eBook - ePub

Federal Cloud Computing

Name: Federal Cloud Computing
Author: Matthew Metheny

The Definitive Guide for Cloud Service Providers

Matthew Metheny

Share book

536 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Federal Cloud Computing

The Definitive Guide for Cloud Service Providers

Matthew Metheny

Book details

Book preview

Table of contents

Citations

About This Book

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.

You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.

This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing.

Provides a common understanding of the federal requirements as they apply to cloud computing
Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Federal Cloud Computing an online PDF/ePUB?

Yes, you can access Federal Cloud Computing by Matthew Metheny in PDF and/or ePUB format, as well as other popular books in Informatik & Cybersicherheit. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Syngress

Year

2017

ISBN

9780128096871

Edition

Topic

Informatik

Subtopic

Cybersicherheit

Chapter 1

Introduction to the federal cloud computing strategy

Abstract

In this chapter, the Federal Cloud Computing Strategy is introduced, followed by a brief history of information technology (IT) within the US federal government beginning with the mainframe and concluding with the transition to mobility. A chronicle of the major IT-related legislation and policies provide insight into the governance of federal IT policies that have been developed over time to address governance, IT management, information security, security and privacy issues with the adoption of new technologies within the federal government. It further presents the federal IT transformation through a summary of the Federal Cloud Computing Strategy beginning with the drivers for adoption and ending with the application of the decision framework for cloud migration.

Keywords

OMB policies; federal IT transformation; federal IT policies; cloud computing; cloud migration; cloud strategy; Cloud First policy; 25 Point Implementation Plan

Information in this chapter:

• Introduction

• A Historical View of Federal IT

• Cloud Computing: Drivers in Federal IT Transformation

• Decision Framework for Cloud Migration

Introduction

In February 2011, the former US Chief Information Officer (CIO), Vivek Kundra, published the Federal Cloud Computing Strategy, herein referred to as the “Cloud Strategy.”¹

The Cloud Strategy, as illustrated in Fig. 1.1, was one of six major components of the 25 Point Implementation Plan to Reform Federal Information Technology Management, the US CIO’s roadmap to the cloud. The roadmap focused on shifting to cloud services, which can be deployed rapidly, and shared solutions that will result in substantial cost savings, allowing federal agencies to optimize spending and to reinvest in their most critical mission needs [1].

Figure 1.1 25 Point implementation IT reform plan—“Roadmap to the Cloud.”

In the 25 Point Implementation Plan to Reform Federal Information Technology Management, the Cloud First policy, also referred to as “Cloud First,” requires federal agencies to implement cloud-based solutions whenever a secure, reliable, and cost-effective cloud option existed. The publication of the Cloud Strategy facilitates the implementation of the Cloud First policy by initiating a program² to “accelerate the safe and secure adoption of cloud computing across the government” [2]. Additionally, the Cloud Strategy directs the National Institute of Standards and Technology (NIST) to lead the standards development³ related to security, interoperability, and portability, to reduce barriers to cloud adoption by federal agencies.

In the Cloud Strategy, the US federal government’s strategic approach for the adoption of cloud computing technologies was described, including the potential benefits, considerations, and trade-offs [2]. The strategy also provided a decision framework⁴ for federal agencies to use in outlining their plan for using cloud computing services. The migration plans and government-wide initiatives help identify candidate cloud services to improve their efficient use of IT investments to support their missions by leveraging shared infrastructures and economies of scale. The decision framework focused on changing how federal agencies approached the acquisition and use of IT⁵ and how they could effectively integrate cloud services into their IT portfolio.

The Cloud Strategy also established a set of basic principles and guidelines through which decision-makers within federal agencies could use it to accelerate their secure adoption of cloud services. Through the strategy, federal agencies were empowered with the responsibility for making their own decision on “what” and “how” to migrate to the cloud in support of the government-wide Cloud First policy. The Cloud First policy creates the momentum for federal agencies to proactively adopt cloud computing services by requiring them to begin with the selection of three⁶ “cloud-ready”⁷ IT services.⁸ To assist federal agencies in acquiring (procuring)⁹ cloud services to meet the Cloud First policy, the US General Services Administration (GSA) through the Cloud Computing Services (CCS) Program Management Office (PMO), established contracts that federal agencies could leverage for purchasing commodity cloud services. As depicted in Fig. 1.2, Email as a Server (EaaS)¹⁰ a commodity cloud service, was one of the most common types of IT systems migrated to the cloud.

Figure 1.2 Total number of systems migrating to the cloud by type.

In the section, the Decision Framework for Cloud Migration, a three-step framework described the foundational elements that were identified as being necessary for building a successful cloud migration plan.¹¹ In addition, the Cloud First policy gave federal agencies the opportunity to exercise their migration plans¹² and develop and share “lessons learned” from their experiences. The Cloud First policy also established the requirement for a program¹³ to be developed that would encourage Cloud Service Providers (CSPs) to meet federal security and privacy requirements through the development of “government-ready” (or FedRAMP compliant¹⁴) cloud services.¹⁵

The federal government has started the shift, from a traditional, asset-based model focused on acquiring IT, to a service (or utility¹⁶)-based model, focused on consuming IT services. Cloud computing was not only a change in the technology used by federal agencies, but also a cultural change.¹⁷ The “shift” towards cloud services required federal agencies to change the people and processes that are needed for procuring and provisioning cloud services. Cloud computing places an increased importance on how technology is planned, selected, and integrated.¹⁸ The new service-based approach to IT required federal agencies to learn how to manage services rather than assets. To effectively provision cloud services so that there can be an achieved optimization of resources, federal agencies had to link the benefits of cloud computing to their IT strategic plans.¹⁹ In addition, federal agencies also had to establish new IT governance processes and practices to ensure the adoption of secure cloud services adhered to the federal information security and privacy requirements.

Note

Importance of Federal IT Strategic Planning in the Adoption of Cloud Computing

Government-wide IT strategic planning for information and IT management has been highlighted as a systematic challenge almost since federal agencies began using IT. As early as 1960,²⁰ the US General Accounting Office (GAO)²¹ “ … call(ed) attention to the need for more positive central planning of a long-range nature within the executive branch of the government to promote the maximum degree of efficiency, economy, and effectiveness in the administration and management of costly automatic data processing facilities” [3].

However, it was not until 1980²² that the management of federal IT authority was centralized within the federal government. The Office of Management and Budget (OMB) was given government-wide responsibility to “oversee the use of information resources to improve the efficiency and effectiveness of governmental operations to serve agency missions” [4]. Federal agencies were also required to designate a senior agency official (also known as the Agency CIO) to be responsible for information resource management (IRM)²³ at the department and agency level. As the government-wide IRM activities evolved, Agency CIOs were also given additional responsibilities in developing “strategic plans²⁴ for all [departmental and agency] information and information technology management functions” [5].

IT Strategic Plans²⁵ play an important role in the adoption of cloud computing specifically when planning the expected improvements in productivity, efficiency, and effectiveness. Agency CIOs will need to be more effective in aligning IT Strategic Plans with Agency Strategic Plans²⁶ that enable the development and monitoring of performance metrics used to evaluate the business value of cloud services. Therefore, the IT strategic planning process used by Agency CIOs will need to emphasize the establishment of criteria that are more focused on objectively and quantitatively measuring the benefits of the investment of cloud computing technologies across the department and agency.