Upload
tim-harvey
View
762
Download
0
Embed Size (px)
DESCRIPTION
Program sides from the Federal Cloud Computing Summit on Dec. 17, 2013 at the Ronald Reagan Building in Washington, D.C.
Citation preview
Welcome to the Federal Cloud Computing
Summit
@fedsummits #cloudfeds
The Federal Cloud Computing Summit Mobile App is now
available for download
Host Organization
Advanced Mobility AcademicResearch Center
AMARC is a non-profit organization that focuses on the three areas: Academic, Government & Corporate. The
Academic Research sector is the bridge between Government and Corporate participation.
@amarcedu www.amarcedu.org
Agenda
8 to 9 a.m. – Opening of Cloud Technology Showcase
9 to 9:10 a.m. – Welcome, Keith Trippie, DHS
9:10 to 9:50 a.m. – Visionary Keynote, Bill Schlough, San Francisco Giants
@fedsummits #cloudfeds
Agenda
9:50 to 10:40 a.m. – Panel 1, Innovation Today
Moderator: Keith Trippie, DHS
Panelists: Peter Chin, DHS; Joe Klimavicz, NOAA; Mark Schwartz, DHS
@fedsummits #cloudfeds
Agenda
10:40 to 11:30 a.m. – Panel 2, Cloud Acquisition Solutions
Moderator: Jason Miller, Federal News Radio
Panelists: Mark Day, GSA; Keith Trippie, DHS; Oliver Voss, NNSA
@fedsummits #cloudfeds
Agenda
11:30 a.m. to 12 p.m. – Cloud Technology Showcase
12 to 1 p.m. – Cloud Innovation Awards
Presenters: Greg Mundell, InfoZen & Tom Suder, AMARC
The Cloud Innovation Awards recognize individuals that use cloud solutions to better accomplish the mission of their agency
@fedsummits #cloudfeds
Cloud Innovation Award Winners
Matt Goodrich – General Services Administration
Jennifer Gray – U.S. Department of Health & Human Services
Roopangi Kadakia – NASA
Julie Mintz – Defense Information Systems Agency
@fedsummits #cloudfeds
Past Cloud Innovation Award Winners
Casey Coleman – General Services Administration
Anil Karmel – National Nuclear Security Administration
Shawn Kingsberry – Recovery Accountability and Transparency Board
Dr. David McClure – General Services Administration
Keith Trippie – U.S. Department of Homeland Security
@fedsummits #cloudfeds
Agenda
1 to 2 p.m. – Cloud Technology Showcase
2 to 2:45 p.m. – Panel 3, Security HarmonizationModerator: Christopher Dorobek, DorobekINSIDERPanelists: Jeff Eisensmith, DHS; Doug Gardner, DISA; Maria Roat, GSA; John Streufert, DHS
@fedsummits #cloudfeds
United in Service to Our Nation
UNCLASSIFIED
UNCLASSIFIED12 DEC 2013 -- 1300
Cloud Security Model Details
11
Agenda2:45 to 3:30 p.m. – Panel 4, Recap of MITRE Cloud Collaboration Sessions
Moderator: Justin Brunelle, MITRE
Challenge Area 1: Interoperability & PortabilityChallenge Area 2: End-to-End Service DeliveryChallenge Area 3: Federal-Wide Standards for SLAsChallenge Area 4: Cyber Security
@fedsummits #cloudfeds
Leveraging Academia to Solve Cloud Challenges
Justin F. BrunelleThe MITRE [email protected]
Thank you!
Justin F. [email protected]
Cloud Working Group: Tactical Cloud
• Government collaboration – Data replication– Ad hoc/distributed cloud analytics– Identity Access Management– Federated Query
Interoperability & Portability
• Cloud enables interoperability
• Mobile is key• Universal service catalog
• Need improved models
End-to-end Service Delivery
• Need a la carte pricing
• Not all services suitable for cloud
• Need improved models
• Assured elasticity with fixed max cost
Federal Standards and SLAs
• SLAs for multiple providers• Improved governance• Agile methods for cloud provisioning• Federal collaboration needed
Cyber Security
• Need Security as a Service• A la Carte security procurement• Security as contractual obligation• Automatic detection
Academic Collaboration
• Interop: mobile as enabler• End-to-end: need real-time to disconnected users
• SLAs: improved modeling• Security: need automatic detection
• Need:– Industry days– Attention to government trends– Industry to Academia Signal for need
Academics to shape cloud landscape
Call for mentors!
