Presentation is loading. Please wait.

Presentation is loading. Please wait.

Government Transparency: Cross-cutting Business Use Cases for Cloud Computing Dr. Richard L. Klobuchar, SAIC August 17, 2011.

Similar presentations


Presentation on theme: "Government Transparency: Cross-cutting Business Use Cases for Cloud Computing Dr. Richard L. Klobuchar, SAIC August 17, 2011."— Presentation transcript:

1 Government Transparency: Cross-cutting Business Use Cases for Cloud Computing Dr. Richard L. Klobuchar, SAIC August 17, 2011

2 Introduction “Cloud-First” Strategy and 25-Point Plan Important Role of NIST – Definitions, FedRAMP, Reference Architecture, SAJACC, Business Use Cases Why, When, and Where does it make good business sense to migrate to a cloud? Cross-cutting business use cases – What business functions make sense? Role of GSA Infrastructure-as-a-Service (IAAS) and -as-a-Service (EAAS) – NEW!!! Observations and final thoughts to ponder Late breaking news from the Cloud PMO

3 What is the Cloud (Really) and Where is It Useful?

4 Federal Government Drivers and Trends: 25-Point Plan including “Cloud-First” Strategy (Dec 9, 2010) PART I: ACHIEVING OPERATIONAL EFFICIENCY A. Apply “Light Technology "and Shared Solutions 1.Complete detailed implementation plans to consolidate at least 800 data centers by Create a government-wide marketplace for data center availability 3.Shift to a “Cloud First” policy 4.Stand-up contract vehicles for secure IaaS solutions 5.Stand-up contract vehicles for commodity services 6.Develop a strategy for shared services PART I: ACHIEVING OPERATIONAL EFFICIENCY A. Apply “Light Technology "and Shared Solutions 1.Complete detailed implementation plans to consolidate at least 800 data centers by Create a government-wide marketplace for data center availability 3.Shift to a “Cloud First” policy 4.Stand-up contract vehicles for secure IaaS solutions 5.Stand-up contract vehicles for commodity services 6.Develop a strategy for shared services “Cloud First” Strategy – Begins immediately with three (3) parts: Use commercial cloud technologies where feasible Launch private government clouds Utilize regional clouds with state and local governments – Default to cloud-based solutions 3.1 Publish cloud strategy Federal CIO will publish a strategy to accelerate the safe and secure adoption NIST will facilitate and lead the development of standards 3.2 Jump-start the migration to cloud technologies – …required to identify three “must move” services and create a project plan for migrating each of them to cloud solutions and retiring the associated legacy systems. Of the three, at least one of the services must fully migrate to a cloud solution within 12 months and the remaining two within 18 months. “Cloud First” Strategy – Begins immediately with three (3) parts: Use commercial cloud technologies where feasible Launch private government clouds Utilize regional clouds with state and local governments – Default to cloud-based solutions 3.1 Publish cloud strategy Federal CIO will publish a strategy to accelerate the safe and secure adoption NIST will facilitate and lead the development of standards 3.2 Jump-start the migration to cloud technologies – …required to identify three “must move” services and create a project plan for migrating each of them to cloud solutions and retiring the associated legacy systems. Of the three, at least one of the services must fully migrate to a cloud solution within 12 months and the remaining two within 18 months. Federal Cloud Computing Strategy subsequently published on Feb 8, 2011

5 Primary Activities within the Federal Cloud PMO Business Use Cases Addressed Here Other related: Trusted Internet Connections (TIC) Green IT IPv6 Apps.govFedRAMP Federal Data Center Consolidation Initiative Infrastructure- as-a-Service (IAAS) Software- as-a-Service Platform- as-a-Service (Geospatial) 1st Federal storefront offering commoditized cloud services “Authorize Once, Use Many” approach to security for Cloud Service Providers Assist agencies to consolidate at least 800 data centers by FY15 Commodity computing resources made available through GSA BPA Cloud to be made available (Summer 2011) through BPA Geospatial PAAS work currently underway

6 Reinforcing the Federal Strategic Decision re Cloud Computing Federal Cloud Computing Strategy called out the important role of NIST in promoting standards and security measures for cloud computing: Cloud Definitions and Guidance: Formal Definition of Cloud Computing in Special Publication SP Security and Privacy Guidelines for Public Cloud Computing in SP Industry/Government Working Groups/Committees established for: FedRAMP (Federal Risk Assessment Management Program) for cross agency C&A with utilization of NIST SP as a tech basis under FISMA SAJACC (Standards Acceleration to Jumpstart Adoption of Cloud Computing) Reference Architecture definition Business Use Cases definition Recently established Cloud “Best Practices” Working Group (now addressing details of how business use cases should be implemented)

7 Most organizations perform a common set of business functions that are amenable to a cloud-based approach within the 4 NIST deployment models – Cross-cutting BUCs NIST 3-Part Cloud Definition Software-as-a-Service is access to virtualized applications via thin clients (e.g., Web browser) Platform-as-a-Service Is access to programming environments and tools Infrastructure-as-a-Service Is access to an operating environment (e.g., servers, storage, network) Cloud infrastructure operated solely for a single organization; can be 3 rd party; on- or off-premises Cloud infrastructure shared by multiple organizations with similar mission or interest; can be 3 rd party; on-or off-premises Cloud infrastructure is property of the cloud provider and open to everyone Combination of two (2) or more deployment types; enabling portability and cloud bursting On-Demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity (scale up/down) Measured Service

8 Important to Appreciate the Tradeoffs between Cost and Security for the Cloud Deployment Models Risk Reduction Cost Savings Public Private Community

9 Why Government Is Turning to the Cloud? Agility, speed, and flexibility Rapid deployment and change management (Minutes vs. months to provision IT resources) Adaptable to changing/unpredictable business needs Ideal for cyclical or episodic circumstances User self-service capabilities possible Financial benefits Cost savings vs. legacy (some perceived, some real) “Pay-as-you-go” model reduces financial risk and exposure Move from capital (CapEx) to operating expense (OpEx) A “natural” for Green IT and data center consolidation mandates

10 Why Government Is Turning to the Cloud? Simplicity and convenience Easy, on-demand procurement of cloud services “promised” Encourages use of standardized resources/applications Easy mobile access to applications globally New capabilities New integrated solutions not feasible before Most security risks well mitigated and being addressed by FedRAMP New citizen services opportunities facilitated by wide cloud adoption Besides, “Cloud-First” is now mandated for Government!!!

11 Mission Areas for Government Business Use Cases Leveraging NIST Cloud Characteristics. Agencies with: Large eGovernment, public, info dissemination mission, and those subject to “flash” crowds should be among the first adopters. NO BRAINER! with minimal security risk A cyclical and seasonal set of requirements (e.g., Census, IRS, NOAA, DOE, Agriculture) Large databases and statistical responsibility requiring large-scale scientific and technical computing resources (to largely be on standby)

12 Mission Areas for Government Business Use Cases Leveraging NIST Cloud Characteristics. Agencies with: Episodic requirements which can benefit from rapid, on- demand cloud provisioning Emergency management per the Federal Response Plan with 28 agencies and FEMA International support (e.g., Japanese Earthquake and Tsunami; Middle East crises, etc.) e-Filing, complex multi-directional object submission, public collaboration, benefits transfer, and grants management -- “eGovernment Applications”

13 Mission Areas for Government Business Use Cases – Leveraging NIST Cloud Characteristics Agencies with: Broad and distributed defense, international, financial, and intelligence responsibility needing to: Gather information, collaborate, analyze, visualize, develop situational awareness, and deliver information Also includes mobile delivery Examples: border surveillance; financial market surveillance, environmental monitoring

14 Mission Areas for Government Business Use Cases Leveraging NIST Cloud Characteristics. Agencies with: Well-defined communities and regulatory responsibility to adopt a “push/pull” scenario for secure access to “regulated distributed databases” Collaboration with states, localities, and regulated industries (within years) Examples: “Smartgrid”, Healthcare, Energy, Financial, Environmental, Emergency Management, etc. Well-defined business functions that can be typically out- sourced and acquired as SaaS, such as HR and Financial Management (FM)

15 Most organizations perform a common set of business functions that are amenable to a cloud-based approach within the 4 NIST delivery models:  Development and test  Search and retrieval  Records management services and digital notary  Information dissemination  e-Filing – electronic submission of documents/data with receipts and validation (“electronic mailroom”)  Benefits and grant transfer  Collaboration and information sharing  Social networking  Mobile access / delivery  Communications ( & messaging)  eDiscovery, statistical analysis, and analytics  Geospatial services (PAAS)  Workflow management  Archiving and data storage  Document management  Backup and Recovery and Continuity of Operations (COOP)  Data gathering and situational awareness  FOIA support services  ITIL and SLA Management-as-a-Service  Managed Security Services (e.g., Identity Mgmt, Penetration Testing, Persistent PKI, Continuous Monitoring, Intrusion Detection, Managed Endpoint Security) Cross-cutting Business Use Cases

