but in many cases full scale simulation was prohibitively costly in
time and resources. Cloud environments for test and evaluation can significantly reduce
these costs and enable early simulation-based evaluations of potential Cloud solutions.
It is also possible to evaluate Cloud solutions on internal simulation testbeds e.g NIST’s
Koala.
11.1 References:
- Simulation-based Acquisition Overview from Navy
http://nawctsd.navair.navy.mil/Resources/Library/Acqguide/sba.htm
- NIST’s Cloud Simulation Testbed
http://www.nist.gov/itl/antd/upload/Koala.pdf
-UK Government ICT Strategy (Point 28)
11.2 Possible Support from Cloud Providers
- Create and make available testbeds to enable customers to evaluate performance and
capabilities of planned Cloud deployments.
11.3 Guidance - Implementing Simulation-based Acquisition
- Simulation-based Acquisition Implementation Strategy from NASA
http://aeronautics.arc.nasa.gov/assets/pdf/SBAStrategy_Final_w_signatures.pdf
-------------------------------------------------------------------------------------
12. Establish a Data Governance Policy for When and How Specific Types of Data
can be Stored on Externally Hosted Clouds
-------------------------------------------------------------------------------------
Maintaining strict control of critical data is essential for security, privacy, and trusted
government operations. A clearly stated policy should be documented and enforced
internally and contractually with external resource providers
9
10. 12.1 References:
- Cloud Synopsis and Recommendations (9.2 Data Governance)
- Federal Cloud Computing Strategy (Section IV. 2 Ensuring a Secure, Trustworthy
Environment and Section IV. 6 Laying a Solid Governance Foundation)
- TechAmerica’s Cloud2 (Recommendation 3)
12. 2 Possible Support from Cloud Providers
- Provide customers the ability to audit and evaluate their data management and
protection capabilities
12.3 Guidance - Choosing Deployment Models
- Cloud Deployment Options
http://www.zlti.com/wp-content/content/docs/Data%20Sheets/ZL%20Cloud
%20Deployment%20Schemes.pdf
-Tips for Choosing a Cloud Deployment Model
http://kalirajanl.wordpress.com/2011/05/12/tips-for-choosing-the-cloud-deployment-model/
12.4 Practical Guide to Cloud Computing (Step 3. Select a Cloud Deployment
Model)
-------------------------------------------------------------------------------------
13. The US Government should work with other Governments and International
Organizations to develop Policies and Standards enabling future Interoperability
and Portability across Clouds while preserving national security and legal
requirements
-------------------------------------------------------------------------------------
In the future, there will be applications and data that will be shared across international
public sector Clouds for multinational collaboration initiatives (e.g. scientific research). It
will be necessary to work with other governments and international organizations (e.g.
ISO) to ensure that Clouds will support interoperability and portability requirements. This
will require coordination at the technical level (e.g. standards) and policy agreements.
13.1 References:
- Cloud Synopsis and Recommendations (8.4.2 Physical Data Location)
- Cloud Standards Roadmap Draft 11 (Annex D Standards Developing Organizations)
- Federal Cloud Computing Strategy (Section IV. 2 Ensuring a Secure, Trustworthy
Environment, Section IV. 4 Establishing Cloud Computing Standards, and Section V. 5
Recognizing the International Directions of Cloud Computing))
- UK Government ICT Strategy (Point 40)
- TechAmerica’s Cloud2 Report (Recommendation 1 and Recommendation 8)
- SIENA Roadmap (International Coordination)
10
11. 13.2 Possible Support from Cloud Providers
- Organize international Cloud providers associations to work with customers in
enabling interoperability across national and regional boundaries.
13.3 Guidance - Issues requiring International Agreements
- European Perspective from EC Executive
http://blogs.ec.europa.eu/neelie-kroes/public-authorities-and-cloud/
-------------------------------------------------------------------------------------
14. Maintain Updated Reference Documents including Cloud Standards Catalogs,
Reference Architectures, Technology Roadmaps, and Best Practices.
