Secure Cloud Computing Architecture (SCCA)

Similar documents
Secure Cloud Computing Architecture (SCCA)

Welcome to the DISA Cloud Symposium

Cloud Overview. Mr. John Hale Chief, DISA Cloud Portfolio February, 2018 UNITED IN SERVICE TO OUR NATION UNCLASSIFIED 1

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

Microsoft Azure for AWS Experts

What is milcloud 2.0?

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

The Oracle Trust Fabric Securing the Cloud Journey

DISA Cybersecurity Service Provider (CSSP)

Best Practices in Securing a Multicloud World

Developing Microsoft Azure Solutions

2018 Hands-on Guide. F5 Azure SACA. F5 Networks, Inc.

The Challenge of Cyberspace Defense and CSSP Services

40390: Microsoft Azure for AWS Experts

CLOUD SECURITY CRASH COURSE

DISA CLOUD CLOUD SYMPOSIUM

Episerver Digital Experience Cloud Norge Thechforum 2017

ADC im Cloud - Zeitalter

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

Migrating Applications to the Cloud

2013 AWS Worldwide Public Sector Summit Washington, D.C.

ArcGIS in the Cloud. Andrew Sakowicz & Alec Walker

Cisco CloudCenter Solution with VMware

Verizon Software Defined Perimeter (SDP).

Implementing Microsoft Azure Infrastructure Solutions

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators.

About the DISA Cloud Playbook

Introduction To Cloud Computing

CLOUD COMPUTING PRIMER FOR EXECUTIVES

Atos Canopy Orchestrated Hybrid Cloud. Mark Nouris - Atos Head of Cloud Michael Kollar Head of Cloud engineering & TIC

[MS20533]: Implementing Microsoft Azure Infrastructure Solutions

Migrating Enterprise Applications to the Cloud Session 672. Leighton L. Nelson

[MS10992]: Integrating On-Premises Core Infrastructure with Microsoft Azure

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

IZO MANAGED CLOUD FOR AZURE

Fundamental Concepts and Models

The Next Evolution of Enterprise Public Cloud. Bring the Oracle Cloud to Your Data Center

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

Exam : Implementing Microsoft Azure Infrastructure Solutions

PROGRAM GUIDE RED HAT CONNECT FOR TECHNOLOGY PARTNERS

1/10/2011. Topics. What is the Cloud? Cloud Computing

OpenStack Seminar Disruption, Consolidation and Growth. Woodside Capital Partners

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Security Readiness Assessment

Gladiator Hosted Network Solutions Raising the Bar on Risk and Compliance: Hosted Network Services and your Cloud Service Provider.

Supporting the Cloud Transformation of Agencies across the Public Sector

TXU Energy. Key Considerations for Managed & Cloud Services

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Course AZ-100T01-A: Manage Subscriptions and Resources

Speed Your Digital Transformation. How to Build the Enterprise Digital Technology Platform. Mark Casey, President & CEO, Apcela November 2, 2016

Cloud Managed Services for Government (CMSG) A secure strategy for the Department of Defense at an IBM-operated, Level 5, DoD Facility

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

CSP 2017 Network Virtualisation and Security Scott McKinnon

Security & Compliance in the AWS Cloud. Amazon Web Services

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Government IT Modernization and the Adoption of Hybrid Cloud

Please give me your feedback

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Deploying and Using ArcGIS Enterprise in the Cloud. Bill Major

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

O365 Solutions. Three Phase Approach. Page 1 34

How to Move Your Oracle Database to The Cloud. Clay Jackson Database Solutions Sales Engineer

"Charting the Course... MOC C: Securing Windows Server Course Summary

We are innovating in security

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

SUSE Linux Enterprise 15. #MultimodalOS

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

Forecast to Industry 2016

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

Title DC Automation: It s a MARVEL!

DISN Evolution. TDM Elimination. Mr. Jessie L. Showers, JR., SES Infrastructure Executive (IE) 15 June 2017 UNITED IN SERVICE TO OUR NATION

Solution Overview Gigamon Visibility Platform for AWS

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

Cloud I - Introduction

Security

CHALLENGES GOVERNANCE INTEGRATION SECURITY

Why Choose MS Azure?

