Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED You can run, but you can’t hide or Regulations, Mandates and Policy Considerations for Federal Cloud Computing.

Similar presentations


Presentation on theme: "© 2010 Quest Software, Inc. ALL RIGHTS RESERVED You can run, but you can’t hide or Regulations, Mandates and Policy Considerations for Federal Cloud Computing."— Presentation transcript:

1 © 2010 Quest Software, Inc. ALL RIGHTS RESERVED You can run, but you can’t hide or Regulations, Mandates and Policy Considerations for Federal Cloud Computing Ken Cline, Chief Cloud & Virtualization Architect, Public Sector Dmitry Kagansky, Chief Technology Officer, Public Sector (Federal) July 20, 2011 © 2011 Quest Software, Inc. ALL RIGHTS RESERVED

2 2 Public Sector Agencies Depend on Quest Federal Civilian Federal DoD Local Government Higher Education State Government

3 3 Quest is the Answer… Simplicity At Work We help simplify your toughest IT management challenges. Innovation is Quest’s competitive advantage. –Products that are simple to own and operate –Rapid time to value –Solution sets that are both broad and deep “Less is more.” - Ludwig Mies van der Rohe

4 4 The Federal Government – A Quick Primer Congress, Supreme Court and White House Every Agency reports to the White House –Civilian –NSG (National Security Group) State, Justice, Homeland/DHS, IC (Intelligence Community) –Department of Defense (DOD) US Army, Air Force, Marines, Navy, DISA, DTRA, etc. Budgets are October 1 to September 30 th –CR: Continuing Resolution (only “O&M” is available) System Integrators (SIs) Evaluate, Buy, Install, Manage & Maintain

5 5 What do the Feds care about? Serving ‘the mission’ Not being on the front page of the Washington Post –Or getting hauled in front of Congress Lots of rules, regulations, regulations and mandates –FISMA: Federal Information Security Management Act of 2002 General security standards and guidelines –NIST: National Institutes of Standards & Technology Publisher of FIPS (Federal Information Processing Standards) –Section 508 VPATs – no longer (just) a marketing chore –IPv6 Must be on roadmap, and must be in product by end of 2012

6 6 Security is always a concern FIPS –140-2: Encryption Standards –201-2: PKI Authentication HSPD-12: “Strong Authentication” directive –Driver for issuing smartcards & 2FA tokens –M 11-11: Driver for using Strong Auth for LACs (Logical Access Controls) Cybersecurity (formerly Information Assurance) –Always a concern – Stuxnet raised the bar! –APT is now prevalent (and discussed) FICAM (aka IDM or IAM) –www.idmanagement.gov - run by GSA, CIO Council

7 7 Main Drivers Cloud First –Three (3) cloud projects within 18 months of 12/2010 –First one due on 12/2011 Federal Data Center Consolidation Initiative (FDCCI) –Reduce 2200 data centers down to 1400 by 2015 Budgetary Concerns –Cloud anticipated to save millions –Estimated that 25% of total Federal IT spending (roughly $80 million) will be spent on “Cloud”

8 8 Why you cannot run from the Cloud Buzzword compliancy Mandated by the White House CIO –“Cloud First” End user driven –IT “Customers” are much more tech savvy and want services that they can get with private cloud –Push for BYOD (Bring your own device) Industry driven –Vendors are putting in “cloud functionality” and you’ll want to take advantage of features

9 9 Why the Cloud is more risky to the Feds Security is the first concern –We won’t dwell on it – it’s a concern for everyone Vendor Management –The government doesn’t “adapt” quickly –SLAs and traditional metrics don’t work –Traditional procurement cycles don’t fit Exit strategies are non-existent –Norwich University survey bears out that over 90% of Feds don’t know of a plan, or don’t have one, if a cloud provider fails Skill sets aren’t there –Realistically, the Feds are behind the curve here, and admit it. There is considerably more legacy systems to maintain, so many are treading water, just keeping up with technology.

10 10 What can be done to minimize the risk? This is where YOU come in We don’t have all the answers, but we can help reduce the risk

11 11 Resources FISMA –http://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002http://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002 NIST –http://www.nist.govhttp://www.nist.gov Section 508 –http://www.section508.gov/http://www.section508.gov/ –http://www.hhs.gov/web/508/index.htmlhttp://www.hhs.gov/web/508/index.html FIPS –140-2: –201-2: 2.pdfhttp://csrc.nist.gov/publications/drafts/fips201-2/Draft_NIST-FIPS pdf HSPD-12 –http://www.dhs.gov/xabout/laws/gc_ shtmhttp://www.dhs.gov/xabout/laws/gc_ shtm –M pdfhttp://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m pdf IPv6 –http://w3.antd.nist.gov/usgv6/http://w3.antd.nist.gov/usgv6/ Pulse on Public Sector Virtualization and Cloud Computing Study –http://www.quest.com/documents/landing.aspx?id=14279http://www.quest.com/documents/landing.aspx?id=14279

12 12 Quest is a highly innovative company focused on helping organizations simplify and reduce the cost of managing IT. - Dmitry KaganskyKen Cline


Download ppt "© 2010 Quest Software, Inc. ALL RIGHTS RESERVED You can run, but you can’t hide or Regulations, Mandates and Policy Considerations for Federal Cloud Computing."

Similar presentations


Ads by Google