• Leverage Academia• Use a talent agent
– AMARC–MITRE
Dan Mintz
• Executive Director of AMARC• Former CIO• Fed 100 Award Winner• Adjunct Professor, IT Education:
– Syracuse University– University of Maryland University College
Agenda
3:30 to 4:15 p.m. – Panel 5, The Future of Cloud
Moderator: Dan Mintz, Advanced Mobility Academic Research Center (AMARC)
Panelists: Irena Bojanova, University of Maryland Univ. College; Chris Kemp, Former CTO, NASA & CSO, Nebula; Adam Porter, University of Md.; Dr. David Rogers, University of Central Florida
4:15 to 4:30 p.m. – Afternoon Visionary Keynote, Keith Trippie, DHS
@fesummits #cloudfeds
Welcome to the Federal Cloud Computing
Summit
@fedsummits #cloudfeds
Mobile Cloud
is Changing Training & Education
Adam PorterUMD
Mobile Cloud
Computing
Trends in Education
MOOC
assivepennlineourses
Highly scalable, cloud-based, interactive learning systems
Video lectures / tutorialsIn-video questionsOnline quizzesHands-on assignments
https://www.coursera.org/course/android
70K+ students from all over the world
Part of a multi-course sequence taught with Vanderbilt University
15M+ students
Wrote 500B LOC
Learning never sleeps
Everyone will be a teacher and a student
What you know and can show, more important than where you learned it
Content is still king, but lessons are becoming commoditized
Hands-on experiences are the real added value
It’s a buyer’s market
Mobile Cloud
+Education
Bring Your Own Device (to class)Providers will exploit mobility & context awareness
Just in time learning, outside the classroomLeverage sensors to interact with real world
Everyone’s a learnerMore cloud-supported learning applications
Leverage complex computations, interact with simulators, data analytics, etc.
MARS Superintendent by PAR Works
For more information, [email protected]
u
Future of Cloud Computing
Irena Bojanova, Ph.D.UMUC, NIST
Essential Characteristics
Service models (SPI)
Web Sites
Applications
Developer Platforms
Compute and Store
SaaS
PaaS
IaaS
• Software as a Service (SaaS)• Platform as a Service (PaaS)• Infrastructure as a Service (IaaS)
• On-demand Self-Service• Broad Network Access• Resource Pooling• Rapid Elasticity• Measured Service
• Private • Community• Public• Hybrid
Natural evolution of the Web:
• Pay/charge-per-use access to applications, software development & deployment environments, and computing infrastructure.
• Optimized, efficient computing through enhanced collaboration, agility, scalability, and availability.
No Longer On The Horizon
Next logical step for IT industry Strategic weapon in enterprise computing Norm in every sector of society.
Governments, organizations, and individuals adopt cloud computing to manage information instead of infrastructure.
Deployment models
Now Focus On• Initial Risks Evaluation – using CSA’s framework
– Importance of data and applications/functions/processes to be moved to Cloud– Risk tolerance of organization– Acceptable deployment and service models combinations– Potential exposure points for sensitive information and operations.
• Multi-Tenancy – the True Cloud solution– Data and applications of different consumers share platforms, storage, and networks– Tightly related to resource pooling Economies of scale, passed to costumers– Use of newest technology and the latest software versions Logical separation is a suitable substitute for physical separation. Main risks come from not knowing the architecture One of top 6 questions to ask: Is it hosted or a true Cloud solution?
• Cloud-Based Integration – iPaaS – Silos –- applications and data cannot interact with on-premise systems.– iPaaS –- development, execution and governance of integration flows
• Connecting on-premise and cloud-based processes, services, applications, and data • Within individual or across multiple organizations.
Now Focus On (Cont.)• Cloud Portability, Interoperability, and Federation
– Applications and data are easily moved between platforms and providers– Scaling one service across disparate providers , while appearing and operating as one system– Interoperability is closely related to rapid elasticity and multi-tenancy – Connecting clouds through network gateways hybrid Cloud environment– Interconnecting services of providers from disparate networks Providers wholesale or rent resources to balance workloads and handle spikes in demand Standard, pre-negotiated set of contracts.; Federation agreements.
Benefits for Consumers Choose best provider by flexibility, cost, and availability of services Use most appropriate infrastructure environment Distribute workloads around globe ;move data between disparate networks.
Benefits for Providers Earn revenue from idle or underutilized resources Expand geographic footprints without building new points of presence.
Considerable effort: IEEE CS P2302 – Standard for Intercloud Interoperability and Federation.
New TrendsNexus of Forces –evolving through convergence and mutual reinforcement of: Social Mobile
• New digital economy is being built upon this Nexus in combination with the Internet of Things, unlocking an incredible opportunity to connect everything together.
Cloud Big Data • Social media and mobile apps provide platform for
effective social and business interactions. • Cloud offers convenient and cost effective computational and information delivery infrastructure.
