This document presents the Federal Cloud Computing Strategy. It aims to accelerate adoption of cloud computing across the Federal Government to improve efficiency and innovation. Cloud computing offers a model where computing resources are provided as a service over the internet, allowing for rapid provisioning and scaling. The strategy provides a framework to help agencies select which services to move to the cloud and how to provision them effectively. It estimates that $20 billion of the Federal Government's $80 billion annual IT spending could potentially be shifted to cloud solutions.
Services, security challenges and security policies in cloud computingeSAT Journals
Abstract Cloud computing is becoming most emerging trend in IT industry. With its potential growth and lucrative services cloud computing has acquired mass market in the industry large enterprises running their business on the cloud. A greater acceptance of public cloud by various businesses has given it a wide popularity, strengthening of public cloud security is big milestone. The public cloud acceptance is increasing along with the trust in public cloud at large extent. As the security is most vital factor in the cloud. Handovering data to the cloud service provider keeps cloud user tensed. Different threats have been discovered in recent years. Database security in public cloud raised some critical issues for cloud service provider. This rapid adaptation to the clouds, have increased concerns on a critical issue for successive growth of communication technology and information security. From a cloud security perspective, a number of unexplored risks and challenges are faced by cloud because of migration, causing degradation of the effectiveness of traditional protection mechanisms. Keywords: Cloud computing, Cloud DBaaS, public cloud, Cloud Security, Confidentiality, Trust, Encryption.
NJVC Implementation of Cloud Computing Solutions in Federal AgenciesGovCloud Network
This paper outlines the essential steps to constructing a solid cloud computing roadmap.This paper outlines the essential steps to constructing a solid cloud computing roadmap.
Cloud Computing for DoD and Government 2010Alexa Deaton
Get the latest information on current and future plans for Cloud Computing!
IDGA’s Cloud Computing for DoD & Government is your opportunity to claim your place in the virtual world of DoD and federal government data storage. You will be able to meet with key decision-makers and top-notch innovators for your chance to tap into the emerging market of cloud computing for defense and government!
Lead the way with revolutionary cloud computing initiatives by attending sessions on:
- Implementation of SaaS solutions
- The immediate need to coordinate cloud standards and how they provide benefit to the enterprise
- Security challenges and solutions for government organizations planning a move to the cloud
- Current DoD and Government programs and future plans for cloud computing activities
Faced with depressing predictions of looming budget cuts cloud computing has come to the fore of discussions to uncover relatively short-term economies in IT functions within the public sector. But how much of the cloud story is hype? How different are cloud architectures to the web-server farms that organizations have had the means to access for well over a decade? And how realistic is it that core business systems will move out of the data centre to the cloud?
A Virtualization Model for Cloud ComputingSouvik Pal
Cloud Computing is now a very emerging field in the IT industry as well as research field. The advancement of Cloud Computing came up due to fast-growing usage of internet among the people. Cloud Computing is basically on-demand network access to a collection of physical resources which can be provisioned according to the need of cloud user under the supervision of Cloud Service provider interaction. From business prospective, the viable achievements of Cloud Computing and recent developments in Grid computing have brought the platform that has introduced virtualization technology into the era of high performance computing. Virtualization technology is widely applied to modern data center for cloud computing. Virtualization is used computer resources to imitate other computer resources or whole computers. This paper provides a Virtualization model for cloud computing that may lead to faster access and better performance. This model may help to combine self-service capabilities and ready-to-use facilities for computing resources.
Choosing the right service providers, managing resources with one governance model, and right-sourcing workloads based on cost, SLA, and trust can be a daunting prospect. Some call this private cloud, others refer to it as public cloud, and still others as hybrid cloud. A better moniker might be enterprise cloud. Enterprise clouds are more attainable with solutions like Gravitant’s cloudMatrix.
Green Computing - Maturity Model for Virtualizationijdmtaiir
Population exploration causes the high usage of
electronic devices such as computer, laptop, and household
equipments. So we can save the power and world from the
pollution and its unpleasant additional result. Using the Green
Computing we can save the power, world., .Green computing
means the study and practice of designing ,manufacturing
using, and disposing of computers ,servers, and associate
subsystem such as printers, monitors etc. The goal of Green
computing are similar to green chemistry reduce the use of
hazardous materials maximum energy efficiency during the
product’s life time and promote the reusability of defunct
products and factory waste. Green computing can also develop
solutions that offer benefits by “aligning all IT process and
practices with the core principles of sustainability which are to
reduce, reuse, and recycle and finding innovative ways to use it
in business product to deliver sustainability benefits across the
enterprise and beyond”.In this thesis, green maturity model for
virtualization and its levels are explained “Green Computing,”
is especially important and timely: As computing becomes
increasingly pervasive, the energy consumption attributable to
computing is climbing, despite the clarion call to action to
reduce consumption and reverse greenhouse effects. At the
same time, the rising cost of energy — due to regulatory
measures enforcing a “true cost” of energy coupled with
scarcity as finite natural resources are rapidly being diminished
— is refocusing IT leaders on efficiency and total cost of
ownership, particularly in the context of the world-wide
financial crisis.. The Five steps for Green computing for
energy conservation.
Swiftly increasing demand of computational
calculations in the process of business, transferring of files
under certain protocols and data centers force to develop an
emerging technology cater to the services for computational
need, highly manageable and secure storage. To fulfill these
technological desires cloud computing is the best answer by
introducing various sorts of service platforms in high
computational environment. Cloud computing is the most
recent paradigm promising to turn around the vision of
“computing utilities” into reality. The term “cloud
computing” is relatively new, there is no universal agreement
on this definition. In this paper, we go through with different
area of expertise of research and novelty in cloud computing
domain and its usefulness in the genre of management. Even
though the cloud computing provides many distinguished
features, it still has certain sorts of short comings amidst with
comparatively high cost for both private and public clouds. It
is the way of congregating amasses of information and
resources stored in personal computers and other gadgets
and further putting them on the public cloud for serving
users. Resource management in a cloud environment is a
hard problem, due to the scale of modern data centers, their
interdependencies along with the range of objectives of the
different actors in a cloud ecosystem. Cloud computing is
turning to be one of the most explosively expanding
technologies in the computing industry in this era. It
authorizes the users to transfer their data and computation to
remote location with minimal impact on system performance.
With the evolution of virtualization technology, cloud
computing has been emerged to be distributed systematically
or strategically on full basis. The idea of cloud computing has
not only restored the field of distributed systems but also
fundamentally changed how business utilizes computing
today. Resource management in cloud computing is in fact a
typical problem which is due to the scale of modern data
centers, the variety of resource types and their inter
dependencies, unpredictability of load along with the range of
objectives of the different actors in a cloud ecosystem.
This paper presents a holistic approach to see how Cloud computing can come in handy for a better governance. Gov2.0 is all about adoption of best in class technology to help citizens better, Cloud is the way to go.
This paper summarizes the results of our research around data center transformation, and discusses the kind of metrics and visibility you will need to successfully migrate and manage applications in a true, high-performance Infrastructure Anywhere environment.
Development environments are a necessary part of every developer's workflow. They can also be a great source of friction. What may begin as simply running python my_app.py eventually bloats as you add more apps, more databases, more testing frameworks, and more developers. We'll talk about the evolution of a typical development environment, how it lets us down, and how we try to make it better. We'll end with an introduction to Dusty, a new tool which uses Docker containers to take our development environments to the next level.
Originally presented at PyGotham 2015.
Services, security challenges and security policies in cloud computingeSAT Journals
Abstract Cloud computing is becoming most emerging trend in IT industry. With its potential growth and lucrative services cloud computing has acquired mass market in the industry large enterprises running their business on the cloud. A greater acceptance of public cloud by various businesses has given it a wide popularity, strengthening of public cloud security is big milestone. The public cloud acceptance is increasing along with the trust in public cloud at large extent. As the security is most vital factor in the cloud. Handovering data to the cloud service provider keeps cloud user tensed. Different threats have been discovered in recent years. Database security in public cloud raised some critical issues for cloud service provider. This rapid adaptation to the clouds, have increased concerns on a critical issue for successive growth of communication technology and information security. From a cloud security perspective, a number of unexplored risks and challenges are faced by cloud because of migration, causing degradation of the effectiveness of traditional protection mechanisms. Keywords: Cloud computing, Cloud DBaaS, public cloud, Cloud Security, Confidentiality, Trust, Encryption.
NJVC Implementation of Cloud Computing Solutions in Federal AgenciesGovCloud Network
This paper outlines the essential steps to constructing a solid cloud computing roadmap.This paper outlines the essential steps to constructing a solid cloud computing roadmap.
Cloud Computing for DoD and Government 2010Alexa Deaton
Get the latest information on current and future plans for Cloud Computing!
IDGA’s Cloud Computing for DoD & Government is your opportunity to claim your place in the virtual world of DoD and federal government data storage. You will be able to meet with key decision-makers and top-notch innovators for your chance to tap into the emerging market of cloud computing for defense and government!
Lead the way with revolutionary cloud computing initiatives by attending sessions on:
- Implementation of SaaS solutions
- The immediate need to coordinate cloud standards and how they provide benefit to the enterprise
- Security challenges and solutions for government organizations planning a move to the cloud
- Current DoD and Government programs and future plans for cloud computing activities
Faced with depressing predictions of looming budget cuts cloud computing has come to the fore of discussions to uncover relatively short-term economies in IT functions within the public sector. But how much of the cloud story is hype? How different are cloud architectures to the web-server farms that organizations have had the means to access for well over a decade? And how realistic is it that core business systems will move out of the data centre to the cloud?
A Virtualization Model for Cloud ComputingSouvik Pal
Cloud Computing is now a very emerging field in the IT industry as well as research field. The advancement of Cloud Computing came up due to fast-growing usage of internet among the people. Cloud Computing is basically on-demand network access to a collection of physical resources which can be provisioned according to the need of cloud user under the supervision of Cloud Service provider interaction. From business prospective, the viable achievements of Cloud Computing and recent developments in Grid computing have brought the platform that has introduced virtualization technology into the era of high performance computing. Virtualization technology is widely applied to modern data center for cloud computing. Virtualization is used computer resources to imitate other computer resources or whole computers. This paper provides a Virtualization model for cloud computing that may lead to faster access and better performance. This model may help to combine self-service capabilities and ready-to-use facilities for computing resources.
Choosing the right service providers, managing resources with one governance model, and right-sourcing workloads based on cost, SLA, and trust can be a daunting prospect. Some call this private cloud, others refer to it as public cloud, and still others as hybrid cloud. A better moniker might be enterprise cloud. Enterprise clouds are more attainable with solutions like Gravitant’s cloudMatrix.
