24. FedRAMP A&A and Continuous Monitoring Categorize (Low, Moderate, High) cloud service offering Assists sponsoring Federal Agencies to ensure appropriate categorization of data Select and tailor FedRAMP Security Control baseline Assists Sponsoring Federal Agencies in supplementing the FedRAMP Security Control Baseline Document generic controls implementation Joint Authorization Board review and approval process assistance System Security Plan development Third party independent assessment of security control effectiveness Security Assessment Report (SAR) document Plan of Action and Milestones for remediation Refinement until accepted by JAB Continuous Monitoring Plan for the cloud service offering
25. Continuous Monitoring Deliverables Vulnerability/Patch Management Scanning and Reporting Configuration Scanning and Reporting Incident Response Planning and Response POA&M Mitigation and Remediation Change Management and Control Penetration Testing A&A Documentation Maintenance Contingency Plan Testing
26. GSA Infrastructure-as-a-Service Blanket Purchase Agreement Lot 1: Cloud Storage Services Scalable, redundant, dynamic Web-based storage Procure and use data and file storage capabilities remotely via the Internet File and object data storage capabilities on-demand, dynamically scalable per request and via the Internet Lot 2: Virtual Machines Scalable, redundant, dynamic computing capabilities or virtual machines Procure and provision computing services or virtual machine instances online via the Internet Remotely load applications and data onto the computing or virtual machine instance from the Internet Configuration and management of virtual machines via a Web browser over the Internet Procure and provision block storage capabilities for cloud virtual machines remotely via the Internet Block storage capabilities on-demand, dynamically scalable per request for virtual machine instances Lot 3: Cloud Web Hosting Web application hosting services in the cloud: scalable, redundant, dynamic web hosting service Procure and provision web hosting service online via the Internet Securely load applications and data onto the provider’s service remotely from the Internet Configuration of Cloud Web hosting services via a Web browser over the Internet
30. DISA Enterprise Cloud Services Defense Information Systems Agency A Combat Support Agency Reduce Attack Surface Configure securely, automatically Enhance perimeter defenses – defense in depth Drive out anonymity Improved And Safe Sharing Cross domain flows as an enterprise service Evolve directory, identity, and access control to support net-centricity Improved Network C2 Improved cyber readiness Improved situational awareness Cyber attack detection, diagnosis, reaction at network speed Increased Operational Effectiveness Increased Warfighter access to required information and services, especially across organizational and security boundaries Increase network flexibility, allowing for rapid response to operational conditions (e.g. Haiti) Increased Information Security Strong cryptographic authentication (PKI) Standardize access policies to enable more consistent access decisions Increase agility and interoperability with the implementation of commercial standards 17
31. Death of the Relational Database The economics of data storage led to the use of content addressable storage, flat storage architectures and internet scaling. Database design, database tuning no longer required with infinite scalability and consistent responsiveness 1t 18 3t
32. Traditional Analytics Traditionally, lexical searches, filtering or Boolean search attributes are used to reduce data to a “working set”. Analytical tools are then applied to this “working set”. Tools/Analysis Reports/Conclusions All Data Sources / Types 19 NJVC, LLC Proprietary Data. Do Not Distribute
33. Cloud Enables Searching All the Data, All the Time Reports/Conclusions 20 NJVC, LLC Proprietary Data. Do Not Distribute
38. Conclusions Cloud computing is a technological evolution “Drive for scale” (Internet) and “Drive for cheap” (Commodity components, Extensive automation) and the economics of Moore’s Law (Cheap storage) led to a new business model and a revolutionary economic model Fiscal realities and business model economics are driving rapid government adoption of cloud computing Cloud computing is accelerating in the global marketplace. Government cloud computing is also accelerating Shift from infrastructure-centric to data-centric security is inevitable Cloud computing can also enable significant enhancements in many agency mission areas US Federal Agencies are responding quickly to the “Cloud First” policy If you don’t have a cloud computing strategy in place now, you’re behind the curve
39. Thank You ! Kevin L. Jackson Director, Cloud Services NJVC, LLC (703) 335-0830 Kevin.jackson@NJVC.com http://www.NJVC.com http://kevinljackson.blogspot.com http://govcloud.ulitzer.com