Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Itir oct0714-afac report-en
1. Architecture Framework Advisory
Committee Update
Presentation to the Information Technology Infrastructure
Roundtable
October 7, 2014
Benoît Long, Senior Assistant Deputy Minister, Transformation,
Service Strategy and Design and Chair of the Architecture
Framework Advisory Committee
2. Outline
Context:
Architecture Framework Advisory Committee (AFAC)
Meetings and Topics
AFAC Consultation Roadmap on Cyber and IT Security
Device Security
Objectives
Defined
What Shared Services Canada (SSC) Has Heard
Next Steps
2
3. 3
Workplace Technology Devices
SHAREDSERVICESCANADAOUTCOMESAFACMEETINGS
Cyber and IT
Security
Framework and
Device Security
Cloud Security Future Meeting Topics –
timing to be confirmed*
Jan 20 Feb 24 July 7 Sept 8 Nov 4 Dec 1
2014
2014
Context – Architecture Framework Advisory
Committee Meetings and Topics
2015
Mar 14 Apr 16 May 26
Cyber and IT
Framework and
Device Security
Defined
Sept 2014
Enterprise
Architecture library
available on SSC
Internet site
Feb 2014
• Architecture Standards
• SSC Infrastructure as a
Service (IaaS) and Platform
as a Service (PaaS)
• Directories
• IT Security Standards
2014
4. Architecture Framework Advisory Committee’s
Consultation Roadmap – Cyber and IT Security
STRATEGY KEY ACTIVITIES
2014–15
AFAC INPUT
Recommendations
for Strategic
Questions
Guiding Principles/
Best Practices
Experience/Case
Studies
Risks/Success
Factors
Cyber and IT
Security
Framework/ Device
Security
Service Bundles
and Delivery Model
Licensing Models
and Solutions
Framework and
End-State Service
Strategy
Enterprise
Procurement
Functional
Direction
• Meetings
• Demos
• Written
Submissions
Formal
Industry
Engagement
July 7
To Be
Determined
4
Sept 8
Nov 4
Dec 1
Cloud Security
Strategy (including
Device Security)
5. Device Security – Objectives
5
• Enhance security services required to mitigate from evolving
threats
• Support for security service integration with new cloud and
mobile technologies
• Support Treasury Board’s IT Policy Implementation Notice
(ITPIN) implementation regarding the secure use of portable
data storage devices within the Government of Canada
• Address the need for an enterprise procurement vehicle for
device security software
• Existing device security software licenses renewal to maintain
operations (e.g. Keeping the Lights On)
• Multiple device security disparate solutions and policy
application
• Standardization to drive efficiencies and cost savings across
the GC
Increase Security
Improve Service
Generate Savings
6. Device Security – Defined
What is Device Security?
• Device security refers to the protection of Government of Canada (GC)
devices that are used to store and process data through the use of
various information technology (IT) safeguard services.
What GC Devices are we looking to protect?
• Backend devices (Data Server Infrastructure)
• Frontend devices (Traditional personal computers, laptops, Thin-
Clients/Virtual Deployments)
• Mobile Devices (Smartphones, Tablets)
• ~569,000 devices (~100,000 data centre devices, ~469,000 workplace
technology devices)
Why do we need Device Security?
• Safeguard GC devices and data from various forms of malware and
intrusion
• Maintain the confidentiality, integrity and availability of infrastructure
information assets
6
7. What Shared Services Canada Heard from the
Architecture Framework Advisory Committee
Address “legacy” requirements separately from “end state”
De-couple procurements for DC and WTD as their security requirements are
different
Security continuously evolving to meet endlessly changing landscape
Transition from network to data centric approach
Cloud Security increases requirements for data encryption
Build a centralised public key infrastructure (PKI)/certificate authorities
Leverage “location based” data access (e.g. no Protected B in a public
zone)
Develop and enforce hardening and standards
Metrics are crucial – defines how success is measured
Look into behavioural security analysis for advanced attack detection
Investigate sandbox and isolation techniques (micro-segmentation)
7
8. Revised Device Security Strategy
Address legacy requirements by leveraging existing
procurement vehicles
De-couple data centre and WTD device security strategy
efforts
Develop a Cloud Security Strategy that incorporates device
security
Holistic approach across IT security domains
Integrate security services & strategies
Data centric approach
Continue consulting industry
8
9. Next Steps
In early November, SSC plans to further explore cloud security
with AFAC members
At the next IT Infrastructure Roundtable meeting, return with
feedback and advice from AFAC sessions on cloud security
9