Governance for the Public Sector Cloud

Similar documents
10 Considerations for a Cloud Procurement. March 2017

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

IT Risk & Compliance Federal

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

5 Challenges to Government IT Modernization: In Brief. Quick tips & facts about IT modernization across federal, state and local governments

Introduction to AWS GoldBase

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

Next-Generation HCI: Fine- Tuned for New Ways of Working

Accelerate Your Enterprise Private Cloud Initiative

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Now on Now: How ServiceNow has transformed its own GRC processes

Government IT Modernization and the Adoption of Hybrid Cloud

Modern Database Architectures Demand Modern Data Security Measures

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

Perfect Balance of Public and Private Cloud

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Demystifying GRC. Abstract

IT Service Quality amidst a World Gone Cloud. June 2012 V: 2.0

Oracle Buys Automated Applications Controls Leader LogicalApps

Optimisation drives digital transformation

Supporting the Cloud Transformation of Agencies across the Public Sector

Future of the Data Center

THALES DATA THREAT REPORT

Why Enterprises Need to Optimize Their Data Centers

Security and Privacy Governance Program Guidelines

How Switching to the Cloud Drives Employee and Agency Growth

Cisco CloudCenter Use Case Summary

STRATEGIC PLAN

Development. Architecture QA. Operations

Turning Risk into Advantage

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Taking Government Cloud Adoption to the Next Level: In Brief. Quick tips & facts about cloud adoption from GovLoop

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cloud Strategies for Addressing IT Challenges

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

5 Steps to Government IT Modernization

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

To Audit Your IAM Program

Enabling Hybrid Cloud Transformation

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Cognizant Cloud Security Solution

Virtual Machine Encryption Security & Compliance in the Cloud

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Agency Guide for FedRAMP Authorizations

About the DISA Cloud Playbook

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

I D C T E C H N O L O G Y S P O T L I G H T

2016 Survey: A Pulse on Mobility in Healthcare

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

CISO View: Top 4 Major Imperatives for Enterprise Defense

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

THE POWER OF TECH-SAVVY BOARDS:

Cloud Computing: Making the Right Choice for Your Organization

Understanding Cloud Procurement: A Guide for Government Leaders

Total Cost of Ownership: Benefits of the OpenText Cloud

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

NC Education Cloud Feasibility Report

AWS Reference Design Document

Evolution For Enterprises In A Cloud World

DevOps Agility Demands Advanced Management and Automation

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

EY Norwegian Cloud Maturity Survey 2018

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

SDI, Containers and DevOps - Cloud Adoption Trends Driving IT Transformation

Data Quality in the MDM Ecosystem

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Dell helps you simplify IT

HITRUST ON THE CLOUD. Navigating Healthcare Compliance

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

ALIENVAULT USM FOR AWS SOLUTION GUIDE

IT-CNP, Inc. Capability Statement

MODERNIZE INFRASTRUCTURE

New Zealand Government IBM Infrastructure as a Service

CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Shared Services in the Spotlight

10 Cloud Myths Demystified

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

The Optimized Datacenter. Microsoft Corporation June 2009

Networks

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

Sustainable Security Operations

Virtualizing the SAP Infrastructure through Grid Technology. WHITE PAPER March 2007

Driving Global Resilience

Securing Digital Transformation

Build confidence in the cloud Best practice frameworks for cloud security

DATACENTER AS A SERVICE. We unburden you at the level you desire

Compliance with CloudCheckr

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

IT TRENDS REPORT 2016:

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Why Continuity Matters

Transcription:

Governance for the Public Sector Cloud Managing Cost and Ensuring Compliance Paving the Way to the Cloud Forecasting a potential 30% reduction in data infrastructure spend, the U.S. Government embarked on a cloud-first policy beginning with the 2012 budget cycle. When evaluating new IT deployments, agencies were directed to default to cloud-based solutions in lieu of building additional in-house capabilities provided secure, reliable, and cost-effective options were available. The cloud promised less duplication of systems, more easily managed environments, and shorter procurement cycles. The overall goal was to deliver greater impact from IT spend to citizens. The need to enable efficient and scalable technology development, deliver stellar customer experience to employees and the public, and reap economic efficiencies has helped pave the way for increased cloud consumption. In addition, the Federal Risk and Authorization Management Program (FedRAMP) has aided adoption by standardizing security services and streamlining the assessment process. Six years after the cloud-first mandate, cloud use is steadily increasing across the government. In the intelligence community (IC) alone, cloud use has increased more than 200% year over year 1. An ever-growing number of missions are now being executed with greater agility, cost savings, and speed because the government is taking advantage of commercial cloud services. In the intelligence community (IC) alone, cloud use has increased more than 200% year over year. 1

Challenges on the Road to Cloud Value Cloud adoption has largely come from the bottom up, with small groups of early adopters migrating project workloads to the cloud and seeing initial success. These groups help transform organizational thinking and challenge the status quo. Seeing success, additional teams begin to express interest. What happens next is somewhat predictable: agencies end up with numerous systems engineered for the cloud but still reliant on manual IT governance to control access, budget, and compliance. Soon, it s impossible to answer basic questions about cloud use and operations: How do we determine the state of all cloud users and their access rights across the enterprise? How can we ensure adherence to IT budgets in this pay-as-you-go cloud model, where every user makes micro-purchases in the system? How can we ensure all cloud accounts are compliant with relevant legal or regulatory policies such as HIPAA and FedRAMP? The current mechanisms of Federal funds systems work directly against the intended business advantages of cloud computing. This is the most impactful issue facing the Federal Government with cloud computing. While there are other disadvantages in the current Federal structures, they generally have a much lower impact than funding constraints. 2 Like most tales of technology adoption, there s a rush to take advantage of features and capabilities, followed by the struggle to manage the technology to achieve full adoption and value. A rat s nest of difficult-tomanage workloads in the cloud

