Line 8: |
Line 8: |
| '''A:''' Cloud is a network of servers hosted over the Internet that is used to store, manage, and process data and applications in place of local servers or personal computers. Companies offering these services are called cloud service providers and typically charge for services based on the consumption. Cloud computing has been around since the late 1990s and continues to be a proven option for hosting data and applications. Cloud services often offer greater flexibility, mobility and efficiency. | | '''A:''' Cloud is a network of servers hosted over the Internet that is used to store, manage, and process data and applications in place of local servers or personal computers. Companies offering these services are called cloud service providers and typically charge for services based on the consumption. Cloud computing has been around since the late 1990s and continues to be a proven option for hosting data and applications. Cloud services often offer greater flexibility, mobility and efficiency. |
| | | |
− | '''Q:''' [[#A2|What is the Cloud-First Strategy?]] | + | '''Q:''' What is the Cloud-First Strategy? |
| | | |
| '''A:''' The Treasury Board Secretariat Cloud Adoption Strategy recommends “'''cloud-first”''' as the preferred option for delivering IT services. This means that Government of Canada departments will prioritize the use of cloud to store, manage, and process data and applications whenever possible. | | '''A:''' The Treasury Board Secretariat Cloud Adoption Strategy recommends “'''cloud-first”''' as the preferred option for delivering IT services. This means that Government of Canada departments will prioritize the use of cloud to store, manage, and process data and applications whenever possible. |
| | | |
− | '''Q:''' [[#A3|What are the different Cloud option models?]] | + | '''Q:''' What are the different Cloud option models? |
| | | |
| '''A:''' Treasury Board Secretariat offers Government of Canada Right Cloud Selection Guidance to help departments decide which cloud model is right for them. | | '''A:''' Treasury Board Secretariat offers Government of Canada Right Cloud Selection Guidance to help departments decide which cloud model is right for them. |
Line 25: |
Line 25: |
| ''[source: Government of Canada Cloud Adoption Strategy]'' | | ''[source: Government of Canada Cloud Adoption Strategy]'' |
| | | |
− | '''Q:''' [[#B1|How many contracts are in place for providing unclassified cloud?]] | + | '''Q:''' How many contracts are in place for providing unclassified cloud? |
| | | |
| '''A:''' The Government of Canada currently has twenty-six contracts in place for commercially available '''unclassified''' cloud services. They are available through the Cloud Brokering Portal for on-demand consumption and based on actual usage. | | '''A:''' The Government of Canada currently has twenty-six contracts in place for commercially available '''unclassified''' cloud services. They are available through the Cloud Brokering Portal for on-demand consumption and based on actual usage. |
| | | |
− | '''Q:''' [[#A4|What are the different Cloud service models Cloud Service Providers (CSP) offer?]] | + | '''Q:''' What are the different Cloud service models Cloud Service Providers (CSP) offer? |
| | | |
| '''A:''' | | '''A:''' |
Line 40: |
Line 40: |
| '''A:''' Shared Services Canada is working with Government of Canada departments to migrate their data and applications from aging data centres to modern infrastructures like Cloud and enterprise data centres. With its increased performance, agility and elasticity, Cloud is the technology of choice to attain this goal. | | '''A:''' Shared Services Canada is working with Government of Canada departments to migrate their data and applications from aging data centres to modern infrastructures like Cloud and enterprise data centres. With its increased performance, agility and elasticity, Cloud is the technology of choice to attain this goal. |
| | | |
− | '''Q:''' [[#C1|Which Government of Canada (GC) departments have the mandate and authority to independently procure Cloud services?]] | + | '''Q:''' Which Government of Canada (GC) departments have the mandate and authority to independently procure Cloud services? |
| | | |
| '''A:''' Only SSC and Public Services and Procurement Canada (PSPC) have the delegated authority to procure cloud services. | | '''A:''' Only SSC and Public Services and Procurement Canada (PSPC) have the delegated authority to procure cloud services. |
| | | |
| === Roles and responsibilities === | | === Roles and responsibilities === |
− | '''Q:''' [[#C2|From an Enterprise perspective who is responsible for what?]] | + | '''Q:''' From an Enterprise perspective who is responsible for what? |
| | | |
| '''A:''' TBS: The Treasury Board Secretariat is responsible for enterprise strategies, policies, standards, governance and the coordination of supply and demand. | | '''A:''' TBS: The Treasury Board Secretariat is responsible for enterprise strategies, policies, standards, governance and the coordination of supply and demand. |