-------------------------------------------------------------------------------------
Since Cloud technology and related standards are changing rapidly, it will be necessary
to update Cloud information document periodically during the next few years (e.g. once
a year). Experience with specific Cloud tools, services and resources should be
captured and made available for future government Cloud projects.
• 14.1 References:
- NIST Cloud Synopsis and Recommendations
- NIST Cloud Standards Roadmap Draft 11
- Federal Cloud Computing Strategy (Section IV. 4 Establishing Cloud Computing
Standards)
- UK Government ICT Strategy (Part 3 Action 21 and Part 3 Action 22)
- SIENA Roadmap (Recommendations)
14.2 Possible Support from Cloud Providers
- Supply accurate information to customers on current technology capabilities and
support of standards.
14.3 Guidance - Development of Cloud Roadmaps
- Creating a Cloud Roadmap
http://soamag.com/I47/0211-1.php
==================================================
D. Organizational Best Practices
==================================================
In order to ensure that best practices are followed, it will be necessary to have a
supporting organizational structure. The Cloud organizations can coordinate the sharing
of information, resources, and guidelines across agencies and projects. The examples
are a logical breakdown of responsibilities which can be allocated to groups chosen by
government IT executives. See Federal Cloud Computing Strategy (Section IV. 6
Laying a Solid Governance Foundation)
11
12. -------------------------------------------------------------------------------------
15. Designate a Government Cloud Standards Group to act as a Liaison between
the Government and Cloud Standards Organizations.
-------------------------------------------------------------------------------------
This Group should have the following responsibilities:
a) Monitoring the status of Cloud standards activities
b) Update SAJACC’s Cloud Interface Catalog and the Cloud Standards Roadmap
WG’s Cloud Standards Inventory
c) Tracking the standardization requirements of government Cloud deployments and
determine priorities
d) Disseminate information about standards to projects and convey prioritized
government standards requirements to standards development organizations
e) Recommend standardizations to be used on government Cloud deployments
f) Define compliance tests to verify conformance of Cloud resources with standards
specifications
Standards that should be monitored include SNIA’s Cloud Data Management Interface
(CDMI) and OGF’s Open Cloud Computing Interface (OCCI).
15.1 References:
- Cloud Standards Roadmap Draft 11 (7.2 Standardization Priorities Based on USG
Priorities and 8.2 Recommendations for Accelerating the Development and Use of
Cloud Computing Standards)
- Cloud Synopsis and Recommendations (8.3.3 Portability of Workloads and 8.3.4
Interoperability between Cloud Providers and Suggest Extension to Section 9 General
Recommendations)
- SAJACC Cloud Interface Catalog Draft (http://collaborate.nist.gov/twiki-cloud-
computing/bin/view/CloudComputing/CloudInterfaceCatalog)
- UK Government ICT Strategy (Part 2 Action and Point 36)
- Cloud Standards Roadmap WG Cloud Standards Inventory (http://collaborate.nist.gov/
twiki-cloud-computing/bin/view/CloudComputing/StandardsInventory)
- SIENA Roadmap (Standards Coordination)
15.2 Possible Support from Cloud Providers
- Participate in or monitor SDOs discussions and provide information on plans for
supporting future standards. If Cloud resource providers believe that future standards
are unnecessary in specific areas, they should explain if and how customers can avoid
being locked-in to proprietary Cloud products.
15.3 Guidance - Creating a Government Cloud Standards Group
- U.S. NIST Cloud Computing Program
http://www.nist.gov/itl/cloud/
12
13. -------------------------------------------------------------------------------------
16. Create an Inter-agency Cloud Policy, Organization, and Resource Sharing
Committee
-------------------------------------------------------------------------------------
This Committee should set policies, organizational responsibilities, and maintain a
Catalog of government available Cloud resources and access procedures
16.1 References:
- Cloud Synopsis and Recommendations (Section 9.1 Management)
- UK Government ICT Strategy (Point 32 and Point 59)
- TechAmerica’s Cloud2 Buyers Guide (Best Practices CIO/CISO)
16.2 Possible Support from Cloud Providers
- Support customer policies if possible. Provide specifications and usage descriptions
for vendor interfaces.
