Federal Cloud Computing
eBook - ePub

Federal Cloud Computing

The Definitive Guide for Cloud Service Providers

  1. 448 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Federal Cloud Computing

The Definitive Guide for Cloud Service Providers

About this book

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.- Provides a common understanding of the federal requirements as they apply to cloud computing- Provides a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)- Provides both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Federal Cloud Computing by Matthew Metheny in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2012
Print ISBN
9781597497374
eBook ISBN
9781597497398
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Dedication 1

This book is dedicated to my wonderful wife. Her support in giving me the opportunity to write this book cannot be expressed in simple words. For her continuous patience, encouragement, and for those times sacrifice. For her inspiration and incredible love for reading and editing, even when the subject matter may not have been of interest to her.
Ā 
To my dear, loving wife Erin, you make me complete.
Ā 
Thank you for tirelessly standing by my side and supporting me every step of the way. There are many times in oneā€™s life where the task may seem too difficult, but having someone like you there as a guiding arm to encourage and to consult has been a blessing.
Ā 
You have always been there when the times were challenging. It is with great honor to share this accomplishment with you.
Ā 
To my wife, with love.

Dedication 2

In memory of Ron Knode.
Ā 
Ron was a gift that left an impression of a smile, kind words, encouragement, and a unique way to make one think and see in a different perspective. I feel extremely honored to have had the opportunity to know and be mentored by Ron.
Ā 
Ron, you have left an impression on many that will never be forgotten.

About the Author

Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is the founder of One Enterprise Consulting Group, LLC (1ECG), a privately held consulting firm that specializes in providing professional services that include cloud strategy and architecture, cloud security assessments, cloud migration, and cloud computing training. Mr. Metheny is a member of the Board of Directors for the Cloud Security Alliance (CSA) Washington, DC Metro Chapter, the CloudTrust Protocol (CTP) Working Group Co-Chair, and is a CSA-certified instructor for the Certificate of Cloud Security Knowledge (CCSK). Prior to 1ECG, Mr. Metheny held senior-level program management and executive-level positions with various consulting firms supporting both the federal government and the private sector with a focus on governance, risk management, emerging technologies, and security compliance. In addition, he is the founder of FedRAMP.net, which is focused on supporting cloud service providers and federal agencies with addressing the requirements of the Federal Risk and Authorization Management Program (FedRAMP). Mr. Metheny holds a Master of Science degree in Information Assurance from the University of Maryland University College (UMUC) and multiple internationally recognized certifications.

About the Technical Editor

Janis Orsino is an IT security consultant with more than two decades experience delivering technology and business consulting services for the U.S. federal government, in both civilian and defense sectors. She is presently a Senior Managing Consultant with IBM Global Business Servicesā€™, U.S. Federal Cybersecurity and Privacy Consulting Practice.
From 2009 to 2011, during a contract assignment with the Defense-wide Information Assurance Program, Janis helped to shape the Federal Risk and Authorization Management Program (FedRAMP) from its inception as a key advisor to the DoD Joint Authorization Board. She was also engaged in the cloud computing security guidance development efforts of the Federal CIO Councilā€™s Information Security and Identity Management Committee, Network and Infrastructure Security Subcommittee.
Janis holds a Bachelor of Science degree in Social Psychology from Park University, a Graduate Certificate in Legal Studies from The George Washington University, and a string of industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), GIAC Security Leadership Certification (GSLC) and the Certificate of Cloud Security Knowledge (CCSK).

Foreword by William Corrington

In recent years ā€œcloud computingā€ has emerged as a model for providing IT infrastructure, resources and services that has the potential to drive significant value to organizations through increased IT efficiency, agility and innovation. However, Federal agencies who were early adopters of cloud computing have learned that there are many challenges and risks that must be addressed in order to realize these benefits.
These early adopters have learned that the use of a Cloud Service Provider (CSP) represents a fundamental shift in how IT assets are deployed and delivered on a day-to-day basis. Successful adoption of cloud computing requires a change in approach to (among other things) security, privacy, end-user support, operations, acquisition and contract management. Challenges exist for CSPs as well. Many players in this emerging marketplace are new to doing business with the Federal government. As a result, they not only need to learn the nuances of the Federal acquisition processes, they must also address a myriad of security, privacy and certification requirements that are specific to Federal customers.
In order to mitigate these challenges and to catalyze the adoption of cloud computing within the Federal government, the Federal Cloud Computing Strategy was released on February 8, 2011. The National Institute of Standards and Technology (NIST) and the General Services Administration (GSA) have key roles in the implementation of this ā€œCloud Firstā€ strategy. NIST has developed a number of Special Publications that provide definitions, architectural standards and roadmaps for cloud computing. GSA has developed the Federal Risk and Authorization Management Program (FedRAMP) to define security, auditing, continuous monitoring and other operational requirements for Federal agency use of cloud computing.
I admire the groundbreaking initiatives that have been spearheaded by NIST and GSA. And yet, these efforts have created a new landscape with its own set of twists and turns that must be navigated by both Federal agencies and CSPs wishing to serve the Federal marketplace. What has been missing so far is a definitive reference guide that will allow anyone with a stake in Federal IT to quickly ascend the learning curve associated with the goals, objectives, implementation and operational aspects of the Federal Cloud Computing Strategy. Mr. Methenyā€™s book fills this gap by providing a comprehensive view of how and where cloud computing fits in the Federal government and how the critical components of the Cloud First strategy will work together in a complementary fashion.
I believe that this book will prove to be an invaluable resource to anyone who needs to successfully navigate the brave new world of Federal cloud computing. Cloud Service Providers (CSPs) will gain an understanding of the security and operational requirements that must be met in order to provide cloud-based services to Federal agencies. Cloud auditors who wish to provide services to Federal agencies or CSPs will learn the detailed requirements for becoming a Third Party Assessment Organization (3PAO). Federal agency CIOs, CTOs and CISOs will benefit from greater clarity regarding the impacts that the move to cloud computing will have on their existing IT strategy and operations.
The Cloud First strategy is a critical component of broader efforts that are underway to transform Federal IT in the 21st century. This book will provide excellent guidance to everyone who wishes to undertake that journey.
William Corrington
Founder and Chief Cloud Strategist
Stony Point Enterprises
(Former Chief Technology Officer at the U.S. Department of Interior)

