Federal Cloud Computing
eBook - ePub

Federal Cloud Computing

The Definitive Guide for Cloud Service Providers

  1. 536 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Federal Cloud Computing

The Definitive Guide for Cloud Service Providers

About this book

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing.- Provides a common understanding of the federal requirements as they apply to cloud computing- Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)- Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Federal Cloud Computing by Matthew Metheny in PDF and/or ePUB format, as well as other popular books in Informatica & Informatica generale. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2017
eBook ISBN
9780128096871
Edition
2
Topic
Informatica
Subtopic
Informatica generale
Chapter 1

Introduction to the federal cloud computing strategy

Abstract

In this chapter, the Federal Cloud Computing Strategy is introduced, followed by a brief history of information technology (IT) within the US federal government beginning with the mainframe and concluding with the transition to mobility. A chronicle of the major IT-related legislation and policies provide insight into the governance of federal IT policies that have been developed over time to address governance, IT management, information security, security and privacy issues with the adoption of new technologies within the federal government. It further presents the federal IT transformation through a summary of the Federal Cloud Computing Strategy beginning with the drivers for adoption and ending with the application of the decision framework for cloud migration.

Keywords

OMB policies; federal IT transformation; federal IT policies; cloud computing; cloud migration; cloud strategy; Cloud First policy; 25 Point Implementation Plan
Information in this chapter:
• Introduction
• A Historical View of Federal IT
• Cloud Computing: Drivers in Federal IT Transformation
• Decision Framework for Cloud Migration

Introduction

In February 2011, the former US Chief Information Officer (CIO), Vivek Kundra, published the Federal Cloud Computing Strategy, herein referred to as the “Cloud Strategy.”1
The Cloud Strategy, as illustrated in Fig. 1.1, was one of six major components of the 25 Point Implementation Plan to Reform Federal Information Technology Management, the US CIO’s roadmap to the cloud. The roadmap focused on shifting to cloud services, which can be deployed rapidly, and shared solutions that will result in substantial cost savings, allowing federal agencies to optimize spending and to reinvest in their most critical mission needs [1].
image

Figure 1.1 25 Point implementation IT reform plan—“Roadmap to the Cloud.”
In the 25 Point Implementation Plan to Reform Federal Information Technology Management, the Cloud First policy, also referred to as “Cloud First,” requires federal agencies to implement cloud-based solutions whenever a secure, reliable, and cost-effective cloud option existed. The publication of the Cloud Strategy facilitates the implementation of the Cloud First policy by initiating a program2 to “accelerate the safe and secure adoption of cloud computing across the government” [2]. Additionally, the Cloud Strategy directs the National Institute of Standards and Technology (NIST) to lead the standards development3 related to security, interoperability, and portability, to reduce barriers to cloud adoption by federal agencies.
In the Cloud Strategy, the US federal government’s strategic approach for the adoption of cloud computing technologies was described, including the potential benefits, considerations, and trade-offs [2]. The strategy also provided a decision framework4 for federal agencies to use in outlining their plan for using cloud computing services. The migration plans and government-wide initiatives help identify candidate cloud services to improve their efficient use of IT investments to support their missions by leveraging shared infrastructures and economies of scale. The decision framework focused on changing how federal agencies approached the acquisition and use of IT5 and how they could effectively integrate cloud services into their IT portfolio.
The Cloud Strategy also established a set of basic principles and guidelines through which decision-makers within federal agencies could use it to accelerate their secure adoption of cloud services. Through the strategy, federal agencies were empowered with the responsibility for making their own decision on “what” and “how” to migrate to the cloud in support of the government-wide Cloud First policy. The Cloud First policy creates the momentum for federal agencies to proactively adopt cloud computing services by requiring them to begin with the selection of three6 “cloud-ready”7 IT services.8 To assist federal agencies in acquiring (procuring)9 cloud services to meet the Cloud First policy, the US General Services Administration (GSA) through the Cloud Computing Services (CCS) Program Management Office (PMO), established contracts that federal agencies could leverage for purchasing commodity cloud services. As depicted in Fig. 1.2, Email as a Server (EaaS)10 a commodity cloud service, was one of the most common types of IT systems migrated to the cloud.
image