The gap between ideas and actions is being rapidly reduced through:Near-global connectivity Pervasive mobilityIndustrial-strength compute servicesAccess to vast amounts of information
Without Cloud• Social interactions – no place to happen at scale• Mobile – no connection to data and functions• Information – stuck inside internal systems.
New Trends (Cont.)• Personal Clouds (PC’s)
– PC idea reborn -- control on data, apps, terms of service– Personal devices Personal services; self-hosted, provider-hosted, or hybrid– Interoperable and addressable through XDI– p2p marketplace – Find and engage with anyone with PC’ – trust, reputation.
• Hybrid Clouds Evolution– From integration of internal private clouds & public services
Towards bringing together personal clouds & external private services– Will have to be design with interoperability and federation in mind.
• Private Clouds Evolution– Will have to be designed with hybrid future in mind to be able to handle future
aggregation, integration, interoperability, and customization of services– Organizations implementing such clouds will have to:
• Handle overdrafting and cloudbursting • Take role of cloud service brokers.
New Trends (Cont.)From
• Cloud ~ provides ubiquitous, on-demand, elastic, self-configurable, cost effective computing.
and• Mobile ~ convenient gadgets, with regional wireless communication and limited data services and computing and power resources.
To• Cloud-Based Mobile Augmentation (CMA) ~ employs Cloud to increase, enhance, and optimize computing capabilities of mobile devices.
and• Cloud Mobility ~ low-end mobile devices access cloud computing resources and globally connected mobile enabled resources.
Drivables
Flyables
Scannables
Wearables
Evaluating Initial Cloud RisksSteps in Evaluating Risk Details1. Identify asset for cloud deployment
• Determine exactly what data or applications/ function/ process is being considered for the Cloud.
Potential uses of asset to account for:• Scope creep — data and transaction volumes often become higher than expected.
2. Evaluate asset• Determine how sensitive that data is and how important that application/ function/ process is to organization. Assess confidentiality, integrity, and availability; and how risk changes if all/ part of that asset is in the Cloud — similar to project outsourcing assessment, just with wider range of deployment options.
Ask what would be the harm if:• Asset became widely public and widely distributed• Asset were accessed by employee of Cloud provider• Process/function were manipulated by outsider• Process/function failed to provide expected results• Data were unexpectedly changed• Asset were unavailable for a period of time
3. Map asset to cloud deployment models• Determine if any risks implicit to different deployment models (private, public, community, hybrid) and hosting scenarios (internal, external, combined) are acceptable.
• At this point there should be a good idea of the comfort level for transitioning to the Cloud, and which deployment models and locations fit desired security and risk requirements.
Which model is acceptable for identified asset:• Public; Private, internal/ on premises• Private, external — look at dedicated or shared infrastructure• Community — look at hosting location, service provider, community members
• Hybrid — look at least at rough architecture of where components, functions, and data will reside
4. Evaluate cloud service models and providers• Focus on degree of control organization will have at each SPI tier to implement any required risk management (risk mitigation).
• For a specific offering, switch to a fuller risk assessment.
Consider:• SaaS• PaaS• IaaS
Consider:• Providers' offerings
5. Map out data flow• For specific provider offering, map out data flow between organization, cloud service, any customers/ other nodes. Understand whether and how data can move in and out of the Cloud.
• For any offering, sketch out rough data flow for any deployment option on your acceptable list, to help you identify risk exposure points when making final decisions.
Consider:• Private• Public• Community• Hybrid
Consider:• Providers' offerings
Multi-TenancyExamples of Shared Resources by Service Model
Service Model Shared Resources Shared By
SaaS Same application or database Different consumers
Paas Same operating system, and supporting data and networking services Different processes
Iaas Same hardware via a hypervisor Different VMs
General Methods for Achieving Multi-TenancyMulti-Tenancy Via Description CostDatabase Database and configuration, with isolation provided
at the application layer.Least costly.
Virtualization VM technology, providing hardware emulation layer over the real hardware. Multiple copies of server OSs are run within one physical machine, while sharing physical hardware (network cards and disk storage) between virtual OS instances.
Might reduce services costs and expenses, but is more costly compared to multi-tenancy via databases.
Physical separation Resources are provided to tenants individually — each tenant uses only dedicated hardware.
Most costly.