Foreword by Jim Reavis

image
Cloud computing is an epochal change in the use of technology by mankind. Broadly considered, it represents the transition towards the use of compute as a utility, with profound implications. Just as when nations became electrified, the dawn of new industries, reorganization of societies and other unexpected outcomes are surely at our doorstep. Access to supercomputer capabilities, previously only available to small groups of people with millions of dollars, is now available to all.
The ability for individuals, small businesses and large enterprises to have ā€œon demandā€ access to a virtually unlimited supply of compute power and storage challenges our ability to innovate. From discovering new drugs to unlocking the mysteries of the universe to finding better solutions for the human condition, we are only limited by our imagination.
Governments are no different than any other organization in their propensity to be impacted by, and leverage the cloud. The very largest problems facing governments have the potential to be solved in large part by the cloud. Cloud will also force government agencies to be more transparent and collaborative with the information that forms the backbone of their services. At the same time, a rush to adopt cloud computing without a sound understanding of its potential and risks could prove a devastating setback. This book, ā€œFederal Cloud Computing: The Definitive Guide for Cloud Service Providersā€ is a timely addition to our shared knowledge of what cloud computing is, the inherent risks, regulatory requirements and the ecosystem of standards and best practices.
Cloud Security Alliance is a not-for-profit organization that is the leading global force in building trust within cloud computing. We congratulate author and CSA member Matthew Metheny for his excellent contribution to the topic of cloud computing within the US Federal government. We feel this book is must reading for anyone interested in information technology within our government. Both government consumers and providers must understand the regulatory requirements, the processes for making cloud services available and best practices to mitigate risks and operate cloud systems securely.
Cloud computing is not only in our future, but is here today. Whatever role you play in this topic, you have a mandate to find strategies to securely adopt cloud in an agile manner. ā€œFederal Cloud Computing: The Definitive Guide for Cloud Service Providersā€ is an excellent coach to help define those strategies.
Best,
Jim Reavis
Executive Director, Cloud Security Alliance

Chapter 1

Introduction to the Federal Cloud Computing Strategy

Information in this chapter:

ā€¢ Introduction
ā€¢ A Historical View of Federal IT
ā€¢ Cloud Computing: Drivers in Federal IT Transformation
ā€¢ Decision Framework for Cloud Migration

Introduction

In February of 2011, the former US Chief Information Officer (CIO), Vivek Kundra, published the Federal Cloud Computing Strategy, herein referred to as the ā€œCloud Strategy.ā€1 The Cloud Strategy, as illustrated in Figure 1.1, was one of six major components of the US CIOā€™s roadmap to the cloud as defined in the 25 Point Implementation Plan to Reform Federal Information Technology Management.
image
Figure 1.1 25 Point Implementation IT Reform Planā€”ā€œRoadmap to the Cloudā€
In the Cloud Strategy, the federal governmentā€™s strategic approach for the adoption of cloud computing technologies was described, including the potential benefits, considerations, and trade-offs [1]. The strategy also provided a decision framework for federal agencies to use in outlining their plan for using cloud computing to improve their efficient use of information technology (IT) investments to support their missions by leveraging shared infrastructures and economies of scale. This framework focused on changing how the government approaches IT and how it could effectively integrate cloud services into its existing IT portfolio.
The Cloud Strategy established a set of basic principles and guidelines through which decision-makers within federal agencies could use it to accelerate their secure adoption of cloud services. Through the strategy, ...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication 1
  6. Dedication 2
  7. About the Author
  8. About the Technical Editor
  9. Foreword by William Corrington
  10. Foreword by Jim Reavis
  11. Chapter 1. Introduction to the Federal Cloud Computing Strategy
  12. Chapter 2. Cloud Computing Standards
  13. Chapter 3. A Case for Open Source
  14. Chapter 4. Security and Privacy in Public Cloud Computing
  15. Chapter 5. Applying the NIST Risk Management Framework
  16. Chapter 6. Risk Management
  17. Chapter 7. Comparison of Federal and International Security Certification Standards
  18. Chapter 8. FedRAMP Primer
  19. Chapter 9. The FedRAMP Cloud Computing Security Requirements
  20. Chapter 10. Security Assessment and Authorization: Governance, Preparation, and Execution
  21. Chapter 11. Strategies for Continuous Monitoring
  22. Chapter 12. Cost-Effective Compliance Using Security Automation
  23. Chapter 13. A Case Study for Cloud Service Providers
  24. Index