16.3 Guidance - Cloud Governance and Management
- G-Cloud Service Management, Organization & Governance Approach
http://www.cabinetoffice.gov.uk/sites/default/files/resources/06-G-CLOUD-
ServiceManagement-OrganisationandGovernance-Approach.pdf
-------------------------------------------------------------------------------------
17. Create a Cloud Security, Privacy, Auditing, Regulatory Compliance, and Risk
Management Group
-------------------------------------------------------------------------------------
This Group should be in charge of ensuring that all Cloud deployments satisfy
government security, privacy, auditability, and regulatory compliance rules. It also issue
periodic updates on risks and avoidance recommendations.
17.1 References:
- Cloud Synopsis and Recommendations (Section 8.4 Compliance and Section 8.5
Information Security)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 10)
- Federal Cloud Computing Strategy (Section IV. 2 Ensuring a Secure, Trustworthy
Environment)
- UK Government ICT Strategy (Part 3 Action 25)
- TechAmerica’s Cloud2 Report (Recommendation 2 , Recommendation 5 ,
Recommendation 6 and Recommendation 9
- TechAmerica’s Cloud2 Buyers Guide (Agency Preparation 3 and Best Practices CIO/
CISO)
- Open Data Center Alliance (Usage: Regulatory Framework, Security Monitoring, and
Provider Security Assurance)
- SIENA Roadmap (Recommendations)
13
14. 17.2 Possible Support from Cloud Providers
- Enable auditing of Clouds to meet regulatory and policy requirements
17.3 Guidances - Evaluating Risks (CSA)
- Top Threats to Cloud Computing from CSA
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
- Security Guidance from CSA
https://cloudsecurityalliance.org/csaguide.pdf
-------------------------------------------------------------------------------------
18. Create Cloud Procurement Support Group to define SLAs, Contractual
Language, and Penalty Enforcement.
-------------------------------------------------------------------------------------
This Group should develop government standards for core contractual language in
procurements (e.g. service level descriptions) including penalty clauses. Projects should
be able to extend and/or modify the core if necessary
18. 1 References:
- Cloud Synopsis and Recommendations (Section 8.2 Cloud Reliability)
- Cloud Standards Roadmap Draft 11 (Section 6.4 Use Case Analysis 9)
-Federal Cloud Computing Strategy (Section II. 2 Provisioning Cloud Services
Effectively, Section II .3 Managing Services rather than Assets and Section IV. 3
Streamlining Procurement Process)
- TechAmerica’s Cloud2 Buyers Guide (Best Practices Acquisition Manager)
18.2 Possible Support from Cloud Providers
- Support standardized SLA descriptions that can be used for evaluating Cloud
capabilities
18.3 Guidances - Documenting functional and performance requirements and
specifying contract requirements
- Cloud Contract Advice from Law.com. net-security.org, and Bizcloud Network
http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202476608022&slreturn=1&hbxlogin=1
http://www.net-security.org/secworld.php?id=11056
http://bizcloudnetwork.com/cloud-procurement-best-practices-to-reduce-risk-in-cloud-contracts
18.4 Practical Guide to Cloud Computing (Step 7. Develop and Manage Service
Level Agreements)
14
15. -------------------------------------------------------------------------------------
19. Create a Cloud Center of Excellence to Provide Technical Guidance to
Projects on Emerging Technologies
-------------------------------------------------------------------------------------
The Center of Excellence should consist of Cloud technical experts who can advise
projects on emerging Cloud technologies. This group will be necessary due to the rapid
growth in Cloud products, services, tools, and open source implementations.