Security Risks
Service Model Integrated Features Extensibility Security
SaaS
• Most integrated functionality built directly into the offering
• Least consumer extensibility
• Relatively high level of integrated security - provider responsible
• Negotiated into contracts for service (service levels, privacy, compliance)
PaaS
• Customer ready futures
• More extensible than SaaS
• Less complete built-in capabilities• Securing the platform -- provider responsible• More flexibility to layer on additional security• Applications developed on platform and developing them securely -- consumer responsibility
IaaS
• Few if any application-like futures
• Enormous extensibility
• Protecting underlying infrastructure and abstraction layers -- provider responsible
• Less integrated security capabilities and functionality beyond that
• Reminder of stack -- OSs, applications, content -- managed/ secured by consumer
• PaaS builds upon IaaS, SaaS in turn builds upon PaaS security issues and risks are inherited just as capabilities are.
• Lower down the stack, provider stops bearing responsibility, and consumer becomes responsible for more security capabilities and management.
Multi-Tenancy Risks (1)Deployment Model Multi-tenancy Risks and Mitigation
General
Implications: Workloads of different consumers may reside:• Concurrently on same computer system and local network,• Separated only by access policies implemented by provider's software.
Consumers security could be compromised by flaw in:• Implementation or• Provider’s management and operational policies and procedures.
Multi-tenancy risks:• Reliability – failure may occur• Security – attack may be perpetrated by consumer
Private
On-site
Implications:• General risks apply, as there could be authorized but malicious insiders• Different organizational functions (payroll, sensitive PII storage, IP generation) can become accessible to not authorized users and classes of data disclosed.
Risks mitigation:• Logical segregation techniques at network layer, such as VPN Routing and Forwarding (VRF)
• Clients are restricted to organization members or authorized guests/ partners.
Outsourced
Implications: • On-site private cloud risks apply.
Risks mitigation:• FISMA and OMB policy require external cloud providers to handle federal information or operating information systems on behalf of the federal government meet same security requirements as federal agencies.
Multi-Tenancy Risks (2)Deployment Model Multi-tenancy Risks and Mitigation
Community
On-site
Implications: • On-site private cloud risks apply, but more organizations are encompassed.Risks mitigation:• Restricted number of possible attackers, but more than with private on-side cloud.
OutsourcedImplications:
• On-site community cloud risks apply.Risks mitigation:
• Restricted number of possible attackers, but more than with private cloud.
Public
Implications:• Workloads of any combination of consumers may be sharing a single machine
• Workload may be co-resident with workloads of competitors or adversaries.
Risks:• Large collection of potential attackers, as public clouds aim scaling in consumers and resources to achieve low costs and elasticity.
Risks mitigation:• Limited kinds of data for computations in the cloud• Data encryption (but then data needs to be unencrypted to be processed)• Physical separation – rent entire computer systems rather than VMs (mono-tenancy), VPNs, segmented networks, or advanced access controls.
Interoperability (1)Interoperability, Portability, and Cloud Service Models
Service Model Interoperability and Portability
IaaS • Interoperability and portability of customer workloads are more achievable in IaaS service
• IaaS building blocks are relatively well-defined, e.g., network protocols, CPU instruction sets, and legacy device interfaces
PaaS• Application written to use specific services from a vendor's PaaS will require changes to use similar services from another vendor's PaaS
• Efforts on development of open and proprietary standard API's to enable cloud management, security, and interoperability: Open Cloud Computing Interface Working Group (OCCI), Amazon EC@API, ...
• Common container formats: DMTF'S Open Virtualization Format (OVF).• Application written to those standards is far more likely to be interoperable and portable.
SaaS • Portability of workloads requires a level of compatibility and interoperability between SaaS applications.
Interoperability (2)
Portability of Enables Re-Use of
Data • Data components across different applications
Application • Application components across cloud PaaS services and traditional computing platforms
Platform
• Platform components across cloud IaaS services and non-cloud infrastructure (platform source portability)
• Bundles containing applications and data with their supporting platforms (machine image portability)
Interoperability of Between Need of
Application
Application components deployed as:• SaaS• Applications using PaaS• Applications on platforms using IaaS
Dynamic discovery and composition:• Discover instances of application components• Combine them with others at run time.Note: Application component may be a complete monolithic application or part of a distributed application.
PlatformPlatform components deployed as:• PaaS• Platforms on IaaS
Standard protocols for service discovery and information exchange — indirectly these enable interoperability of applications on these platforms.
Management• Cloud services (SaaS, PaaS, Iaas) and programs for implementation of on-demand self-service.
Standard interfaces for cloud services — to create generic system management products for both cloud services and in-house systems.
Publication and Acquisition
• Platforms, cloud PaaS services and marketplaces (including app stores).
Standard interfaces to these stores — to lower cost of for software provideers and users.
Upcoming Events
Federal Mobile Computing SummitJanuary 22, 2014, Washington, D.C.
www.mobilefeds.com
Federal Cloud Computing SummitJune 2014, Washington, D.C.
www.cloudfedsummit.com