Here s how agencies try to tame the cloud today: Potential Solution...And the Result A central group is established to control cloud access through inefficient approval chains, help desk tickets, and manual processes. Apply traditional IT management processes to manage cloud resources. Staff expend countless labor hours to create and update spreadsheets every month to track cloud access, monitor spend, and audit compliance. Technical staff become frustrated with the amount of time it takes to get cloud resources a conflict with the on-demand nature of the cloud. Leadership question the true ROI of the cloud because of the increasing amount of labor required to manage the environment. Allow unfettered, decentralized access to cloud service providers across multiple unconnected accounts. Cloud accounts and resources are set up inconsistently across the enterprise. Technical staff have elevated permissions with no enforceable accountability for their actions. Leadership has very little visibility into and control over cloud use and security practices across the enterprise. Use cloud broker technology to enable visibility and accountability. The number of cloud services available to the organization is greatly diluted by the broker s ability to keep pace with new services offered by CSPs like AWS and Microsoft. Technical staff become discouraged when they must learn another new technology to use the cloud. Leadership gains control and consistency, but sacrifices the innovation potential of the organization. Cloud Governance Ensures Cloud Value Technology makes up just one small part of cloud adoption: processes, operations, and people are critical elements of successful adoption. Agencies struggle to move from initial, project-based cloud use to organization-wide cloud adoption and value due to a lack of governance over these non-technology elements. Cloud governance is the process of establishing, monitoring, and ensuring adherence to the rules, guidelines, and policies meant to control an organization s cloud resources and actions. Ideally, the governance process is largely automated to ensure agility and responsiveness to the organization s evolving needs.

A robust governance approach requires the following: Account management to centralize control of resources and allow for secure self-service account creation. Budget enforcement that is aligned to spending policies and provides the ability to alert, freeze, and terminate spend. Compliance automation that is supported with access policies and verification via reporting. Automating Cloud Governance with cloudtamer.io Automating cloud governance is a prerequisite to achieving organization-wide cloud value in an efficient and cost-effective manner. Teams Acknowledge a Lack of Governance A study of over 550 senior leaders in government found that: 47% of respondents feel that cloud governance is nonexistent, and 71% report using an application on at least one occasion which fell outside the agency-approved IT toolkit. 42% of respondents say cloud adoption has occurred entirely or partially outside of governance. 3 cloudtamer.io tackles the challenges described earlier, automating much of the effort to manage accounts, enforce budgets, and ensure compliance. A governance portal for all users to reach the cloud@scale

Challenge cloudtamer.io helps you... How do you determine the state of all cloud users and their access rights across the enterprise? Know what accounts you manage and who has access to accounts. Quickly create projects or add users to meet project and customer needs. Control available services upon access attempt. How can you ensure adherence to IT budgets in the pay-as-you-go cloud model, where every user makes micro-purchases in the system? Get a real-time view into budget and centralize cost management. Enforce (not just report) cloud spending across many accounts and workloads to ensure compliance with the Antideficiency Act (ADA). Get near real-time cloud spending reports for projects. How do you ensure your cloud presence is compliant with relevant legal or regulatory policies such as HIPAA and FedRAMP? Automate staff adherence to defined compliance standards. Maintain organizational security practices when many users are requesting cloud resources across many accounts. Easy scalability without proper governance can lead to the government committing to a large sum of money. There can be instances where scaling up for resources are outside the IT security boundaries...these risks can all be mitigated by having the proper governance structure with the responsibility to enable IT cloud solutions and cloud related programs within the acquisition and contracting policies. 4

Success with cloudtamer.io Client Goal A leading US Government agency Give thousands of developers and researchers controlled access to a multi-petabyte data repository. Challenges Improve and streamline the user experience to access new AWS services. Reduce the time it takes to get access to a new cloud account to perform research. Restrict users and projects from incurring cloud expenses that exceed appropriated budgets to conform with the Antideficiency Act (ADA). Ensure projects implement relevant security controls to comply with FedRAMP & NIST SP 800-53. 1 CIA s Cloud is Pretty Close to Invincible, CIO Says; http://www.nextgov.com/it-modernization/2017/06/cias-cloud-pretty-close-invincible-cio-says/138679/ 2 Acquisition Professional s C.A.S.T.L.E. Guide, draft; https://1yxsm73j7aop3quc9y5ifaw3-wpengine.netdna-ssl.com/wp-content/uploads/2017/09/acquisition- Professionals-CASTLE-Guide-Draft.pdf 3 Mastering the Migration to Cloud Computing, survey of federal leaders; https://www2.deloitte.com/us/en/pages/public-sector/articles/federal-cloud-migrationsurvey.html?id=us:2el:3pr:fed1253:eng:fed:030117 4 Acquisition Professional s C.A.S.T.L.E. Guide, draft; https://1yxsm73j7aop3quc9y5ifaw3-wpengine.netdna-ssl.com/wp-content/uploads/2017/09/acquisition- Professionals-CASTLE-Guide-Draft.pdf Stratus Solutions specializes in cloud infrastructure modernization, cyber security, and DevOps. We developed cloudtamer.io after seeing many organizations struggle to scale and govern their cloud use. With cloudtamer.io, our customers overcome the account management, budget enforcement, and compliance automation obstacles that face other organizations as they scale. Contact Us info@cloudtamer.io www.cloudtamer.io

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback