Changes

Jump to navigation Jump to search
no edit summary
Line 29: Line 29:  
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;"> Configuration & Toolkits</font></span>
 
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;"> Configuration & Toolkits</font></span>
 
== GC Cloud Security Risk Management Approach for Adopting Cloud ==
 
== GC Cloud Security Risk Management Approach for Adopting Cloud ==
Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and the develop the appropriate mitigating factors. This will required a structured approach to managing risks associated with the protection of government data and infrastructure in public cloud. [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative#GC_Cloud_Security_Risk_Management_Approach_for_Adopting_Cloud GC Cloud Security Risk Management Approach for adopting Cloud] is one of the initiative developed by TBS to provide the necessary direction to GC departments.  
+
Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and develop the appropriate mitigating factors. This will required a structured approach to managing risks associated with the protection of government data and infrastructure in a public cloud. [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative#GC_Cloud_Security_Risk_Management_Approach_for_Adopting_Cloud GC Cloud Security Risk Management Approach for adopting Cloud] is one of the initiatives developed by TBS to provide the necessary direction to GC departments.  
    
== GC Cloud Operationalization Framework ==
 
== GC Cloud Operationalization Framework ==
With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework which was approved by GC Enterprise Architecture Review Board (EARB).  
+
With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework approved by the GC Enterprise Architecture Review Board (EARB).  
    
== GC Event Logging Guidance ==
 
== GC Event Logging Guidance ==
Line 39: Line 39:     
== GC Accelerator ==
 
== GC Accelerator ==
Conscious of the fact that wide adoption in GC will require enabling GC department to effectively and rapidly deploy application, computing etc. in public could environment. TBS in collaboration with SSC and other departments had developed GC accelerator for Microsoft Azure and AWS cloud.
+
Conscious of the fact that wide adoption in GC will require enabling GC departments to effectively and rapidly deploy applications, computing etc. in public cloud environment. TBS in collaboration with SSC and other departments has developed a GC accelerator for Microsoft Azure and AWS cloud.
    
== GC Accelerators - Azure ==
 
== GC Accelerators - Azure ==
Line 50: Line 50:  
The establishment of secure cloud connections to cloud services and trusted interconnection points will:  
 
The establishment of secure cloud connections to cloud services and trusted interconnection points will:  
   −
• Improve resiliency of the GC infrastructure with dedicated and private connections to cloud;  
+
• Improve resiliency of the GC infrastructure with dedicated and private connections to the cloud;  
   −
thereby ensuring continued access to GC information systems and solutions hosted in the cloud;  
+
Thereby ensuring continued access to GC information systems and solutions hosted in the cloud;  
    
• Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and  
 
• Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and  
Line 67: Line 67:     
== GC Guardrails ==
 
== GC Guardrails ==
The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of an enrollment under the GC Cloud Services Framework Agreement.  
+
The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of enrollment under the GC Cloud Services Framework Agreement.  
    
:o [https://www.gcpedia.gc.ca/gcwiki/images/8/84/GC_Cloud_Guardrails.pdf GC Cloud Guardrails - DRAFT for Consultation]  
 
:o [https://www.gcpedia.gc.ca/gcwiki/images/8/84/GC_Cloud_Guardrails.pdf GC Cloud Guardrails - DRAFT for Consultation]  

Navigation menu

GCwiki