19.1 References:
- Cloud Synopsis and Recommendations (Add to Section 9 General Recommendations)
- UK Government ICT Strategy (Point 19 ,Point 38, Point 55 and Part 2 Action 11)
- TechAmerica’s Cloud2 (Recommendation 4)
- Open Data Center Alliance’s (Usage: Input/Output [IO]Controls
19.2 Possible Support from Cloud Providers
- Provide information on current and future technology capabilities to customer technical
staff. Work with customers to perform test evaluations of Cloud capabilities.
19.3 Guidance - Creating a Cloud Computing Center of Excellence
- US Airforce creating Cloud Computing Center of Excellence
http://www.cloudcomputingzone.com/2010/05/air-force-to-establish-cloud-computing-
research-center-of-excellence/
19.4 Practical Guide to Cloud Computing (Step 5. Determine Who Will Develop,
Test and Deploy the Cloud Services)
-------------------------------------------------------------------------------------
20. Create a Cloud Community of Practice Group to Share Experiences and
Collect Best Practices
-------------------------------------------------------------------------------------
The Community of Practice should maintain ongoing discussions with agencies,
government Cloud groups, industry, and vendors to determine the status of technology,
standards, best practices, and risks. There should be periodic meetings to share this
information with groups responsible for planning Cloud deployments.
20.1 References:
- Cloud Synopsis and Recommendations (Add to Section 9 General Recommendations)
- Federal Cloud Computing Strategy(Section III Case Examples to Illustrate Framework)
- Federal Cloud Computing Strategy (Section IV. 1 Leveraging Cloud Computing
Accelerators)
- UK Government ICT Strategy (Part 2 Action 3 and Part 2 Action 9)
- TechAmerica’s Cloud2 Report (Recommendation 14
- TechAmerica’s Cloud2 Buyers Guide (Best Practices: Program Manager and Agency
Leadership)
15
16. 20.2 Possible Support from Cloud Providers
- Provide suggested best practices and industry case studies to help customers
planning Cloud deployments.
20.3 Guidance - Creating Communities of Practice
- Building Communities of Practice
http://www.adb.org/Documents/Information/Knowledge-Solutions/Building-Communities-
Practice.pdf
==================================================
E. Primary References
==================================================
1. NIST Draft Cloud Computing Synopsis and Recommendations
http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf
(See Appendix F NIST Publications for additional security-related documents)
2. NIST Cloud Computing Standards Roadmap Draft
http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/StandardsRoadmap/
NIST_CCSRWG_040_4th_Draft_02_16_11_NIST_Cloud_Computing_Standards_Roadmap.pdf
(See Bibliography for multiple external references)
3. Federal Cloud Computing Strategy
http://www.cio.gov/documents/Federal-Cloud-Computing-Strategy.pdf
(See Appendix 2. Agency Resources for Cloud Computing for additional government links)
4. UK Government ICT Strategy
http://www.cabinetoffice.gov.uk/resource-library/uk-government-ict-strategy-resources
5. TechAmerica’s Cloud2 Report from the TechAmerica Foundation’s Commission on
the Leadership Opportunity in U.S. Deployment of the Cloud http://
www.techamericafoundation.org/content/wp-content/uploads/2011/07/TechAmerica’s
Cloud2.pdf
6. TechAmerica’s Cloud2 Cloud Buyers Guide
http://www.cloudbuyersguide.org/the-guide/
7. Open Data Center Alliance’s Usage Models
http://www.opendatacenteralliance.org/publications
8. SIENA European Roadmap on Grid and Cloud Standards for e-Science and Beyond
http://www.sienainitiative.eu/Repository/FileScaricati/8ee3587a-f255-4e5c-
aed4-9c2dc7b626f6.pdf
9. Practical Guide to Cloud Computing from the Cloud Standards Customer Council
