Successfully reported this slideshow.

DoD Enterprise Cloud Services Broker - AWS Symposium 2014 - Washington D.C.

3,603 views

Published on

This session will discuss the DoD Enterprise Cloud Services Broker model and the process for engagement with DISA in their role as the ECSB. This session will also review the DoD Cloud Security Model (CSM) and its security container levels.

Published in: Technology, Business
  • Be the first to comment

DoD Enterprise Cloud Services Broker - AWS Symposium 2014 - Washington D.C.

  1. 1. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Deciphering the DoD Cloud Broker Process Mark Fox DoD Sales Executive markfox@amazon.com
  2. 2. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 DoD Commercial Cloud – Commonly Asked Questions 1. Can I run DoD workloads in the Commercial Cloud? – Are you FedRAMP Compliant? – What is the IA Process? (DIACAP/RMF…?) – How do I work with the DISA Cloud Broker? FOCUS OF TODAY’S SESSION – Can I get a private cloud? 2. Where is/are your Data Center(s)? – How are they different than DoD Data Centers and DECC’s (CDC’s)? – How is AWS different from other “Cloud” providers? – Does my data stay in the US? 3. How much do you cost? Where is your “Rate Card”? 4. How do I get started using a CSP?
  3. 3. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Cloud Services Provider DoD Cloud Security Model (CSM) - ATO Process Increasing Security and Operating Requirements DoD Cloud Security Model (Administered via DISA) 14 FedRAMP Compliant CSP’s1 FedRAMP Authority to Operate CSM ATO Levels 1-2 (Public) CSM ATO Levels 3-5 (NIPR) CSM ATO Level 6 (SIPR) 1 2 3 4 5 6 Providers are a mix of IaaS, PaaS, SaaS (Initial Focus is on IaaS) Provisional Authorization granted1 0 Provisional Authorization granted2 100’s of Cloud Service Providers (CSP) System- Specific ATO John Doe DoD DAA The DoD provisionally authorized commercial CSP offering is eligible to be included in the Enterprise Cloud Service Catalog 1 Source: http://www.gsa.gov/portal/content/131931 2 Provisional ATO granted as of 2/15/2014
  4. 4. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 DoD CSP – Useful Links DoD Cloud Broker http://www.disa.mil/Services/DoD-Cloud-Broker DoD Cloud Security Model http://iase.disa.mil/cloud_security/index.html AWS FedRAMP Information http://aws.amazon.com/compliance/fedramp-faqs/ DISA Cloud Broker mailbox disa.meade.cae.mbx.cloud-broker@mail.mil
  5. 5. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Commercial Platform
  6. 6. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 The following services are in the accreditation boundary for FedRAMP: Enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources. Amazon EC2 Provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Amazon VPC Provides the ability for you to provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define. Amazon S3 Provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. Amazon EBS Provides highly available, highly reliable, predictable storage volumes that can be attached to a running Amazon EC2 instance and exposed as a device within the instance. Amazon Redshift A fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost-effective to efficiently analyze all your data using your existing business intelligence tools. IAM
  7. 7. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Global Infrastructure 10 Regions consisting of 25 Availability Zones and 51 Edge Locations (CDN)
  8. 8. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 CONUS REGIONS Availability Zone A Availability Zone B GovCloud (OR) Availability Zone A Availability Zone B Availability Zone C Availability Zone D US East (VA) Availability Zone A Availability Zone B US West (CA) Availability Zone A Availability Zone B Availability Zone C US West (OR) Customer Decides Where Applications and Data Reside Note: Conceptual drawing only. The number of Availability Zones may vary. AWS Regions & Availability Zones within FedRAMP Boundary
  9. 9. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Regional Construct View - Independent/separate geographic areas - Isolated from other Regions (security boundary) - = ~50 mile radius “clustered” data center architecture - Comprised of multiple Availability Zones - Availability Zone = 1 or more “data center” - Availability Zones connected through redundant low- latency links - Customer chooses Region. Data stays within Region. - Enables high-availability architecture Sample US Region Availability Zone A Availability Zone C Availability Zone B
  10. 10. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Availability Zone (AZ) View - Multiple isolated locations within a Region - Availability Zone = 1 or more “data center” - Independent Failure Zone - Physically separated - On separate Low Risk Flood Plains - Discrete UPS - Onsite backup generation facilities - Fed from different segments of utility provider - Redundantly connected to multiple tier-1 ISP’s - No “Disaster Recovery Datacenter” - Built for Continuous Availability - Customer decides Availability Zone for Compute Sample US Region ~ DoD Data Center Availability Zone A Availability Zone B Availability Zone C
  11. 11. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Security is a Shared Responsibility Cross-service Controls Service-specific Controls Managed by AWS Managed by Customer and/or Partner Cloud Service Provider Controls Optimized Network/OS/App Controls DoD Scope of a Cloud Service Provider (CSP)
  12. 12. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 DoD Cloud Consumer Cloud Service Request Process Data Categorization CSP Selection Cloud Service Request Form Task Order Negotiations and Service Level Agreement (SLA) Cloud Service Request Assessment and Recommendation DoD Cloud Consumer Mission Assessment Contract Vehicle Usage Cloud Service Request (CSR) Mission Security Moni- toring Technical, Mission Assurance, and Security Assessments Onboarding System- Specific ATO Service Delivery and SLA Moni- toring Transi- tion to Opera- tions Mission Operations Support Service DeskCSP List Technical Matching Assessment Security Model Impact Level Assessment • Mission Owner submit CSR • ECSB assess CSR • ECSB connect Mission Owner with CSP’s • ECSB assess CSR • ECSB connect Mission Owner with CSP’s • Acquisition strategy and options • ATO and • migration • O&M • Continuous Monitoring
  13. 13. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 DoD Cloud Broker - Cloud Service Request http://www.disa.mil/Services/DoD-Cloud-Broker/~/media/Files/DISA/Services/Cloud-Broker/Service- Customer-Request.pdf
  14. 14. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Thank You Mark Fox DoD Sales Executive markfox@amazon.com

×