Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Aumentum Cloud Strategy: Public Cloud vs. Government Cloud

15 views

Published on

As Aumentum transitions to a cloud hosted SaaS product, the conversation about "public cloud" vs. "government cloud" is of interest to customers. This session will review some cloud computing definitions, discuss what is commonly referred to as "government cloud," and provide a preview of the Aumentum cloud strategy.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Aumentum Cloud Strategy: Public Cloud vs. Government Cloud

  1. 1. Aumentum Cloud Strategy Public Cloud vs. Government Cloud
  2. 2. Kevin Hakanson Sr. Software Architect 3
  3. 3. 4 Kevin Hakanson Kevin Hakanson is a Sr. Software Architect in Thomson Reuters Tax and Accounting Professionals Government Technology based in Minneapolis, MN. Kevin has over 25 years of professional experience in software development. He started at Thomson Reuters in 2002 and joined Government Technology in 2018 to execute on the public-cloud strategy. He is an expert at building cost-effective, secure, web applications in the cloud and presents on security topics at industry conferences. Kevin holds an MS in Software Engineering and a BA in Computer Science and Mathematics. His certifications include AWS Certified Solution Architect - Professional and AWS Certified Security – Specialty.
  4. 4. 5 Objective Discussion on Government and Public cloud solutions for Aumentum. (Note: some slides have a lot of words)
  5. 5. 6 Agenda slide 4:00 Introduction 4:05 Presentation – Definitions – Government Cloud – Aumentum 4:45 Q & A – (or ask questions anytime) 5:00 Start enjoying your free time – (or earlier if nobody asks questions)
  6. 6. 7 Definitions
  7. 7. 88 Google Definitions
  8. 8. 9 NIST Cloud Computing Definitions • Cloud Consumer - A person or organization that maintains a business relationship with, and uses service from, Cloud Providers. • Cloud Provider - A person, organization, or entity responsible for making a service available to interested parties. • Cloud Broker - An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. • Public Cloud - The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Source: https://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/ReferenceArchitectureTaxonomy/NIST_SP_500-292_-_090611.pdf
  9. 9. 10 NIST Cloud Computing Definitions • Infrastructure as a Service (IaaS) - The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). • Platform as a Service (PaaS) - The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. • Software as a Service (SaaS) - The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Source: https://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/ReferenceArchitectureTaxonomy/NIST_SP_500-292_-_090611.pdf
  10. 10. 11 Simpler Definitions • IaaS – Infrastructure as a Service provides vendor supported data center where customer must specify and provision all required compute resources: machines, networks, storage, etc. “Your mess for less.” • PaaS – Platform as a Service eliminates infrastructure management of compute resources, which are managed automatically. “Move and improve.” • SaaS – Software as a Service provides centrally hosted applications licensed via subscription model. SaaS solutions use IaaS and/or PaaS compute resources. • Hosting – Licensed or owned software deployed on-premise or in the cloud directly or by a 3rd-party provider. Hosted cloud solutions use IaaS and/or PaaS compute resources. Hosted solutions may be offered in a SaaS model.
  11. 11. 12 Microsoft Definition Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). Source: https://azure.microsoft.com/en-us/overview/what-is-saas/ Hosted applications/apps Development tools, database management, business analytics Operating systems Servers and storage Networking firewalls/security Data center physical plant/building
  12. 12. 13 Example Usage Scenario A cloud consumer may request service from a cloud broker instead of contacting a cloud provider directly. The cloud broker may create a new service by combining multiple services or by enhancing an existing service. In this example, the actual cloud providers are invisible to the cloud consumer and the cloud consumer interacts directly with the cloud broker. Source: https://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/ReferenceArchitectureTaxonomy/NIST_SP_500-292_-_090611.pdf
  13. 13. 14 Scenarios • In some scenarios “you” (as a cloud consumer) are moving your entire data center to a cloud provider and responsible for: ‒ Choosing a cloud provider like AWS, GCP, or Microsoft Azure ‒ Understanding and selecting between IaaS and PaaS ‒ Managing the underlying cloud infrastructure ‒ and lots more … • In other scenarios “you” (as a cloud consumer) are moving an application (like Thomson Reuters Aumentum) to a cloud provider who is responsible for: ‒ Offering the application as a SaaS capability ‒ Choosing cloud provider, understanding IaaS & PaaS, managing infrastructure, … • In all scenarios “you” are concerned about the availability and security of your application and its data.
  14. 14. 15 Government Cloud
  15. 15. 16 Government Cloud or “Gov Cloud” “Gov Cloud” is a generic term for a commercial government cloud regardless of vendor. These are subject to government compliance certifications for location and personnel. Non-certified 3rd-party software can run in “Gov Cloud”. • AWS GovCloud (US) Amazon's cloud regions designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements. • Azure Government Choose from six government-only datacenter regions, all granted an Impacted Level 5 Provisional Authorization. And, Azure Government offers the most compliance certifications of any cloud provider. • Google Cloud Government Help improve citizen services, increase operational effectiveness, and deliver proven innovation at your government agency with our highly secured, powerful technology.