(To be published 4Q 2011)
16
17. ==================================================
F. Additional References
==================================================
1. Cloud Best Practices Website
http://www.cloudbestpractices.info/
2. Cloud Interoperability and Best Practices from Computerworld
http://www.computerworld.com/s/article/9217158/
Cloud_interoperability_Problems_and_best_practices
3. Best Practices for Cloud Computing from Gartner Group
http://www.gartner.com/it/page.jsp?id=1689914
4. Architecting for the Cloud: Best Practices from Amazon
http://media.amazonwebservices.com/AWS_Cloud_Best_Practices.pdf
5. Summary of Planned Agency Cloud Projects
http://www.fiercegovernmentit.com/story/agencies-have-identified-78-services-cloud-
migration-says-omb/2011-05-25
6. Details of Planned Agency Cloud Projects
http://assets.fiercemarkets.com/public/sites/govit/agencieshaveidentifiedsystems.pdf
7. Ten Papers on Best Practices in Cloud Computing from 2010
http://www.datacenterknowledge.com/archives/2010/12/16/best-practices-in-cloud-
computing-for-2010/
8. Cloud Security Alliance Governance, Risk Management And Compliance Stack
https://cloudsecurityalliance.org/research/projects/grc-stack/
9. G-Cloud Phase 2 Documents from the UK
http://www.cabinetoffice.gov.uk/resource-library/g-cloud-programme-phase-2
10. An Open Interoperable Cloud (OGF, CDMI, OCCI)
http://www.infoq.com/articles/open-interoperable
cloud;jsessionid=7EE0D90CD3A4E0968FF5C411C68BAC59
11. The Future of Cloud Computing:Opportunities for European Cloud Computing 2010
and Beyond http://cordis.europa.eu/fp7/ict/ssai/docs/cloud-report-final.pdf
12 Upcoming international public sector Cloud event
http://events.oasis-open.org/home/cloud/2011/about
13. Cloud-Standards.org
http://cloud-standards.org
17
18. ==================================================
G. Guidance References (Patterns)
==================================================
Design pattern (computer science) - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Design_pattern
Cloud Patterns
Many Cloud App Design Patterns
http://www.slideshare.net/shl0m0/many-cloud-app-design-datterns
Lockheed Martin Deployment Cloud Design Patterns
http://www.slideshare.net/kvjacksn/lockheed-martin-deployment-cloud-design-patterns
Patterns For Cloud Computing
http://www.slideshare.net/simonguest/patterns-for-cloud-computing
SOA Design Patterns in the Cloud | SOA World Magazine
http://soa.sys-con.com/node/1654420
Cloud Computing Design Patterns | Bob on Medical Device Software
http://rdn-consulting.com/blog/2009/06/28/cloud-computing-design-patterns/
SOA Patterns
SOA Patterns
http://www.soapatterns.org/
SOA Patterns article
http://www.soabooks.com/soa_patterns/soa_patterns_article.pdf
Vendor-Specific Cloud Design Patterns
Design Patterns in the Windows Azure Platform | Cloud Computing Journal
http://cloudcomputing.sys-con.com/node/1627248
AWS Architecting Cloud Apps - Best Practices and Design Patterns
http://www.slideshare.net/AmazonWebServices/aws-architectingjvariafinal
VMware: VMware vCloud Blog: Cloud Architecture Patterns: Overview
http://blogs.vmware.com/vcloud/2010/10/cloud-architecture-patterns-overview.html
18
19. Force.com Architecture Design Principles | Force Architects: Delivered Innovation Blog
http://forcearchitects.deliveredinnovation.com/2011/03/07/force-com-architecture-
design-principles/
Cloud Computing Patterns, Architectures, and Best Practices from Sun
http://wikis.sun.com/display/cloud/Patterns
Design Patterns Conference | Cloud Connect 2011
http://www.cloudconnectevent.com/cloud-computing-conference/design-patterns.php
SOA Design Patterns in the Cloud (Oracle, Amazon)
http://srinivasansundararajan.sys-con.com/node/1654420/mobile
19