16 Secure eFiling with Records Management and Interchange Across Business Partners Infrastructure-as-a-Service

17 1.Apptis Inc. partnered with Amazon Web Services 2.AT&T 3.Autonomic Resources partnered with Carpathia, Enomaly, and Dell 4.CGI Federal 5.Computer Literacy World partnered with Electrosoft, XO Communications and Secure Networks 6.Computer Technology Consultants partnered with Softlayer, Inc. 7.Eyak Tech LLC 8.General Dynamics Information Technology (GDIT) partnered with Carpathia 9.Insight Public Sector partnered with Microsoft 10.Savvis Federal Systems 11.Verizon Federal Inc (now with Terremark). Issues and Observations: Number of awardees is very high. Looks like every firm/organization that applied received an award Awardees currently striving to achieve FISMA Moderate security assessment via FedRAMP. The GSA BPA for IAAS DID NOT provide for SI services, nor any labor services for actual development and migration of agency apps/data/use cases to the cloud IAAS was pure, low-cost, commodity cloud services BPA for servers, storage, and network resources Agencies are beginning to be inundated and perplexed as to whom to select? Why? How do they get to the promised land? What functions and business use cases should they implement? GSA IAAS Provides the Infrastructure for Hosting the BUCs

18 Major Agency Systems Integration Concerns Needing to be Addressed Under GSA IAAS “What should agencies do?” (Especially, in light of the OMB 25-Point Federal IT Reform Plan) “How should they do it?” “How should they interact with FedRAMP?” “Which cloud vendor(s) should they select and why?” SLA differences? “What applications and data should be migrated?” “How much is it going to cost?” “How do they manage and govern the process of cloud migration?” “What are the key risks and mitigation measures?” “Should they use existing contract vehicles or issue a new development/migration purchase order?”

19 Even more competitors are expected with $2.5B ceiling Now contains applications migration and integration services with 11 labor categories FedRAMP up to FISMA HIGH Many NIST cross-cutting business use cases now incorporated in lots: and collaboration eDiscovery and searching Archiving, storage, backup and restore services Social networking (ala Web page development) Records management services Mobile delivery Five (5) service offerings: Lot 1: -as-a-Service Lot 2: Office Automation Lot 3: Electronic Records Management Lot 4: Migration Services Lot 5: Integration Services Four (4) categories of cloud computing: Government community cloud Provider-furnished equipment private cloud Secret enclave Public cloud NEW: GSA EAAS Embeds Many NIST Business Use Cases

20 Observations and Final Thoughts To Ponder… NIST Business Use Cases are viable for implementation in a cloud. Several implementations already exist as exemplars with lessons learned Many organizations are beginning with a private cloud--a safe but less cost-effective starting point. Many IT organizations view a cloud computing roadmap as a technology implementation rather than a change agent for business processes. They need to partner with the CFO and other internal stakeholders to deliver business process value first and foremost More of a business transformation than a technology revolution An enlightened design can securely integrate internal and external resources – learn and appreciate the standards – especially security and interoperability

21 Observations and Final Thoughts To Ponder… The public cloud will become more secure and less risky as time goes on. Virtually every organization has something like information dissemination or e-learning that can be a test case for the public cloud Besides you can always encrypt and store the keys in your trusted private environment Community clouds will initially form around classes of users. Over time, however, communities will align to feature certain capabilities (like financial management providers) in clouds optimized to provide that kind of service. Prescient organizations will redefine the role of the IT department as part of a move to cloud computing. Personnel will need training and eventual redeployment to harness the talent and achieve efficiencies. 21

22 Late-Breaking News…. NIST Business Use Cases, Best Practices, Reference Architecture, and Standards Infrastructure-as-a-Service (IAAS) Availability -as-a-Service (EAAS) FedRAMP Implementation 22

23 Transparency in Government

24 Contact Info Dr. Richard L. Klobuchar SAIC VP and Chief Scientist/Engineer Homeland and Civilian Solutions (757)


Download ppt "Government Transparency: Cross-cutting Business Use Cases for Cloud Computing Dr. Richard L. Klobuchar, SAIC August 17, 2011."

Similar presentations


Ads by Google