  16. 16. 1717 • Criminal Justice Information Services (CJIS) • Committee on National Security Systems Instruction No. 1253 (CNSSI 1253) • Defense Federal Acquisition Regulation Supplement (DFARS) • US Department of Defense (DoD) Provisional Authorization (DoD DISA L2, L3, L5) • Department of Energy 10 CFR Part 810 • EAR (US Export Administration Regulations) • Federal Risk and Authorization Management Program (FedRAMP) • Federal Information Processing Standard (FIPS) Publication 140-2 • US Internal Revenue Service Publication 1075 • International Traffic in Arms Regulations (ITAR) • NIST Special Publication (SP) 800-171 • NIST Cybersecurity Framework (CSF) • Section 508 VPATS US Government Compliance Examples Source: https://www.microsoft.com/en-us/TrustCenter/Compliance/complianceofferings
  17. 17. 18 FedRAMP The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Source: https://www.fedramp.gov/about/
  18. 18. 19 FedRAMP's Applicability to State and Local Entities Given that FedRAMP is a rigorous cloud security program, there is increased interest from state and local governments in leveraging or requiring FedRAMP for their own cloud-based information systems. Due to FedRAMP’s specificity to federal information, non-federal government organizations (e.g., state, local, tribal, territorial, etc.) are not able to partner with CSPs for FedRAMP Authorization. Some cloud service deployments are available for non-federal government use, specifically Public Cloud and some Government-Only Community Clouds. Source: https://www.fedramp.gov/Guidance-on-FedRAMPs-Applicability-to-State-and-Local-Entities/
  19. 19. 20 Azure FedRAMP
  20. 20. 21 Shared Responsibilities for Cloud Computing As organizations consider and evaluate public cloud services, it is essential to explore how different cloud service models will affect cost, ease of use, privacy, security and compliance. The importance of understanding this shared responsibility model is essential for customers who are moving to the cloud. Cloud providers offer considerable advantages for security and compliance efforts, but these advantages do not absolve the customer from protecting their users, applications, and service offerings. Source: https://aka.ms/sharedresponsibility
  21. 21. 22 Government Cloud and Aumentum • Customers inquire about Government Cloud because they are concerned about security, which is often aligned with a compliance standard. • All Azure Commercial Cloud regions are FedRAMP High. However, this only covers the cloud infrastructure Microsoft provides. • Software like Aumentum requires its own compliance certification. Since FedRAMP is only applicable to federal use, the question pivots to what specific compliance standards are required of Aumentum?
  22. 22. 23 Aumentum
  23. 23. 24 Aumentum Virtual Network “Trust Boundary” Web Browser and API Layer only – no direct access to SQL Database WAF and IP Restriction at Application Gateway Public Access Virtual Network Aumentum Government Users Public Access Users batch workflow Aumentum 360 Marketplace app IC360 Data360 Replicated Disaster Recovery Region Continuous Backups Managed Encryption Keys API Health and Application Monitoring API WAF & DDOS
  24. 24. 25 Azure Security • …employ more than 3,500 cybersecurity professionals and spend $1 billion annually on security… • …experience from monitoring more than one million databases over the past few years to offer Advanced Data Security for SQL Database… • …continuously monitors your database for suspicious activities like SQL injection and provides alerts on anomalous database access patterns… Source: https://azure.microsoft.com/en-us/blog/customers-get-unmatched-security-with-windows-server-and-sql-server-workloads-in-azure/
  25. 25. 26 Azure SQL Database The best destination for fully managed SQL in the cloud • Frictionless database migration with no code changes at an industry leading TCO • Built-in machine learning for peak database performance and durability that optimizes performance and security for you • Unmatched scale and high availability for compute and storage without sacrificing performance • Advanced data security including data discovery and classification, vulnerability assessment, and advanced threat detection all in a single pane of glass Source: https://azure.microsoft.com/en-us/services/sql-database/
  26. 26. 27 Azure Application Gateway • Scalable, highly available web application delivery ‒ Get application-level load-balancing services and routing to build a scalable and highly available web front end in Azure. • Web application firewall ‒ Protect your applications from common web vulnerabilities such as SQL injection and cross- site scripting. • End-to-end SSL ‒ Strong encryption from front end to back end helps to secure your data. • Tight integration with Azure ‒ Azure Monitor and Azure Security Center provide centralized monitoring and alerting, and an application health dashboard. Key Vault offers central management and automatic renewal of SSL certificates. Source: https://azure.microsoft.com/en-us/services/application-gateway/
  27. 27. 28 SaaS Application Challenges Customers expect availability and security from Aumentum as a SaaS application. • The only access is via Web Browser or an API layer. • No direct access to the “database” to make schema changes or use reporting tools. (Attend the Aumentum 360 Marketplace session tomorrow at 9:45)
  28. 28. 29 Questions Thank you!

×