Figure 1.2 Total number of systems migrating to the cloud by type.
In the section, the Decision Framework for Cloud Migration, a three-step framework described the foundational elements that were identified as being necessary for building a successful cloud migration plan.11 In addition, the Cloud First policy gave federal agencies the opportunity to exercise their migration plans12 and develop and share “lessons learned” from their experiences. The Cloud First policy also established the requirement for a program13 to be developed that would encourage Cloud Service Providers (CSPs) to meet federal security and privacy requirements through the development of “government-ready” (or FedRAMP compliant14) cloud services.15
The federal government has started the shift, from a traditional, asset-based model focused on acquiring IT, to a service (or utility16)-based model, focused on consuming IT services. Cloud computing was not only a change in the technology used by federal agencies, but also a cultural change.17 The “shift” towards cloud services required federal agencies to change the people and processes that are needed for procuring and provisioning cloud services. Cloud computing places an increased importance on how technology is planned, selected, and integrated.18 The new service-based approach to IT required federal agencies to learn how to manage services rather than assets. To effectively provision cloud services so that there can be an achieved optimization of resources, federal agencies had to link the benefits of cloud computing to their IT strategic plans.19 In addition, federal agencies also had to establish new IT governance processes and practices to ensure the adoption of secure cloud services adhered to the federal information security and privacy requirements.
Note
Importance of Federal IT Strategic Planning in the Adoption of Cloud Computing
Government-wide IT strategic planning for information and IT management has been highlighted as a systematic challenge almost since federal agencies began using IT. As early as 1960,20 the US General Accounting Office (GAO)21 “ … call(ed) attention to the need for more positive central planning of a long-range nature within the executive branch of the government to promote the maximum degree of efficiency, economy, and effectiveness in the administration and management of costly automatic data processing facilities” [3].
However, it was not until 198022 that the management of federal IT authority was centralized within the federal government. The Office of Management and Budget (OMB) was given government-wide responsibility to “oversee the use of information resources to improve the efficiency and effectiveness of governmental operations to serve agency missions” [4]. Federal agencies were also required to designate a senior agency official (also known as the Agency CIO) to be responsible for information resource management (IRM)23 at the department and agency level. As the government-wide IRM activities evolved, Agency CIOs were also given additional responsibilities in developing “strategic plans24 for all [departmental and agency] information and information technology management functions” [5].
IT Strategic Plans25 play an important role in the adoption of cloud computing specifically when planning the expected improvements in productivity, efficiency, and effectiveness. Agency CIOs will need to be more effective in aligning IT Strategic Plans with Agency Strategic Plans26 that enable the development and monitoring of performance metrics used to evaluate the business value of cloud services. Therefore, the IT strategic planning process used by Agency CIOs will need to emphasize the establishment of criteria that are more focused on objectively and quantitatively measuring the benefits of the investment of cloud computing technologies across the department and agency.
20Review of Automatic Data Processing Developments in the Federal Government.
21The GAO was established under the Budget and Accounting Act of 1921. In July 7, 2007, the General Accounting Office was changed to the Government Accountability Office.
22Paperwork Reduction Act of 1980. Available from: http://www.gpo.gov/fdsys/pkg/PLAW-104publ13/html/PLAW-104publ13.htm....

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. About the Author
  7. About the Technical Editor
  8. Foreword by William Corrington
  9. Foreword by Jim Reavis
  10. Chapter 1. Introduction to the federal cloud computing strategy
  11. Chapter 2. Cloud computing standards
  12. Chapter 3. A case for open source
  13. Chapter 4. Security and privacy in public cloud computing
  14. Chapter 5. Applying the NIST risk management framework
  15. Chapter 6. Risk management
  16. Chapter 7. Comparison of federal and international security certification standards
  17. Chapter 8. FedRAMP primer
  18. Chapter 9. The FedRAMP cloud computing security requirements
  19. Chapter 10. Security testing: Vulnerability assessments and penetration testing
  20. Chapter 11. Security assessment and authorization: Governance, preparation, and execution
  21. Chapter 12. Strategies for continuous monitoring
  22. Chapter 13. Continuous monitoring through security automation
  23. Chapter 14. A case study for cloud service providers
  24. Index