Green Computing - Maturity Model for Virtualizationijdmtaiir
Population exploration causes the high usage of
electronic devices such as computer, laptop, and household
equipments. So we can save the power and world from the
pollution and its unpleasant additional result. Using the Green
Computing we can save the power, world., .Green computing
means the study and practice of designing ,manufacturing
using, and disposing of computers ,servers, and associate
subsystem such as printers, monitors etc. The goal of Green
computing are similar to green chemistry reduce the use of
hazardous materials maximum energy efficiency during the
product’s life time and promote the reusability of defunct
products and factory waste. Green computing can also develop
solutions that offer benefits by “aligning all IT process and
practices with the core principles of sustainability which are to
reduce, reuse, and recycle and finding innovative ways to use it
in business product to deliver sustainability benefits across the
enterprise and beyond”.In this thesis, green maturity model for
virtualization and its levels are explained “Green Computing,”
is especially important and timely: As computing becomes
increasingly pervasive, the energy consumption attributable to
computing is climbing, despite the clarion call to action to
reduce consumption and reverse greenhouse effects. At the
same time, the rising cost of energy — due to regulatory
measures enforcing a “true cost” of energy coupled with
scarcity as finite natural resources are rapidly being diminished
— is refocusing IT leaders on efficiency and total cost of
ownership, particularly in the context of the world-wide
financial crisis.. The Five steps for Green computing for
energy conservation.
Swiftly increasing demand of computational
calculations in the process of business, transferring of files
under certain protocols and data centers force to develop an
emerging technology cater to the services for computational
need, highly manageable and secure storage. To fulfill these
technological desires cloud computing is the best answer by
introducing various sorts of service platforms in high
computational environment. Cloud computing is the most
recent paradigm promising to turn around the vision of
“computing utilities” into reality. The term “cloud
computing” is relatively new, there is no universal agreement
on this definition. In this paper, we go through with different
area of expertise of research and novelty in cloud computing
domain and its usefulness in the genre of management. Even
though the cloud computing provides many distinguished
features, it still has certain sorts of short comings amidst with
comparatively high cost for both private and public clouds. It
is the way of congregating amasses of information and
resources stored in personal computers and other gadgets
and further putting them on the public cloud for serving
users. Resource management in a cloud environment is a
hard problem, due to the scale of modern data centers, their
interdependencies along with the range of objectives of the
different actors in a cloud ecosystem. Cloud computing is
turning to be one of the most explosively expanding
technologies in the computing industry in this era. It
authorizes the users to transfer their data and computation to
remote location with minimal impact on system performance.
With the evolution of virtualization technology, cloud
computing has been emerged to be distributed systematically
or strategically on full basis. The idea of cloud computing has
not only restored the field of distributed systems but also
fundamentally changed how business utilizes computing
today. Resource management in cloud computing is in fact a
typical problem which is due to the scale of modern data
centers, the variety of resource types and their inter
dependencies, unpredictability of load along with the range of
objectives of the different actors in a cloud ecosystem.
This paper presents a holistic approach to see how Cloud computing can come in handy for a better governance. Gov2.0 is all about adoption of best in class technology to help citizens better, Cloud is the way to go.
This paper summarizes the results of our research around data center transformation, and discusses the kind of metrics and visibility you will need to successfully migrate and manage applications in a true, high-performance Infrastructure Anywhere environment.
Development environments are a necessary part of every developer's workflow. They can also be a great source of friction. What may begin as simply running python my_app.py eventually bloats as you add more apps, more databases, more testing frameworks, and more developers. We'll talk about the evolution of a typical development environment, how it lets us down, and how we try to make it better. We'll end with an introduction to Dusty, a new tool which uses Docker containers to take our development environments to the next level.
Originally presented at PyGotham 2015.
Migrating to the Cloud: Lessons Learned from Federal AgenciesVMware
Four years have passed since the release of the White House's Cloud First strategy, aimed at encouraging agencies to implement cloud services. To better understand the lessons learned from federal cloud adoption efforts and to determine how agencies can more effectively utilize cloud going forward, Government Business Council (GBC), Carpathia and VMware undertook an in-depth research study. Download this infographic and receive the valuable insight uncovered in the study around challenges, benefits and hear what federal leaders are saying about their adoption so far.
F E B R U A R Y 8 , 2 0 1 1Vivek Kundra U.S. Chief Inf.docxmydrynan
F E B R U A R Y 8 , 2 0 1 1
Vivek Kundra
U.S. Chief Information Officer
F E D E R A L C L O U D
C O M P U T I N G S T R AT E G Y
i★ ★
TABLE OF CONTENTS
Executive Summary 1
I Unleashing the Power of Cloud 5
1 Defining cloud computing 5
2 Cloud is a fundamental shift in IT 6
3 Cloud computing can significantly improve public sector IT 6
II Decision Framework for Cloud Migration 11
1 Selecting services to move to the cloud 11
2 Provisioning cloud services effectively 15
3 Managing services rather than assets 16
III Case Examples to Illustrate Framework 19
1 Tailoring solution to protect security and maximize value 19
2 Provisioning to ensure competitiveness and capture value 20
3 Re-defining IT from an asset to a service 22
IV Catalyzing Cloud Adoption 25
1 Leveraging cloud computing accelerators 25
2 Ensuring a secure, trustworthy environment 26
3 Streamlining procurement processes 28
4 Establishing cloud computing standards 29
5 Recognizing the international dimensions of cloud computing 30
6 Laying a solid governance foundation 31
V Conclusion 33
Appendix 1: Potential Spending o ...
Cloud computing is receiving an increasing level of attention, as evidenced by the rapidly growing number of qualitative surveys and analysis that has been published over the past few years.
Cloud computing is a paradigm shift organizations use the computing resources to conduct their business. Cloud computing is a new general purpose Internet-based technology through which information is stored in servers and provided as a service and on-demand to clients. The computing resources are accessed by mainstream businesses as a pooled or leased resource over networks. Hence traditional IT investment decisions models are not directly suitable to perform the cost-benefit and investment decisions for cloud computing resources.
This paper presents research on the return-on-investment and pricing models and seeks to build a model for quantitative assessment of cloud computing.
The results of this analysis model are intended to facilitate a more informed decision making for cloud computing resources.
Introduction to Cloud Computing and Cloud InfrastructureSANTHOSHKUMARKL1
Introduction, Cloud Infrastructure: Cloud computing, Cloud computing delivery models and services, Ethical issues, Cloud vulnerabilities, Cloud computing at Amazon, Cloud computing the Google perspective, Microsoft Windows Azure and online services, Open-source software platforms for private clouds.
The Cloud Computing model is replacing the traditional IT model for many organizations that have not been able to keep up with the tremendous rate at which technology is changing, the challenges of disparate IT systems inherited through acquisitions and mergers, and decreasing internal resources available for IT commitment.
Cloud Computing models range from public cloud services that bill companies for access to IT infrastructure; the private cloud provider that hosts resources for the sole use of its own organization; dedicated external hosting to non-shared resources; and hybrid hosting, a mixed solution of cloud computing and dedicated hosting.
Schneider Electric consulting experts use their Cloud Assessment Checklist to help potential clients identify the computer services needs that best meet their IT challenges. It is not uncommon to find that an organization would optimize operation with a hybrid hosting solution in which a secure, single-tenant database would be stored with a dedicated host and the front-end would be hosted in the public cloud. Similarly, cloud bursting functionality enables the organization to automatically deploy new applications within the public cloud as needed. Such hybrid hosting models allow scaling capability to accommodate an increase in the number of users in the organization and meet peak traffic demand.
Careful examination of business and security characteristics can determine the proper cloud and hosting model that meets the needs of any particular enterprise and, as a result, help increase the organization’s IT capabilities and productivity while adding value to the business.
Unraveling the Mysteries of Cloud Computing: A Comprehensive Guidegreendigital
Introduction
In the fast-paced digital era, businesses. and individuals rely on innovative technologies to streamline processes and enhance collaboration. and achieve unprecedented levels of efficiency. Cloud computing is at the forefront of this technological revolution. A paradigm shift that has reshaped how we store, process, and access data. This comprehensive guide aims to demystify cloud computing. exploring its key concepts, benefits, challenges, and future trends.
Follow us on: Pinterest
1. What is Cloud Computing?
In the digital age, where information is the realm's currency. cloud computing has emerged as a transformative force. revolutionizing how businesses and individuals manage and process data. At its core, cloud computing refers to delivering computing services—from storage. and processing power to applications—over the internet. This article delves into the intricacies of cloud computing, exploring its historical evolution. key characteristics, and pervasive impact on various industries.
A. Historical Evolution
From the early mainframes to the development of virtualization technologies. each step in the evolution laid the groundwork for the cloud infrastructure we know today.
B. Key Characteristics
Understanding the fundamental characteristics of cloud computing is crucial for anyone looking to harness its power. Scalability, on-demand service, and resource pooling are key features. that set cloud computing apart from traditional computing models.
2. Essential Concepts of Cloud Computing
Service Models
A. Infrastructure as a Service (IaaS)
IaaS provides virtualized computing resources over the internet. Learn how businesses can leverage IaaS to drop the need for physical Infrastructure. and scale their operations.
B. Platform as a Service (PaaS)
PaaS takes the abstraction a step further. offering a comprehensive application development and deployment platform. Explore how PaaS accelerates the development lifecycle and promotes collaboration among development teams.
C. Software as a Service (SaaS)
Discover the advantages and potential drawbacks of SaaS for businesses and end-users alike.
Deployment Models
A. Public Cloud
Examine the benefits and challenges of this adopted deployment model.
B. Private Cloud
Private clouds, dedicated to a single organization, offer enhanced control and security. Explore the use cases and considerations for implementing a private cloud infrastructure.
C. Hybrid Cloud
Hybrid clouds combine the best of both worlds. blending public and private cloud services. Understand the strategic advantages of a hybrid approach. and how organizations can navigate the complexities of managing a hybrid environment.
3. C
A. Cost Efficiency
One of the primary drivers behind the widespread adoption of cloud computing is its potential for cost savings. Dive into the economic benefits of paying for only the resources you use. and how this flexibility translates into financial advantages for businesse
Cloud computing is undergoing a renaissance, as businesses embrace its power to drive innovation and transformation. Cloud-powered artistry is emerging, with businesses using cloud computing to create new and innovative products and services, improve their operations, and engage with their customers in new ways.
Assignment4The Federal Cloud Computing Strategy (Cloud F.docxssuser562afc1
Assignment4
The Federal Cloud Computing Strategy (Cloud First Policy) lists nine (9) benefits of cloud computing.
The CIO Council’s 2010 document titled State of Public Sector Cloud Computing contains 30 illustrative case studies that are part of a movement to leverage cloud computing across the public sector.
You can find both documents in the Content for Week 7.
Complete the following:
1. Review the nine (9) benefits from the Cloud First Policy.
2. Review the 30 case studies from the State of Public Sector Cloud Computing document.
3. Cut/paste the below matrix into your paper.
4. Fill in the matrix by matching at least ten (10) case study examples with benefits (see example). Each case study will have more than one benefit.
5. Select one of the case study examples from your list of ten (10) and explain why you chose each of the respective benefits.
Case Study Title
Benefits
DoD US Army AEC (Example)
Assets will be Better Utilized, Efficiency Improvements will Shift Resources Toward Higher-Value Activities (Example)
1
2
3
4
5
6
7
8
9
10
Deliverable:
Your response should be a 3 page paper, including the cut/pasted matrix, double-spaced, 12-pitch, New Times Roman. You should also have a cover page and reference page in addition to the 2 – 3 page paper. In addition to your matrix, your paper should include an introduction, conclusion, and benefit explanations. Make sure to use appropriate sources.
State of Public Sector Cloud Computing
May 20, 2010
Vivek Kundra
Federal Chief Information Officer
1
TABLE OF CONTENTS
Executive Summary ..................................................................................................................2
Federal Government Approach .................................................................................................3
Definition of Cloud Computing ..............................................................................................3
Data Center Consolidation ....................................................................................................6
Standards Development .........................................................................................................6
Federal Budget Planning .......................................................................................................9
Illustrative Case Studies .........................................................................................................10
Federal Cloud Computing Case Studies .................................................................................11
Department of Defense ........................................................................................................12
Department of Energy .........................................................................................................14
Department of Health and Human Services ............................................................... ...
State of Public Sector Cloud Computing
May 20, 2010
Vivek Kundra
Federal Chief Information Officer
1
TABLE OF CONTENTS
Executive Summary ..................................................................................................................2
Federal Government Approach .................................................................................................3
Definition of Cloud Computing ..............................................................................................3
Data Center Consolidation ....................................................................................................6
Standards Development .........................................................................................................6
Federal Budget Planning .......................................................................................................9
Illustrative Case Studies .........................................................................................................10
Federal Cloud Computing Case Studies .................................................................................11
Department of Defense ........................................................................................................12
Department of Energy .........................................................................................................14
Department of Health and Human Services .......................................................................15
Department of the Interior ..................................................................................................16
General Services Administration ........................................................................................16
National Aeronautics and Space Administration................................................................17
Social Security Administration ............................................................................................20
Federal Labor Relations Authority ......................................................................................20
Recovery Accountability and Transparency Board .............................................................21
Securities and Exchange Commission .................................................................................21
State and Local Cloud Computing Case Studies ....................................................................23
State of New Jersey .............................................................................................................24
State of New Mexico .............................................................................................................25
Commonwealth of Virginia ..................................................................................................26
State of Wisconsin ...........................................................
An Efficient MDC based Set Partitioned Embedded Block Image CodingDr. Amarjeet Singh
In this paper, fast, efficient, simple and widely used
Set Partitioned Embedded bloCK based coding is done on
Multiple Descriptions of transformed image. The maximum
potential of this type of coding can be exploited with discrete
wavelet transform (DWT) of images. Two correlated
descriptions are generated from a wavelet transformed image
to ensure meaningful transmission of the image over noise
prone wireless channels. These correlated descriptions are
encoded by set partitioning technique through SPECK coders
and transmitted over wireless channels. Quality of
reconstructed image at the decoder side depends upon the
number of descriptions received. More the number of
descriptions received at output side, more enhance the quality
of reconstructed image. However, if any of the multiple
description is lost, the receive can estimate it exploiting the
correlation between the descriptions. The simulations
performed on an image on MATLAB gives decent
performance and results even after half of the descriptions is
lost in transmission.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
5. EXECUTIVE SUMMARY
The Federal Government’s current Information Technology (IT) environment is characterized by low
asset utilization, a fragmented demand for resources, duplicative systems, environments which are dif-
cult to manage, and long procurement lead times. These ine ciencies negatively impact the Federal
Government’s ability to serve the American public.
Cloud computing has the potential to play a major part in addressing these ine ciencies and improving
government service delivery. The cloud computing model can signi cantly help agencies grappling with
the need to provide highly reliable, innovative services quickly despite resource constraints.
Commercial service providers are expanding their available cloud o erings to include the entire tradi-
tional IT stack of hardware and software infrastructure, middleware platforms, application system com-
ponents, software services, and turnkey applications. The private sector has taken advantage of these
technologies to improve resource utilization, increase service responsiveness, and accrue meaningful
bene ts in e ciency, agility, and innovation. Similarly, for the Federal Government, cloud computing
holds tremendous potential to deliver public value by increasing operational e ciency and responding
faster to constituent needs.
An estimated $20 billion of the Federal Government’s $80 billion in IT spending is a potential target for
migration to cloud computing solutions (Appendix 1).
Figure 1: Estimated portion of Federal IT spend able to move to the cloud
1. Based on agency estimates as reported to the O ce of Management and Budget (OMB).
1
6. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
To harness the bene ts of cloud computing, we have instituted a Cloud First policy. This policy is intended
to accelerate the pace at which the government will realize the value of cloud computing by requiring
agencies to evaluate safe, secure cloud computing options before making any new investments.
By leveraging shared infrastructure and economies of scale, cloud computing presents a compelling
business model for Federal leadership. Organizations will be able to measure and pay for only the IT
resources they consume, increase or decrease their usage to match requirements and budget con-
straints, and leverage the shared underlying capacity of IT resources via a network. Resources needed
to support mission critical capabilities can be provisioned more rapidly and with minimal overhead and
routine provider interaction.
Cloud computing can be implemented using a variety of deployment models – private, community,
public, or a hybrid combination.
Cloud computing o ers the government an opportunity to be more e cient, agile, and innovative
through more e ective use of IT investments, and by applying innovations developed in the private
sector. If an agency wants to launch a new innovative program, it can quickly do so by leveraging cloud
infrastructure without having to acquire signi cant hardware, lowering both time and cost barriers to
deployment.
This Federal Cloud Computing Strategy is designed to:
Articulate the bene ts, considerations, and trade-o s of cloud computing
Provide a decision framework and case examples to support agencies in migrating towards
cloud computing
Highlight cloud computing implementation resources
Identify Federal Government activities and roles and responsibilities for catalyzing cloud
adoption
Following the publication of this strategy, each agency will re-evaluate its technology sourcing strategy
to include consideration and application of cloud computing solutions as part of the budget process.
Consistent with the Cloud First policy, agencies will modify their IT portfolios to fully take advantage
of the bene ts of cloud computing in order to maximize capacity utilization, improve IT exibility and
responsiveness, and minimize cost.
2
7. E X E C U T I V E S U M M A RY
Figure 2: Cloud bene ts: E ciency, Agility, Innovation
EFFICIENCY
Cloud Bene ts Current Environment
Improved asset utilization (server utilization > Low asset utilization (server utilization < 30%
60-70%) typical)
Aggregated demand and accelerated system con- Fragmented demand and duplicative systems
solidation (e.g., Federal Data Center Consolidation
Di cult-to-manage systems
Initiative)
Improved productivity in application develop-
ment, application management, network, and
end-user
AGILITY
Cloud Bene ts Current Environment
Purchase “as-a-service” from trusted cloud Years required to build data centers for new
providers services
Near-instantaneous increases and reductions in Months required to increase capacity of existing
capacity services
More responsive to urgent agency needs
INNOVATION
Cloud Bene ts Current Environment
Shift focus from asset ownership to service Burdened by asset management
management
De-coupled from private sector innovation
Tap into private sector innovation engines
Encourages entrepreneurial culture Risk-adverse culture
Better linked to emerging technologies (e.g.,
devices)
3
8.
9. I. UNLEASHING THE
POWER OF CLOUD
Cloud computing describes a broad movement to treat IT services as a commodity with the ability to
dynamically increase or decrease capacity to match usage needs. By leveraging shared infrastructure
and economies of scale, cloud computing presents Federal leadership with a compelling business
model. It allows users to control the computing services they access, while sharing the investment in
the underlying IT resources among consumers. When the computing resources are provided by another
organization over a wide-area network, cloud computing is similar to an electric power utility. The pro-
viders bene t from economies of scale, which in turn enables them to lower individual usage costs and
centralize infrastructure costs. Users pay for what they consume, can increase or decrease their usage,
and leverage the shared underlying resources. With a cloud computing approach, a cloud customer can
spend less time managing complex IT resources and more time investing in core mission work.
1. De ning cloud computing
Cloud computing is de ned by the National Institute of Standards and Technology (NIST) as “a model for
enabling convenient, on-demand network access to a shared pool of con gurable computing resources
(e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released
with minimal management e ort or service provider interaction.” NIST has identi ed ve essential
characteristics of cloud computing: on-demand service, broad network access, resource pooling, rapid
elasticity, and measured service.
Cloud computing is defined to have several deployment models, each of which provides distinct
trade-o s for agencies which are migrating applications to a cloud environment. NIST de nes the cloud
deployment models as follows:
Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed
by the organization or a third party and may exist on premise or o premise.
Community cloud. The cloud infrastructure is shared by several organizations and supports a
speci c community that has shared concerns (e.g., mission, security requirements, policy, and
compliance considerations). It may be managed by the organizations or a third party and may
exist on premise or o premise.
Public cloud. The cloud infrastructure is made available to the general public or a large industry
group and is owned by an organization selling cloud services.
Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, com-
munity, or public) that remain unique entities but are bound together by standardized or
proprietary technology that enables data and application portability (e.g., cloud bursting for
load-balancing between clouds).
2. http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc
3. http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc
4. http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc
5
10. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Cloud computing can also categorized into service models. These are de ned by NIST to be:
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the pro-
vider’s applications running on a cloud infrastructure. The applications are accessible from
various client devices through a thin client interface such as a web browser (e.g., web-based
email). The consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, storage, or even individual application capabilities, with
the possible exception of limited user-speci c application con guration settings.
Cloud Platform as a Service (PaaS). The capability provided to the consumer is the ability to
deploy onto the cloud infrastructure consumer-created or acquired applications created using
programming languages and tools supported by the provider. The consumer does not manage
or control the underlying cloud infrastructure including network, servers, operating systems,
or storage, but has control over the deployed applications and possibly application hosting
environment con gurations.
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision
processing, storage, networks, and other fundamental computing resources where the con-
sumer is able to deploy and run arbitrary software, which can include operating systems and
applications. The consumer does not manage or control the underlying cloud infrastructure
but has control over operating systems, storage, deployed applications, and possibly limited
control of select networking components (e.g., host rewalls).
2. Cloud is a fundamental shift in IT
Cloud computing enables IT systems to be scalable and elastic. End users do not need to determine
their exact computing resource requirements upfront. Instead, they provision computing resources as
required, on-demand. Using cloud computing services, a Federal agency does not need to own data
center infrastructure to launch a capability that serves millions of users.
3. Cloud computing can signi cantly improve public sector IT
A number of government agencies are adopting cloud technologies and are realizing considerable
bene ts. For instance, NASA Nebula, through a community cloud, gives researchers access to IT services
relatively inexpensively in minutes. Prior to adopting this approach, it would take researchers months
to procure and con gure comparable IT resources and signi cant
5. http://nebula.nasa.gov/services/
http://nebula.nasa.gov/blog/
6
11. I . U N LE A S H I N G T H E P OW E R O F C L O U D
management oversight to monitor and upgrade systems. Applying cloud technologies across the entire
Federal Government can yield tremendous bene ts in e ciency, agility, and innovation. These bene ts
are described below.
E ciency improvements will shift resources towards higher-value activities
In FY2010, approximately thirty cents of every dollar invested in Federal IT was spent on data center infra-
structure. Unfortunately, only a fraction of this investment delivers real, measurable impact for American
citizens. By using the cloud computing model for IT services, we will be able to reduce our data center
infrastructure expenditure by approximately 30% (which contributes to the estimated $20 billion of IT
spending that could be migrated to cloud computing solutions). Similar e ciency improvements will
be seen in software applications and end-user support. These savings can be used to increase capacity
or be reinvested in agency missions, including citizen-facing services and inventing and deploying new
innovations. Cloud computing can allow IT organizations to simplify, as they no longer have to maintain
complex, heterogeneous technology environments. Focus will shift from the technology itself to the
core competencies and mission of the agency.
Assets will be better utilized
Across the public and private sectors, data center infrastructure investments are not utilized to their
fullest potential. For example, according to a recent survey, many agencies are not fully utilizing their
available storage capacity and are utilizing less than 30% of their available server capacity. Low utiliza-
tion is not necessarily a consequence of poor management, but, instead, a result of the need to ensure
that there is reserve capacity to meet periodic or unexpected demand for key functions.
With cloud computing, IT infrastructure resources are pooled and shared across large numbers of
applications and organizations. Cloud computing can complement data center consolidation e orts
by shifting workloads and applications to infrastructures owned and operated by third parties. Capacity
can be provisioned to address the peak demand across a group of applications, rather than for a single
application. When demand is aggregated in this fashion and properly managed, the peaks and troughs
of demand smooth out, providing a more consistent and manageable demand pro le.
As utilization is improved, more value is derived from the existing assets, reducing the need to continu-
ously increase capacity. Fewer machines mean less spending on hardware, software, and operations
maintenance, real estate, and power consumption.
Demand aggregation will reduce duplication
The shift to cloud computing can help to mitigate the fragmented data, application, and infrastructure
silo issues associated with federated organizational and funding models by focusing on IT services as
a utility. IT services become candidates for more cost e ective procurement and management, similar
to the model currently used for buildings and utility services.
6. President’s FY2011 Budget
7. Gartner IT Key Metrics Data 2009, Bloomberg, McKinsey analysis
8. Agency Data Center Consolidation Plans submitted to OMB, August 2010
7
12. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Cloud computing has the potential to provide a more interoperable and portable environment for data
and systems. With the appropriate standards, over time, organizations may be able to move to common
services and platforms.
Data center consolidation can be accelerated
In February 2010, we launched the Federal Data Center Consolidation Initiative (FDCCI) to con-
solidate the Federal Government’s fragmented data center environment. Through the FDCCI,
agencies have formulated detailed consolidation plans and technical roadmaps to eliminate a
minimum of 800 data centers by 2015.
Cloud computing can accelerate data center consolidation e orts by reducing the number of applica-
tions hosted within government-owned data centers. For those that continue to be owned and operated
directly by Federal agencies (e.g., by implementing private IaaS clouds), environments will be more
interoperable and portable, which will decrease data center consolidation and integration costs because
it reduces unnecessary heterogeneity and complexity in the IT environment.
IT will be simpler and more productive
Cloud computing also provides an indirect productivity bene t to all services in the IT stack. For example,
less e ort will be required to stand up and develop software testing environments, enabling application
development teams to integrate and test frequently in production-representative environments at a
fraction of the cost of providing this infrastructure separately.
Agility improvements will make services more responsive
The impact of cloud computing will be far more than economic. Cloud computing will also allow agen-
cies to improve services and respond to changing needs and regulations much more quickly.
With traditional infrastructure, IT service reliability is strongly dependent upon an organization’s ability
to predict service demand, which is not always possible. For example, the IT system used in the Car
Allowance and Rebate System (CARS, more commonly known as “Cash-For-Clunkers”) had numerous
failures because the load was considerably higher than what its system could handle. The sponsor for
“Cash-for-Clunkers,” the National Highway Tra c Safety Administration (NHTSA) anticipated a demand
of 250,000 transactions over a four month period, but within just 90 days, the system processed approxi-
mately 690,000 CARS transactions. Within three days of the rst dealer registrations, the system was
overwhelmed, leading to numerous outages and service disruptions. The $1 billion appropriated for the
program was nearly exhausted within one week and an additional $2 billion dollars was appropriated
to triple the potential number of transactions just nine days after the program began. NHTSA deployed
a customized commercial application hosted in a traditional data center environment, but the CARS
system presented a very good example of an unpredictable service demand and a short development
window that could have been more e ciently handled using a cloud computing approach. Cloud
computing will allow agencies to rapidly scale up to meet unpredictable demand thus minimizing
9. OMB, 25-point implementation plan to reform Federal information technology management, December 9, 2010,
http://www.cio.gov/documents/25-Point-Implementation-Plan-to-Reform-Federal%20IT.pdf
8
13. I . U N LE A S H I N G T H E P OW E R O F C L O U D
similar disruptions. Notably, cloud computing also provides an important option for agencies in meeting
short-term computing needs such as the one above; agencies need not invest in infrastructure in cases
where service is needed for a limited period of time.
Services will be more scalable
With a larger pool of resources to draw from, individual cloud services are unlikely to encounter capac-
ity constraints. As a result, government services such as “Cash-for-Clunkers” would be able to more
rapidly increase capacity and avoid service outages. Given appropriate service level agreements and
governance to ensure overall capacity is met, cloud computing will make the government’s IT invest-
ments less sensitive to the uncertainty in demand forecasts for individual programs, which frequently
emerge rapidly in response to national program needs which cannot be foreseen in the early stages of
the Federal budget cycle.
Innovation improvements will rapidly enhance service e ectiveness
Cloud computing will not only make our IT services more e cient and agile, it will also serve as an
enabler for innovation. Cloud computing allows the Federal Government to use its IT investments in a
more innovative way and to more easily adopt innovations from the private sector. Cloud computing
will also help our IT services take advantage of leading-edge technologies including devices such as
tablet computers and smart phones.
IT innovation has transformed how the private sector operates and revolutionized the e ciency, con-
venience, and e ectiveness with which it serves its customers. In our everyday lives, we can track the
status of a shipment; order a pizza or a pair of shoes; make travel, hotel, and restaurant reservations;
and collaborate with friends and colleagues – all online, anytime, and anywhere. Yet, when it comes to
dealing with the Federal Government, we too often need to stand in line, hold on the phone, or mail in
a paper form. For many reasons such as policy and other constraints, the Federal Government has not
innovated as quickly as the private sector and has consequently missed out on many of the bene ts
o ered through IT.
Encourage entrepreneurial culture by reducing risk
Cloud-based projects can be conceived, developed, and tested with smaller initial investments than
traditional IT investments. Rather than laboriously building data center capacity to support a new
development environment, capacity can be provisioned in small increments through cloud comput-
ing technologies. After the small initial investment is made, the project can be evaluated for additional
investment or cancellation. Projects that show promise can gain valuable insights through the evalua-
tion process. Less promising projects can be cancelled with minimal losses. This “start small” approach
collectively reduces the risk associated with new application development. Reducing the minimum
required investment size will also provide a more experimental development environment in which
innovation can ourish.
9
14.
15. II. DECISION FRAMEWORK
FOR CLOUD MIGRATION
The broad scope and size of the cloud transformation will require a meaningful shift in how government
organizations think of IT. Organizations that previously thought of IT as an investment in locally owned
and operated applications, servers, and networks will now need to think of IT in terms of services, com-
moditized computing resources, agile capacity provisioning tools, and their enabling e ect for American
citizens. This new way of thinking will have a broad impact across the entire IT service lifecycle – from
capability inception through delivery and operations.
The following structured framework presents a strategic perspective for agencies in terms of thinking
about and planning for cloud migration.
Figure 3: Decision Framework for Cloud Migration
Select Provision Manage
Identify which IT services to ? Aggregate demand at Shift IT mindset from assets to
move and when Department level where to services
services
possible
– Identify sources of value Build new skill sets as
for cloud migrations: Ensure interoperability required
efficiency, agility, and integration with IT
innovation portfolio Actively monitor SLAs to
ensure compliance and
– Determine cloud Contract effectively to ensure continuous improvement
readiness: security, market agency needs are met
availability, government Re - evaluate vendor and
readiness, and technology Realize value by repurposing service models periodically to
lifecycle or decommissioning legacy maximize benefits and
assets and redeploying freed minimize risks
resources
Framework is flexible and can be adjusted to meet individual agency needsneeds
Framework is flexible and can be adjusted to meet individual age
age ncy needs
ncy
A broad set of principles and considerations for each of these three major migration steps is presented
below. Please refer to Section 3 for an illustration of how these considerations can be applied, using
Federal case study examples.
1. Selecting services to move to the cloud
Successful organizations carefully consider their broad IT portfolios and create roadmaps for cloud
deployment and migration. These roadmaps prioritize services that have high expected value and
high readiness to maximize bene ts received and minimize delivery risk. De ning exactly which cloud
11
16. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
services an organization intends to provide or consume is a fundamental initiation phase activity in
developing an agency roadmap.
The chart shown below uses two dimensions to help plan cloud migrations: Value and Readiness. The
Value dimension captures cloud bene ts in the three areas discussed in Section 1 (i.e., e ciency, agil-
ity, and innovation). The Readiness dimension broadly captures the ability for the IT service to move
to the cloud in the near-term. Security, service and market characteristics, government readiness, and
lifecycle stage are key considerations. As shown below, services with relatively high value and readiness
are strong candidates to move to the cloud rst.
Figure 4: Selecting Services for Cloud Migration
The relative weight of the value and readiness dimensions can be adjusted to meet the individual needs
of agencies. Some agencies may stress innovation and security while others may stress e ciency and
government readiness. However, the logic and structure of the framework should be applicable for all
agencies.
Described below are a number of considerations for value and readiness that agencies may nd helpful
when completing this evaluation.
12
17. I I . D E C I S I O N F R A M EWO R K F O R C L O U D M I G R AT I O N
Identify sources of value
As described in Section 1, cloud computing provides three primary sources of business value: e ciency,
agility, and innovation. Listed below are a number of considerations for each value category.
Agencies should feel free to stress one or more of these sources of value according to their individual
needs and mission goals. For instance, some agencies may place a higher value on agility, while others
may stress cost savings brought about by greater computing e ciency.
E ciency: E ciency gains can come in many forms, including higher computer resource utilization due
to the employment of contemporary virtualization technologies, and tools that extend the reach of the
system administrator, lowering labor costs. E ciency improvements can often have a direct impact on
ongoing bottom line costs. Further, the nature of some costs will change from being capital investment
in hardware and infrastructure (CapEx) to a pay-as-you go (OpEx) model with the cloud, depending on
the cloud deployment model being used. Services that have relatively high per-user costs, have low
utilization rates, are expensive to maintain and upgrade, or are fragmented should receive a relatively
high priority for consideration.
Agility: Many cloud computing e orts support rapid automated provisioning of computing and storage
resources. In this way, cloud computing approaches put IT agility in the hands of users, and this can be
a qualitative bene t. Existing services that require long lead times to upgrade or increase / decrease
capacity should receive a relatively high priority for consideration, and so should new or urgently
needed services to compress delivery timelines as much as possible. Services that are easy to upgrade,
are not sensitive to demand uctuations, or are unlikely to need upgrades in the long-term can receive
a relatively low priority.
Innovation: Agencies can compare their current services to contemporary marketplace o erings, or
look at their customer satisfaction scores, overall usage trends, and functionality to identify the need for
potential improvements through innovation. Services that would most bene t from innovation should
receive a relatively high priority.
Determine cloud readiness
It is not su cient to consider only the potential value of moving to cloud services. Agencies should make
risk-based decisions which carefully consider the readiness of commercial or government providers
to ful ll their Federal needs. These can be wide-ranging, but likely will include: security requirements,
service and marketplace characteristics, application readiness, government readiness, and program’s
stage in the technology lifecycle. Similar to the value estimation, agencies should be free to stress one
or more of these readiness considerations according to their individual needs.
Security Requirements: Federal Government IT programs have a wide range of security requirements.
Federal Information Security Management Act (FISMA) requirements include but are not limited to:
compliance with Federal Information Processing Standards agency speci c policies; Authorization to
Operate requirements; and vulnerability and security event monitoring, logging, and reporting. It is
essential that the decision to apply a speci c cloud computing model to support mission capability
considers these requirements. Agencies have the responsibility to ensure that a safe, secure cloud solu-
tion is available to provide a prospective IT service, and should carefully consider agency security needs
across a number of dimensions, including but not limited to:
13
18. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Statutory compliance to laws, regulations, and agency requirements
Data characteristics to assess which fundamental protections an application’s data set requires
Privacy and con dentiality to protect against accidental and nefarious access to information
Integrity to ensure data is authorized, complete, and accurate
Data controls and access policies to determine where data can be stored and who can access
physical locations
Governance to ensure that cloud computing service providers are su ciently transparent, have
adequate security and management controls, and provide the information necessary for the
agency to appropriately and independently assess and monitor the e cacy of those controls
For additional discussion and considerations regarding trust and security in the context of cloud com-
puting, please refer to the online NIST cloud computing resources.
Service characteristics: Service characteristics can include service interoperability, availability, perfor-
mance, performance measurement approaches, reliability, scalability, portability, vendor reliability, and
architectural compatibility.
Storing information in the cloud will require a technical mechanism to achieve compliance with records
management laws, policies and regulations promulgated by both the National Archives and Records
Administration (NARA) and the General Services Administration (GSA). The cloud solution has to sup-
port relevant record safeguards and retrieval functions, even in the context of a provider termination.
Depending on the organizational missions supported by the cloud capability, Continuity of Operations
(COOP) can be a driving solution requirement. The purpose of a COOP capability is to ensure that
mission-essential functions continue to be available in times of crisis or against a spectrum of threats.
Threats can include a wide range of potential emergencies, including localized acts of nature, accidents,
and technological and/or attack-related emergencies.
The organization should consider scalability requirements concerning the ability of the cloud solution
architecture to either grow or shrink over time, with varying levels of processing, storage, or service
handling capability. They should also consider both the impact on their business processes if network
connectivity to their cloud provider fails, resulting in a loss of IT capability, and the possibility (likelihood)
of this occurrence.
Requirements concerning administrative support should be included as well, covering topics such as the
daily hours of prime support, problem escalation times, resolution of recurring problems, and trouble
ticket submission methods.
Market Characteristics: Agencies should consider the cloud market competitive landscape and matu-
rity, including both fully commercial and government-provided cloud services. Agencies can consider
whether cloud markets are su ciently competitive and are not dominated by a small number of players.
Agencies can consider whether there is a demonstrated capability to move services from one provider
10. http://csrc.nist.gov/groups/SNS/cloud-computing/
http://www.nist.gov/itl/cloud/index.cfm
14
19. I I . D E C I S I O N F R A M EWO R K F O R C L O U D M I G R AT I O N
to another, and whether there is a demonstrated capability to distribute services between two or more
providers in response to service quality and capacity. Agencies should consider the availability of techni-
cal standards for cloud interfaces which reduce the risk of vendor lock-in.
Network infrastructure, application and data readiness: Before migrating to the cloud agencies
must ensure that the network infrastructure can support the demand for higher bandwidth and that
there is su cient redundancy for mission critical applications. Agencies should update their continuity
of operations plans to re ect the increased importance of a high-bandwidth connection to the Internet
or service provider. Another key factor to assess when determining readiness for migration to the cloud
is the suitability of the existing legacy application and data to either migrate to the cloud (i.e., rehost
an application in a cloud environment) or be replaced by a cloud service (i.e., retire the legacy system
and replace with commercial SaaS equivalent). If the candidate application has clearly articulated and
understood interfaces and business rules, and has limited and simple coupling with other systems and
databases, it is a good candidate along this dimension. If the application has years of accumulated and
poorly documented business rules embedded in code, and a proliferation of subtle or poorly understood
interdependencies with other systems, the risks of “breakage” when the legacy application is migrated
or retired make this a less attractive choice for early cloud adoption.
Government readiness: In addition, agencies should consider whether or not the applicable orga-
nization is pragmatically ready to migrate their service to the cloud. Government services which have
capable and reliable managers, the ability to negotiate appropriate SLAs, related technical experience,
and supportive change management cultures should receive a relatively high priority. Government
services which do not possess these characteristics but are otherwise strong cloud candidates should
take steps to alleviate any identi ed concerns as a matter of priority.
Technology lifecycle: Agencies should also consider where technology services (and the underlying
computing assets) are in their lifecycle. Services that are nearing a technology refresh, approaching the
conclusion of their negotiated contract, or are dependent upon ine cient legacy software or hardware
should receive a relatively high priority. Technology services that were recently upgraded, locked within
contract, and are based on leading-edge technology may want to wait before migrating to the cloud.
2. Provisioning cloud services e ectively
To e ectively provision selected IT services, agencies will need to rethink their processes as provision-
ing services rather than simply contracting assets. Contracts that previously focused on metrics such
as number of servers and network bandwidth now should focus on the quality of service ful llment.
Organizations that are most successful in cloud service provisioning carefully think through a number
of factors, including:
Aggregate demand: When considering “commodity” and common IT services, agencies should pool
their purchasing power by aggregating demand to the greatest extent possible before migrating ser-
vices to the cloud. Where appropriate, demand should be aggregated at the departmental level and as
part of the government-wide shared services initiatives such as government-wide cloud-based email.
15
20. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Integrate services: Agencies should ensure that the provided IT services are e ectively integrated into
their wider application portfolio. In some cases, technical experts may be required to evaluate architec-
tural compatibility of the provided cloud service and other critical applications. Rather than a one-time
event, this principle should be followed over time to guarantee that systems remain interoperable as
individual IT services evolve within the portfolio. Business process change may similarly be required to
properly integrate the systems (e.g., adjusting call center processes).
Contract e ectively: Agencies should also ensure that their contracts with cloud service providers set
the service up for success. Agencies should minimize the risk of vendor lock-in, for instance, to ensure
portability and encourage competition among providers. Agencies should include explicit service level
agreements (SLAs) for security, continuity of operations, and service quality that meet their individual
needs. Agencies should include a contractual clause enabling third parties to assess security controls
of cloud providers. The SLA should specify the support steps that the consumer can take when the
service is failing to meet the terms speci ed in the agreement, and should include points-of-contact
and escalation procedures. It is important to be precise in the de nition of metrics and specify when and
where they will be collected. For example, performance is di erent when measured from the consumer
or provider due to the network delays. Metrics should measure characteristics under the control of the
vendor. Finally, the SLA should describe a mutual management process for the service levels, including
periodic reporting requirements and meetings for management assessments.
Realize value: Agencies should take steps during migration to ensure that they fully realize the expected
value. From an e ciency standpoint, legacy applications and servers should be shut down and decom-
missioned or repurposed. Data center real estate used to support these systems should be closed down
or used to support higher value-add activities. Where possible, sta supporting these systems should be
trained and re-deployed to higher-value activities. From an agility and innovation standpoint, processes
and capabilities may also need to be re ned in order to fully capture the value of the investment.
3. Managing services rather than assets
To be successful, agencies must manage cloud services di erently than traditional IT assets. As with
provisioning, cloud computing will require a new way of thinking to re ect a service-based focus rather
than an asset-based focus. Listed below are a few considerations for agencies to e ectively manage
their cloud services.
Shift mindset: Organizations need to re-orient the focus of all parties involved – providers, government
agencies, and end users – to think of services rather than assets. Organizations that successfully make
this transition will e ectively manage the system towards output metrics (e.g., SLAs) rather than input
metrics (e.g., number of servers).
Actively monitor: Agencies should actively track SLAs and hold vendors accountable for failures.
Agencies should stay ahead of emerging security threats and ensure that their security outlook is
constantly evolving faster than potential attacks. Agencies may also consider incorporating business
user feedback into evaluation processes. Finally, agencies should track usage rates to ensure charges
do not exceed funded amounts.
16
21. I I . D E C I S I O N F R A M EWO R K F O R C L O U D M I G R AT I O N
It can be advantageous for a consumer to “instrument” key points on the network to measure perfor-
mance of cloud service providers. For example, commercial tools can report back to a centralized data
store on service performance, and instrumentation agents can be placed with participating consumers
and at the entry point of the service provider on the network. By gathering data across providers on
the performance of pre-planned instrumented service calls throughout typical work periods, service
managers can better judge where performance bottlenecks arise. Agencies should include requirements
for service instrumentation where appropriate.
Re-evaluate periodically: Agencies should periodically re-evaluate the choice of service and vendor
to ensure that e ciency, agility, and innovation are maximized. Agencies should ensure portability and
hold competitive bids for cloud services at regular intervals. Agencies should also consider increasing
the scope of cloud-provided services as markets mature (e.g., moving from IaaS solutions to PaaS and
SaaS solutions). Opportunities to consolidate and standardize solutions between agencies should be
periodically evaluated as well, particularly for “commodity” services. To e ectively conduct re-evaluations,
agencies should maintain awareness of changes in the technology landscape, in particular, the readiness
of new cloud technologies, commercial innovation, and new cloud vendors.
17
22.
23. III. CASE EXAMPLES TO
ILLUSTRATE FRAMEWORK
Many Federal agencies have already taken their rst steps towards cloud computing. In each case,
the agency achieved considerable bene ts to e ciency, agility, or innovation in support of its unique
mission. The following case studies illustrate how these Federal agencies successfully migrated toward
cloud services consistent with the select / provision / manage framework outlined in Section 2.
1. Tailoring solution to protect security and maximize value
In 2008, the Army Experience Center (AEC) realized that it needed a new Customer Relationship
Management (CRM) system to track personal and electronic engagements with prospects and help
recruiting sta manage the recruitment process.
After considering several options including upgrading their 10-year-old legacy proprietary data system,
the Army chose a customized version of a commercially-available SaaS solution. This solution met their
unique security needs, ful lled all of their functionality requirements, and was delivered at a fraction of
the time and expense required to upgrade their legacy system.
The Army followed many of the key factors outlined in Section 2 when migrating toward their cloud
solution:
Selecting a cloud solution
The Army placed a very high priority on security when considering its CRM solution. Before choosing
a cloud solution, the AEC carefully weighed the sources of value and readiness of potential solutions.
E ciency: The AEC compared the cost of upgrading their existing system to con guring a new SaaS
solution. Initial bids to upgrade the existing system, ARISS, which relied on traditional infrastructure,
ranged from $500,000 to over $1 million. Initial pilots of the SaaS solution cost as little as $54,000, just
over 10% of the minimum cost of an ARISS system upgrade.
Agility: The AEC also considered the time required to deploy the system. Despite regular upgrades over
the years, it was infeasible to modify ARISS to meet the Army Experience Center’s requirements. The
SaaS solution could be provisioned in a fraction of the time required to upgrade the ARISS system. The
SaaS solution was also more scalable and would be far easier to upgrade over time.
Innovation: The SaaS solution integrated directly with e-mail and Facebook, allowing recruiters to
connect with participants more dynamically after they left the AEC. Army recruiters could also access
information from anywhere. These advancements would have been very costly and time-consuming
to achieve with ARISS system upgrades. In e ect, the SaaS solution allowed the AEC to take advantage
of the cloud vendor’s innovation engine without owning or managing heavy IT assets.
19
24. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Security: The AEC ensured the cloud solution would be su ciently secure. The SaaS solution was ex-
ible and could be con gured to securely manage access, sovereignty, and data retention requirements.
Market availability: The SaaS solution was able to meet all of the AEC’s requirements including the
ability to track AEC visitor and engagement data, compatibility with handheld devices, and real-time
integration with marketing and recruitment data.
Government readiness: The AEC ensured that it was both capable and ready to migrate their services
to the cloud. The AEC had experience implementing new technologies, had a culture that supported
experimentation and improvement, and possessed the skills and capacity to manage the transition well.
Technology lifecycle: The AEC also evaluated the lifecycle of its legacy solution. The legacy ARISS system
was more than 10 years old in 2008 and was not burdened by contract lock-down.
Provisioning IT services
During provisioning, the AEC took an approach which was distinctly di erent from the Army’s former
approach with ARISS. This approach re ected the service-based rather than asset-based nature of the
cloud service.
Integrate services: As the Army transferred its recruitment system to the cloud, it carefully engineered
its relationship with the vendor to ensure a successful migration.
Realize value: With the cloud-based solution, the AEC has been able to handle the workload of ve
traditional recruitment centers. The system has also resulted in dramatically reduced hardware costs and
IT sta costs. The Army has decommissioned, or re-purposed for other systems, all hardware related to
the legacy ARISS system. Its people have been spending more time on more rewarding and higher-value
activities, shifting time from ling reports to engaging with potential recruits.
2. Provisioning to ensure competitiveness and capture value
USDA recently launched a broad initiative to modernize and streamline USDA’s IT infrastructure. As part
of this initiative, USDA aimed to consolidate 21 fragmented e-mail systems and improve the productiv-
ity of its workers. Rather than continuing e orts to consolidate the fragmented environment internally,
the USDA chose a proven cloud-based email solution to accelerate consolidation and take advantage
of the latest communication and collaboration tools.
E ective provisioning was critical for the USDA to realize the value of cloud migration. Previously, the
USDA had focused on contracting for its 21 email systems. As a provisioner, the USDA needed to care-
fully aggregate demand, ensure integration with downstream applications, re ect its priorities in its
contracts, and retire legacy systems to capture value.
The USDA followed many of the key factors outlined in Section 2 when migrating toward their cloud
solution:
20
25. I I I . C A S E E XA M P LE S T O I LL U S T R AT E F R A M EWO R K
Selecting a cloud solution
The USDA carefully evaluated the sources of value and service readiness before choosing the cloud-
based solution:
E ciency: Financially, the motivation to move to cloud was compelling. Eliminating the 21 fragmented
e-mail systems would drastically reduce duplication, not only with software and hardware assets, but
also by reducing the number of system interfaces that need to be maintained on a regular basis. USDA
estimates that the cloud solution will save up to $6 million per year, to include ongoing costs for hard-
ware refreshment and software upgrades.
Agility: Consolidating and upgrading their fragmented traditional environment would have taken years
to complete. With the cloud solution, USDA was able to access the cloud provider’s existing capacity
to accommodate its 120,000 users. Migration would require months rather than years. Once complete,
the solution would be more scalable to the needs of USDA.
Innovation: The cloud solution allowed USDA to make the latest communication and collaboration
tools available to its workers including SharePoint, O ce Communications, and Live Meeting online
services. In addition, USDA was able to incorporate e-discovery and archive features.
Market availability: The functionality o ered by the cloud solution met the needs of USDA. The cloud
provider also had experience hosting very large email systems, including 300,000 users from a large
private sector client. Cloud-provided e-mail is a vibrant, competitive market with several capable market
incumbents.
Government readiness: Senior leadership was actively involved and highly motivated to improve
the e ciency and quality of the email services. The USDA CIO was personally involved in many of the
decisions. The broader transformation program also provided valuable delivery resources to execute
the migration.
Technology lifecycle: The 21 email systems were approaching the end of their usable lifecycle and
were not burdened by in exible contracts.
Provisioning IT services
USDA’s provisioning approach re ected a service-based mindset rather than an asset-based mindset.
Aggregate demand: USDA implemented their cloud email solution on an agency-wide level. This
approach maximized bene ts and addressed their primary, fundamental concern – fragmented email
systems. The approach also allowed USDA to take full advantage of the momentum created by the
broader transformation agenda.
Integrate services: An auxiliary contract was awarded to a systems integrator to ensure the e-mail
system was properly integrated with the various interfacing USDA systems. Seven hundred applications
reliant upon email were analyzed – only four had to be recoded to maintain operations.
Contract e ectively: USDA benchmarked their cloud provider against the industry to ensure competi-
tive market rates. USDA also embedded explicit SLAs into the contract, according to its mission needs.
21
26. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Realize value: Previously used IT assets are on track to be decommissioned and/or re-deployed as part
of the wider IT modernization strategy. Individuals formerly working on email have been reassigned
to higher-value projects and activities, with some continuing to coordinate service delivery of email.
Managing cloud services
USDA has revised its management approach to re ect a service-based rather than asset-based mindset.
Build new management skills: USDA built up its contract management and performance manage-
ment capabilities to support the new cloud environment. USDA also relied on a system integrator to
temporarily provide the skills and expertise to successfully complete the migration.
Active monitoring: USDA will continuously monitor the SLAs outlined in their cloud service contract.
This includes security issues such as domestic storage of data and performance metrics such as minimum
uptime, recovery speed, and bandwidth latency.
3. Re-de ning IT from an asset to a service
The Defense Information Systems Agency (DISA) provides global infrastructure services to support US
and coalition ghting forces. To better meet the needs of defense-related computing needs domestically
and in the eld, DISA decided to deploy its own Infrastructure-as-a-Service (IaaS) solution.
DISA’s Rapid Access Computing Environment (RACE) has rede ned defense infrastructure from an
asset management function to a service provisioning function. Since the inception of the cloud-based
solution, hundreds of military applications including command and control systems, convoy control
systems, and satellite programs have been developed and tested on RACE.
DISA followed many of the key factors outlined in Section 2 when implementing their cloud solution:
Selecting a cloud solution
DISA determined that a private IaaS solution would realize the desired improvements in e ciency,
agility, and innovation while maintaining strict security controls.
E ciency: RACE has been able to reach higher utilization levels through cloud technologies than
previously available via traditional infrastructure by aggregating demand and thus smoothing out peak
loads. These improvements in utilization divide the costs of provisioning and operating infrastructure
among a broader group of consumers.
Agility: Using traditional infrastructure, provisioning a dedicated server environment required 3 to 6
weeks. With RACE, the time required to provision functional service space for users is now 24 hours.
Security: RACE has built-in application separation controls so that all applications, databases, and
web servers are separate from each other. DISA also has a strict cleansing process, to be used when an
application needs to be removed from the RACE platform.
22
27. I I I . C A S E E XA M P LE S T O I LL U S T R AT E F R A M EWO R K
Managing cloud services
As DoD organizations obtain infrastructure through RACE, they are able to shift focus toward software
design while interfacing with RACE sta through SLAs.
Shift mindset: RACE has actively encouraged a service-based mindset from its users. DISA created a
self-service portal through which users can provision services in 50GB increments through a government
credit card. Project and software designers have increasingly used RACE to meet their infrastructure
needs rather than relying on custom infrastructure con gurations.
Build new management skills: DISA built new capabilities to support their operations. On the supply
side, a single operational manager is ultimately responsible for meeting cost and performance metrics.
A new demand manager has also been added to solicit, prioritize, and coordinate user needs for service
improvements.
Actively monitor: DISA monitors and continuously improves a number of SLAs focused on service
quality. Performance dashboards include average and maximum wait times for provisioning services
in the eld.
Re-evaluate periodically: Less than one year after launching the IaaS service, DISA announced that it
would provide private SaaS services, such as the RightNow installation for the Air Force.
23
28.
29. IV. CATALYZING CLOUD ADOPTION
As agencies develop plans to migrate services to cloud computing options, there are a number of
activities that Federal Government leadership can take to facilitate adoption and mitigate risk. Cloud
computing “accelerators,” described below, can help improve the pace of evaluating candidate ser-
vices and acquisitions. Government-wide Certi cation and Accreditation (C&A) and security e orts
at the Department of Homeland Security (DHS) and NIST can help agencies e ciently acquire cloud
computing capabilities and mitigate threats. Procurement e orts can be streamlined through the use
of government-wide procurement vehicles and storefronts such as those found at Apps.gov. Further,
NIST is driving a standards e ort that is focused on requirements to ensure security, interoperability,
and portability among cloud service providers.
1. Leveraging cloud computing accelerators
Cloud computing accelerators are resources available to agencies to expedite the process of evaluating
cloud candidates, acquiring the cloud capability, and mitigating risk.
Cloud computing business case templates and examples
The Federal CIO Council has developed cloud computing business cases and will continue to build this
library to support agencies in their cloud computing decisions.
Agencies should seek out business cases of similar scope or purpose to speed up the development of
their own cloud computing business cases (e.g., decision criteria for moving cloud email, cloud CRM,
cloud storage).
Government cloud computing community and resources
Agencies should participate in government cloud computing working groups at NIST and GSA on topics
such as standards, reference architecture, taxonomy, security, privacy and business use cases. Agencies
can also leverage portals, such as NIST’s Collaboration site, which provides access to useful information
for cloud adopters. More cloud computing resources are included in Appendix 2.
Despite the resources discussed above, agencies may face a number of issues that can impede their
ability to fully realize the bene ts from a cloud computing approach. As in the case of all technology
advancement, these challenges will change over time, as the cloud computing marketplace evolves. In
the near-term, organizations within the Federal Government, including OMB, NIST, GSA, and DHS, have
developed and continue to develop practical guidance on issues related to security, procurement, and
standards and are establishing the governance foundation required to support delivery.
11. Adopted from Raines and Pizette, A Decision Process for Applying Cloud Computing in Federal Environments, 2010
12. http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/WebHome,
http://www.info.apps.gov/node/2
13. http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/WebHome
25
30. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
2. Ensuring a secure, trustworthy environment
As the Federal Government moves to the cloud, it must be vigilant to ensure the security and proper
management of government information to protect the privacy of citizens and national security.
The transition to outsourced, cloud computing environment is in many ways an exercise in risk manage-
ment. Risk management entails identifying and assessing risk, and taking the steps to reduce it to an
acceptable level. Throughout the system lifecycle, risks that are identi ed must be carefully balanced
against the security and privacy controls available and the expected bene ts. Too many controls can
be ine cient and ine ective. Federal agencies and organizations should work to ensure an appropriate
balance between the number and strength of controls and the risks associated with cloud computing
solutions.
The Federal Government will create a transparent security environment between cloud providers and
cloud consumers. The environment will move us to a level where the Federal Government’s under-
standing and ability to assess its security posture will be superior to what is provided within agencies
today. The rst step in this process was the 2010 Federal Risk and Authorization Management Program
(FedRAMP). FedRAMP de ned requirements for cloud computing security controls, including vulner-
ability scanning, and incident monitoring, logging and reporting. Implementing these controls will
improve con dence and encourage trust in the cloud computing environment.
To strengthen security from an operational perspective, DHS will prioritize a list of top security threats
every 6 months or as needed, and work with a government-wide team of security experts to ensure that
proper security controls and measures are implemented to mitigate these threats.
NIST will issue technical security guidance, such as that focused on continuous monitoring for cloud
computing solutions, consistent with the six step Risk Management Framework (Special Publication
800-37, Revision 1).
14. http://www.fedramp.gov
15. Ref. National Institute of Standards and Technology (NIST) statutory responsibilities for developing standards
and guidelines, Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347
16. http://www.nist.gov/itl/csd/guide_030210.cfm
26
31. I V. C ATA LY Z I N G C L O U D A D O P T I O N
Figure 5: NIST Risk Management Framework
Agencies assessing risk in the context of cloud computing should consider both the potential security
bene ts and potential vulnerabilities.
Potential security bene ts of using cloud computing services include:
the ability to focus resources on areas of high concern as more general security services are
assumed by the cloud provider
potential platform strength resulting from greater uniformity and homogeneity, and result-
ing improved information assurance, security response, system management, reliability, and
maintainability
improved resource availability through scalability, redundancy and disaster recovery capabili-
ties; improved resilience to unanticipated service demands
improved backup and recovery capabilities, policies, procedures and consistency
ability to leverage alternate cloud services to improve the overall security posture, including
that of traditional data centers
27
32. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Agencies should also weigh the additional potential vulnerabilities associated with various cloud
computing service and deployment models, such as:
the inherent system complexity of a cloud computing environment, and the dependency on
the correctness of these components and the interactions among them
the dependency on the service provider to maintain logical separation in a multi-tenant
environment (n.b., not unique to the cloud computing model)
the need to ensure that the organization retains an appropriate level of control to obtain
situational awareness, weigh alternatives, set priorities, and e ect changes in security and
privacy that are in the best interest of the organization
Key security considerations include the need to:
carefully de ne security and privacy requirements during the initial planning stage at the
start of the systems development life cycle
determine the extent to which negotiated service agreements are required to satisfy
security requirements; and the alternatives of using negotiated service agreements or cloud
computing deployment models which o er greater oversight and control over security and
privacy
assess the extent to which the server and client-side computing environment meets
organizational security and privacy requirements
continue to maintain security management practices, controls, and accountability over the
privacy and security of data and applications
In the short and long-term, these actions will continue to improve our con dence in the use of cloud
services by helping to mitigate security risks.
3. Streamlining procurement processes
Currently, the government often purchases commodities in a fragmented non-aggregated fashion,
operating more like a federation of small businesses than an $80 billion enterprise. To improve readiness
for cloud computing, the Federal Government will facilitate an “approve once and use often” approach
to streamline the approval process for cloud service providers. For instance, a government-wide risk and
authorization program for IaaS solutions will allow agencies to rely on existing authorizations so only
additional, agency-speci c requirements will need to be authorized separately. The GSA’s IaaS contract
award is an example of this “approve once and use often” approach. It o ers 12 approved cloud vendors
to provide agencies with cloud storage, virtual machines, and web hosting services. Approaches such
as this will eliminate unnecessary cost and delivery delays associated with duplication of e ort.
As the number of government cloud providers increases, GSA will provide comparison tools to transpar-
ently compare cloud providers side-by-side. These tools will allow agencies to quickly and e ectively
select the best o ering for their unique needs. Examples include Apps.gov, which provides a centralized
storefront where agencies can easily browse and compare cloud SaaS and IaaS o erings from previous
28
33. I V. C ATA LY Z I N G C L O U D A D O P T I O N
Multiple Award Schedule (MAS) 70 contract holders. Tools such as these will reduce the burden on agen-
cies to conduct their own RFP processes and will concentrate investments in the highest-performing
cloud providers.
Furthermore, GSA will establish contract vehicles for government-wide commodity services (e.g., email).
These contract vehicles will reduce the burden on agencies for the most common IT services. GSA will
also create working groups to support commodity service migration. These working groups will develop
technical requirements for shared services to reduce the analytical burden on individual government
agencies. For example, the SaaS E-mail working group established in June 2010 is synthesizing require-
ments for government-wide e-mail services. Working groups will also create business case templates
for agencies that are considering transitioning to cloud technologies.
Federal Government contracts will also provide riders for state and local governments. These riders will
allow all of these governments to realize the same procurement advantages of the Federal Government.
Increasing membership in cloud services will further drive innovation and cost e ciency by increasing
market size and creating larger e ciencies-of-scale.
4. Establishing cloud computing standards
Standards will be critical for the successful adoption and delivery of cloud computing, both within the
public sector and more broadly. Standards encourage competition by making applications portable
across providers, allowing Federal agencies to shift services between providers to take advantage of cost
e ciency improvements or innovative new product functionality. Standards are also critical to ensure
clouds have an interoperable platform so that services provided by di erent providers can work together,
regardless of whether they are provided using public, private, community, or a hybrid delivery model.
NIST will play a central role in de ning standards, and collaborating with Agency CIOs, private sector
experts, and international bodies to identify, prioritize, and reach consensus on standardization priori-
ties. In 2010, NIST conducted engagement workshops to identify and prioritize needs. Going forward,
NIST will generate, assess, and revise a cloud computing roadmap on a periodic basis. This roadmap will
iteratively de ne and track the agreed-upon cloud computing priorities in order to coordinate cloud
e orts across stakeholders.
NIST will maintain a leadership role in prioritizing, developing, evolving and re ning standards over
time as the collective requirements for standards evolve in response to operationally driven innovation
and technology evolution. NIST has already helped to establish broadly adopted de nitions for the four
commonly recognized cloud deployment models (i.e., private, public, hybrid, and community) and three
service models (i.e., Infrastructure as a Service, Platform as a Service, and Software as a Service), as dis-
cussed in Section 1. However, these de nitions need to be expanded to more comprehensively de ne a
reference architecture and taxonomy to provide a common frame of reference for communication. NIST
is currently working with industry and other cloud computing stakeholders to de ne a neutral reference
architecture that is not tied to a speci c set of vendor solutions or products or constrained in such a
17. Ref. National Institute of Standards and Technology (NIST) is directed to bring together Federal agencies, as
well as State and local governments, to achieve greater reliance on voluntary standards and decreased dependence on
in-house standards., National Technology Transfer and Advancement Act (NTTAA) 1995, Public Law 104 -113
29
34. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
way that it will inhibit innovation. As cloud providers create new solutions, this reference architecture
will serve as the basis for an “apples to apples” comparison of cloud computing services. This will help
agencies to understand how various services t together. Similarly, NIST will need to expand these
de nitions as new deployment models arise.
NIST will work with agencies to de ne a set of “target” business use cases that pose the greatest chal-
lenges by risks, concerns, or constraints. NIST will help to identify operationally driven priorities for
cloud computing standards and guidance by working with Federal agencies and other stakeholders to
de ne a set of mission driven scenarios for cloud computing implementation and operations. These will
be used to focus and help to translate mission requirements into technical portability, interoperability,
reliability, maintainability and security requirements. For example, a business use case may re ect the
migration of patent application software to cloud IaaS. Once identi ed, NIST will work with agencies and
industry to model, using a vendor neutral reference architecture and taxonomy as a frame of reference,
various options for addressing these challenges. Ultimately, this research will result in the de nition of
new standards, guidance, and technology requirements.
NIST will continue to execute the tactical Standards Acceleration to Jumpstart Adoption of Cloud
Computing (SAJACC) project, which plays a role in validating key cloud speci cations and sharing
information, in order to build con dence in cloud computing technology before formalized standards
are available. To date, SAJACC has de ned 24 generic technical use cases that can be used to validate key
interoperability, security, and portability requirements. One example is the ability to move data in to and
out of a cloud provider’s environment, and to verify that data is adequately deleted when removed using
commonly available interfaces de ned by industry. SAJACC will support industry in moving forward
with standardization in parallel with the formal consensus based standards organizations’ processes.
5. Recognizing the international dimensions of cloud computing
The growth of any new technology presents two fundamental dynamics: (1) the power to transform
and (2) the need to examine existing paradigms in that same eld. Cloud computing has brought to the
forefront several international policy issues that need to be addressed over the next decade as cloud
computing matures. Issues to consider include:
Data sovereignty, data in motion, and data access: How do countries strike the proper balance
between privacy, security and intellectual property of national data?
Are there needs for international cloud computing legal, regulatory, or governance frameworks?
Cloud computing codes of conducts for national governments, industry, and non-governmental
organizations
Data interoperability and portability in domestic and international settings
Ensuring global harmonization of cloud computing standards
18. www.nist.gov/itl/cloud/bususecases.cfm
30
35. I V. C ATA LY Z I N G C L O U D A D O P T I O N
6. Laying a solid governance foundation
This strategy is the rst step in the process of migrating towards cloud technologies, both within the
public and private sector. The Federal Government will play a vital role throughout this process to
identify and resolve cloud issues of national importance. As issues are increasingly resolved, the Federal
Government will re-focus its priorities towards more pressing issues.
To e ectively manage these governance issues in the long-term, the Federal Government needs to lay
a stable governance foundation that will outlast single individuals or administrations. To the best extent
possible, individuals or committees should have explicitly de ned roles, non-overlapping responsibilities,
and a clear decision-making hierarchy. These steps will empower the government for action, minimize
unnecessary bureaucracy, and ensure accountability for results.
The following bodies will therefore have these roles and responsibilities:
National Institute of Standards and Technology (NIST) will lead and collaborate with Federal, State,
and local government agency CIOs, private sector experts, and international bodies to identify
and prioritize cloud computing standards and guidance
General Service Administration (GSA) will develop government-wide procurement vehicles and
develop government-wide and cloud-based application solutions where needed
Department of Homeland Security (DHS) will monitor operational security issues related to the
cloud
Agencies will be responsible for evaluating their sourcing strategies to fully consider cloud
computing solutions
Federal CIO Council will drive government-wide adoption of cloud, identify next-generation
cloud technologies, and share best practices and reusable example analyses and templates
The O ce of Management and Budget (OMB) will coordinate activities across governance bodies,
set overall cloud-related priorities, and provide guidance to agencies
31
36.
37. V. CONCLUSION
Cheaper processors, faster networks, and the rise of mobile devices are driving innovation faster than
ever before. Cloud computing is a manifestation and core enabler of this transformation. Just as the
Internet has led to the creation of new business models unfathomable 20 years ago, cloud computing
will disrupt and reshape entire industries in unforeseen ways. To paraphrase Sir Arthur Eddington – the
physicist who con rmed Einstein’s Theory of General Relativity – cloud computing will not just be more
innovative than we imagine; it will be more innovative than we can imagine.
IDC predicted that by this year, the digital universe would be 10 times the size it was in 2006 – that is, nine
times more digital content would be created within ve years than all of history before. This explosion
of data, combined with the mobilization of digital access, portends major improvements in on-the-go
intelligence. Examples of transformative changes exist across all government agencies and it is the
responsibility of those in government to be in the forefront of bringing these innovative services to the
American people. It is very easy to envision new services such as personalized u outbreak warnings
for expectant mothers and real-time tra c advisories performed by Federal and local governments.
Cloud computing will enable a fundamental shift in how we serve the American people. Citizens empow-
ered to see their homes’ electricity use in real-time will be able to make more intelligent consumption
choices. Citizens able to access their health records electronically will be able to easily share them with
doctors and providers, and thus improve their healthcare. Citizens able to create and share performance
dashboards will be able to shine a light on the government’s performance as easily as they create and
share YouTube videos today.
Our responsibility in government is to achieve the signi cant cost, agility and innovation bene ts of
cloud computing as quickly as possible. The strategy and actions described in this paper are the means
for us to get started immediately. Given that each agency has unique mission needs, security require-
ments, and IT landscape, we ask that each agency think through the attached strategy as a next step.
Each agency will evaluate its technology sourcing strategy so that cloud computing options are fully
considered, consistent with the Cloud First policy.
19. Gantz, John. The Diverse and Exploding Digital Universe: An Updated Forecast on Worldwide Information Growth
through 2011. March 2008
33
38.
39. APPENDIX 1: POTENTIAL
SPENDING ON CLOUD
COMPUTING BY AGENCY
Source: Agency estimates reported to the O ce of Management and Budget (OMB).
35
40.
41. APPENDIX 2: AGENCY RESOURCES
FOR CLOUD COMPUTING
General
The ABCs of Cloud Computing: A comprehensive cloud computing portal where agencies
can get information on procurement, security, best practices, case studies and technical
resources. (GSA / http://www.info.apps.gov)
Cloud Computing Migration Framework: A series of technical white papers on cloud
computing, including a decision-making framework, cost/business case considerations,
service level agreement provisions, information security, a PaaS analysis and a survey of
market segments and cloud products categories. (MITRE /
http://www.mitre.org/work/info_tech/cloud_computing/technical_papers/index.html)
Successful Case Studies: A report which details 30 illustrative cloud computing case studies
at the Federal, state and local government levels. (CIO Council /
http://www.info.apps.gov/sites/default/ les/StateOfCloudComputingReport-FINALv3_508.pdf )
Cloud Computing De nition: Includes essential characteristics as well as service and
deployment models. (NIST /
http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-de nition.pdf )
Security
Centralized Cloud Computing Assessment and Authorization: The Federal Risk and
Authorization Management Program (FedRAMP) has been established to provide a standard,
centralized approach to assessing and authorizing cloud computing services and products.
FedRAMP will permit joint authorizations and continuous security monitoring services for
government and commercial cloud computing systems intended for multi-agency use. It will
enable the government to buy a cloud solution once, but use it many times. (CIO Council /
http://www.fedramp.gov)
Primer on Cloud Computing Security: A white paper that seeks to clarify the
variations of cloud services and examine the current and near-term poten-
tial for Federal cloud computing from a cybersecurity perspective. (DHS /
http://www.info.apps.gov/sites/default/ les/Cloud_Computing_Security_Perspective.doc)
Privacy Recommendations for Cloud Computing: A paper which highlights potential
privacy risks agencies should consider as they migrate to cloud computing (CIO Council /
http://www.cio.gov/Documents/Privacy-Recommendations-Cloud-Computing-8-19-2010.docx)
37
42. F E D E R A L C L O U D CO M P U T I N G S T R AT E G Y
Guide for Applying the Risk Management Framework to Federal
Information Systems, A Security Life Cycle Approach (NIST /
http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1- nal.pdf)
Guidelines on Security and Privacy in Public Cloud Computing: This draft publica-
tion provides an overview of the security and privacy challenges pertinent to public
cloud computing and points out considerations organizations should take when out-
sourcing data, applications, and infrastructure to a public cloud environment (NIST /
http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf)
Acquisition/Procurement
Cloud Computing Procurement Assistance: Apps.gov is an online cloud computing (SaaS,
IaaS, PaaS) storefront that encourages and enable the adoption of cloud computing solutions
across the Federal Government. Apps.gov o ers a comprehensive set of business, infrastruc-
ture, productivity and social media applications. It eliminates unnecessary research, analysis
and redundant approvals, requisitions and service level agreements across the government
by providing agencies a fast, easy way to buy the tools they need. (GSA / https://apps.gov/ )
Standards
Federal Cloud Computing Collaboration Page: The National Institute of Standards
and Technology (NIST) has been designated by the Federal CIO to accelerate the Federal
Government’s secure adoption of cloud computing by leading e orts to develop standards
and guidelines in close consultation and collaboration with standards bodies, the private
sector, and other stakeholders. This site provides an avenue for interested stakeholders to
collaborate with NIST in developing interoperability, portability and security standards, busi-
ness and technical use cases, and a cloud computing reference architecture and taxonomy.
(http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/WebHome)
Technical Resources
CIO Council Executive Cloud Computing Executive Steering Committee (CCESC): The
CCESC was established by the Federal CIO Council to provide strategic direction and over-
sight for the Federal Cloud Computing Initiative. Under the CCESC, there exists a Cloud
Computing Advisory Council and multiple working groups that further enable the adoption
of cloud computing across the government. (Chaired by USAID)
− CIO Council Cloud Computing Advisory Council (CCAC): The CCAC was established at the
behest of the CCESC to serve as a collaborative environment for senior IT experts from
across the Federal Government. CCAC members serve as agency resources best practices
dissemination, consensus building for key Federal Cloud Computing initiatives, and the
sharing of existing/planned cloud computing projects. (Chaired by USAID)
38
43. A P P E N D I X 2 : AG E N C Y R E S O U R C E S F O R C L O U D CO M P U T I N G
− CIO Council Cloud Computing E-mail Working Group: The E-mail Working Group will be
the source of SaaS email information, solutions, and processes that foster adoption of SaaS
email across the Federal Government. (Chaired by DOI)
− CIO Council Cloud Computing Security Working Group: The Security Working Group sup-
ports FedRAMP, a centralized cloud computing assessment and authorization body that
can be leveraged by multiple agencies. (Chaired by GSA)
− CIO Council Cloud Computing Standards Working Group: The Standards Working Group
will lead government-wide e orts to de ne cloud computing security, portability and
interoperability standards, target Federal business and technical use cases, and a reference
architecture. (Chaired by NIST)
Additional workgroups will be stood up by the CIO Council as the work of the Federal Cloud Computing
Initiative evolves.
39