Implementing Microsoft Azure Infrastructure Solutions (20533)

Providing Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment

Oracle Autonomous Database

Cloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers

[MS20744]: Securing Windows Server 2016

Capgemini Dynamic Services

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Securing Windows Server 2016

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

NETWORK AND SD-VPN. Meshing legacy and Cloud Service Providers

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

SharePoint Online and Azure Integration

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Cloud Customer Architecture for Securing Workloads on Cloud Services

Goal 1: Maintain Security of ITS Enterprise Systems

TRUSTMARQUE. Cloud Ready in 7 Days. Neel Dev Azure Technical Manager

Transcription:

Secure Cloud Computing Architecture (SCCA) Susan Casson PM, SCCA December 12, 2017 UNITED IN IN SERVICE TO OUR NATION 1

Unclassified DoD Commercial Cloud Deployment Approach Cyber Command C2 Operations On Premise Level 1-5 Cloud Providers OMS IBM CMSG Big Data Analytics Internet-based User Internet Access Points Boundary Protection for Internet Traffic Internet Off Premise Level 2 Approved Vendors AWS East/West Salesforce NIPR-based User Internal Cloud Access Points Joint Regional Security Stacks Secure Cloud Computing Architecture (SCCA) Off Premise Level 4/5 Approved Vendors Global Content Delivery System (Commercial Caching) DISN Global Content Delivery System (Commercial Caching) Cloud Access Points Boundary Protection for Impact Level 4 & 5 Meet-Me Point Central Location for DoD and Cloud Connections Azure Salesforce GovCloud O365 AWS Oracle DoD Controlled Environment Commercial Controlled Environment w/dod Oversight 2

Secure Cloud Computing Architecture (SCCA) Session Objectives Define the SCCA portfolio and requirements to obtain services Outline how SCCA can enable cloud migration Connect attendees with technical and functional DISA experts Collect attendee feedback to influence future roadmap priorities Connect: Access DoD approved level 4/5 cloud services Secure: Extend application and data-level security services to cloud environments Manage: Consume custom analytics and intelligence data along with host based security and access control capabilities 3

Capability Overview Cloud Access Points: Provides connectivity to approved cloud providers, and protects the DISN from cloud originating attacks Virtual Data Center Security Stack: Virtual Network Enclave Security to protect application and data Virtual Data Center Managed Services: Application Host Security, including HBSS/ACAS, patching, configuration, and management Trusted Cloud Credential Manager: Cloud Credential Manager for Role Based Access Control (RBAC) and least privileged access 4

Cloud Management Roles and Responsibilities DISA Cloud Connection Approval Onboarding Checklist Infrastructure Software Approved cloud vendor System Network Approval Process (SNAP) Registration Internet Protocol Registration Cybersecurity Service Provider Authority to Operate DISA or Mission Partner Managed Applications Data Runtime Middleware Applications Data Runtime Middleware Shared Management O/S Virtualization O/S Virtualization Cloud Service Provider Managed Cloud Service Provider Managed Servers Storage Servers Storage Networking Networking 5

Cloud Access Points; Accessibility Versus Application Security SCCA Boundary CAP (BCAP) Support IaaS and SaaS clouds Protect DoD Networks from cloud originated attacks Scale up to 10G capacity per site Strategically located Included in DISN subscription rate BCAPs Do Not Break and inspect Provide application level security 6

Cloud Security and Managed Services VDSS Traditional network security features for public facing web applications Next Generation Firewall for protecting cloud hosted workloads Web Application Firewall Next Generation Firewall VDMS Cloud connected management and security tools Cloud privileged user access and account management Central search and display of CAP and Cloud logs via Splunk HBSS ACAS Operating System Patching Recursive DNS Caching Cloud Visibility 7

Boundary CAP (BCAP) 1.0 Overview Level 4/5 Approved Vendors 8

VDSS and VDMS CSP VDSS VDMS Core VDMS Extension CSP VDMS Core VDSS VDMS Extension 9

Our Evolution of Cloud Security Does Not End With SCCA Leaner and faster Templates, tools, and integration points Hybrid security solutions Optimization Migration Security Automation 10

11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback