Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
2013 AWS Worldwide Public Sector Summit Washington, D.C.
Web Mapping and Security – A View From Esri
Bonnie Stayer – Solutions Engineer
Dan O’Leary – Director, D.C. Software
Development Center
2013 AWS Worldwide Public Sector Summit
Introduction
• Cloud security affected by many moving parts
– Cloud security standards evolving – FISMA/FedRAMP
– “Cloud First” initiative
– Advancing ArcGIS security capabilities
– Evolution of cloud provider capabilities
– Mobilization of workforce
2013 AWS Worldwide Public Sector Summit
Introduction
• Choosing an appropriate cloud deployment
– Not just technical issues/concerns
– Political push/pull issues
• Cloud First vs. “We don’t trust cloud providers, yet”
– No silver bullet for all cloud security concerns
• Esri provides a roadmap of options and best practices,
not just a “Safe” button to push
2013 AWS Worldwide Public Sector Summit
Esri – A Global Company
US Regional Offices
US Satellites
International Satellites
International Distributors
2013 AWS Worldwide Public Sector Summit
Server Online Content
and Services
Desktop Web Device
ArcGIS
Online
ArcGIS – A Complete Platform
• Data Management
• Visualization
• Analysis
• Dissemination
2013 AWS Worldwide Public Sector Summit
Cloud Implementation Options
Service Non-Cloud IaaS SaaS Model AGS Your Location AGS in AWS ArcGIS Online
Cloud On-premises
Deployment On-Premises Community Hybrid Public Model Your location AWS GovCloud Your Loc+AWS AWS/Azure
Management Self-Managed Managed Model You Esri
2013 AWS Worldwide Public Sector Summit
Deploying ArcGIS Server in AWS
• Pre-built AMIs
– Windows, Linux
– Include RDBMS
– Launch instance, authorize license, create site
• Cloud Builder
– Desktop application
– Simplifies assembly and administration
2013 AWS Worldwide Public Sector Summit
ArcGIS IaaS Security
• Question
– If my cloud IaaS is FISMA/FedRAMP accredited and I deploy my app into that cloud,
is the overall implementation FISMA/FedRAMP equivalent?
• Answer
– No
• Question – Part 2
– Okay, so it’s not FISMA/FedRAMP equivalent, but the IaaS by itself ensures the
solution is “secure enough”, right?
• Answer
– No
IaaS
FISMA
Default
ArcGIS
2013 AWS Worldwide Public Sector Summit
Security Responsibility
Customer
Managed
Cloud
Provider
Managed
Server Infrastructure (Servers, Storage, Racks)
Network Infrastructure (Switches, Routers, Cables, SAN)
Data Center (Physical facility, UPS, Cooling)
Data
Platform, Applications, Identity & Access
Management
Operating System, Network, & Firewall
2013 AWS Worldwide Public Sector Summit
ArcGIS
Online
Executive
Access
Public
Engagement
Work
Anywhere
Knowledge
Workers
Enterprise
Integration
Professional
GIS
How is it used?
2013 AWS Worldwide Public Sector Summit
ApplicationCustomer Configured
ApplicationEsri Managed
Infrastructure Cloud Provider
Managed
Server Infrastructure(Servers, Storage, Racks)
Network Infrastructure(Switches, Routers, Cables, SAN)
Data Center(Physical facility, UPS, Cooling)
Web Admin App(Org-wide settings, Management)
End-User Org Portal(Create maps, Share, Discover)
ArcGIS Online Application(Portal, Map Services, Account Management)
Data(Portal, Index, Hosted)
OS & Middleware
Esri & Cloud Provider Managed
Middleware
Operating System
Security Responsibility
2013 AWS Worldwide Public Sector Summit
Deployment Options
Intranet Intranet Intranet
Intranet Intranet
Portal Server Server Server
Server Server Server
Online
Online Server Server Server
Portal Server Server Server
Online
Read-only
Basemaps
Cloud On-premises
2013 AWS Worldwide Public Sector Summit
Server
Web/Mobile
View
Desktop
View
ArcGIS
Online Web Map
Desktop Geodatabase
Hybrid Deployment
2013 AWS Worldwide Public Sector Summit
Product Cloud
Provider
Planned
Federal
A&A
Q1 -
2013
Q2 -
2013
Q3 -
2013
Q4 -
2013 2014
ArcGIS
Online
Amazon
Web
Services
FISMA
Low
ATO
FISMA
USDA
Amazon
Web
Services
&
MS Azure
FedRAMP
Mod
FedRAMP
SaaS
Reviews
Started
ArcGIS
Server
CSP or
AWS
GovCloud
FISMA
Mod
ATO
FISMA
Esri
Managed
AWS,CSP
FedRAMP
Mod
Establish
AGS Fed
Image
Incorporate
Lessons Learned
Implement
Implement
Implement Alignment
Alignment
Facilitate
ATO
Federal A&A Roadmap
ATO
2013 AWS Worldwide Public Sector Summit
ArcGIS Online Security Certification Efforts
• In Place
– Esri Data Center Operations - SSAE 16 Type 1
– Expanded to Managed Services in 2012
– Safe Harbor Self-Certification
• Currently Pursuing
– FISMA Low Accreditation • Includes 3rd party assessment
• Expected completion over next several months
• Future
– FedRAMP Moderate • Incorporates more advanced security controls