| * '''SSC:''' Shared Services Canada is responsible for cloud service supply, readiness, enablement and standardization. | | * '''SSC:''' Shared Services Canada is responsible for cloud service supply, readiness, enablement and standardization. |
| * '''Departments:''' Each department is responsible for choosing and adopting cloud services. They will lead change activities and analyze application portfolios for opportunities to take advantage of cloud services. | | * '''Departments:''' Each department is responsible for choosing and adopting cloud services. They will lead change activities and analyze application portfolios for opportunities to take advantage of cloud services. |
− | '''Q:''' [[#A8|Who determines the prioritization of migration (departments) to the Cloud and how is it being managed?]] | + | '''Q:''' Who determines the prioritization of migration (departments) to the Cloud and how is it being managed? |
| | | |
| '''A:''' The Treasury Board Secretariat works with departmental Chief Information Officers’ in setting migration priorities, based on a number of criteria. | | '''A:''' The Treasury Board Secretariat works with departmental Chief Information Officers’ in setting migration priorities, based on a number of criteria. |
| | | |
| === Cloud client information === | | === Cloud client information === |
− | '''Q:''' [[#A9|What are Shared Services Canada’s Cloud Brokering Services?]] | + | '''Q:''' What are Shared Services Canada’s Cloud Brokering Services? |
| | | |
| '''A:''' Government of Canada (GC) departments can review, purchase and provision public cloud services through Shared Services Canada’s (SSC) Cloud Brokering Service (CBS). As the Cloud broker, SSC is the liaison between qualified external Cloud service providers and GC departments, ensuring they receive the best possible Cloud solution to meet their needs. Following a rigorous procurement process, the GC qualified twenty-six suppliers of commercial '''unclassified''' public cloud services. These services are available to GC departments through the Cloud Brokering Portal. | | '''A:''' Government of Canada (GC) departments can review, purchase and provision public cloud services through Shared Services Canada’s (SSC) Cloud Brokering Service (CBS). As the Cloud broker, SSC is the liaison between qualified external Cloud service providers and GC departments, ensuring they receive the best possible Cloud solution to meet their needs. Following a rigorous procurement process, the GC qualified twenty-six suppliers of commercial '''unclassified''' public cloud services. These services are available to GC departments through the Cloud Brokering Portal. |
| | | |
− | '''Q:''' [[#A10|What is the Cloud Broker Fee?]] | + | '''Q:''' What is the Cloud Broker Fee? |
| | | |
| '''A:''' Cloud services are provided based on commercial pricing as advertised by each of the qualified suppliers. Commercial pricing for unclassified public Cloud services is available through the Cloud Brokering Service. Billing is issued directly to GC departments by the supplier on the services consumed. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of the Cloud Brokering Service. | | '''A:''' Cloud services are provided based on commercial pricing as advertised by each of the qualified suppliers. Commercial pricing for unclassified public Cloud services is available through the Cloud Brokering Service. Billing is issued directly to GC departments by the supplier on the services consumed. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of the Cloud Brokering Service. |
| | | |
− | '''Q:''' [[#A12|What steps must Government of Canada departments take to adopt cloud?]] | + | '''Q:''' What steps must Government of Canada departments take to adopt cloud? |
| | | |
| '''A:''' Before adopting cloud, departments must develop a cloud strategy document and put a number of plans in place. These plans would touch on the following key steps towards cloud readiness: | | '''A:''' Before adopting cloud, departments must develop a cloud strategy document and put a number of plans in place. These plans would touch on the following key steps towards cloud readiness: |
Line 78: |
Line 78: |
| * Governance | | * Governance |
| | | |
− | '''Q:''' [[#A13|How do Government of Canada departments know what should be destined for the Enterprise Data Centre vs. the various Cloud options?]] | + | '''Q:''' How do Government of Canada departments know what should be destined for the Enterprise Data Centre vs. the various Cloud options? |
| | | |
| '''A:''' The Treasury Board Secretariat (TBS) and Shared Services Canada (SSC) work together to offer guidance and advice to Government of Canada (GC) departments on what data and applications should go where. TBS’ Cloud Adoption Strategy recommends “'''cloud-first”''' as the preferred option for delivering IT services: “Public cloud services will be the priority choice for departments when choosing a cloud deployment model,” and “[d]epartments will use private clouds where needs cannot be met by public clouds (e.g., secret information).” This means that all cloud requests must be submitted to SSC through the Cloud intake process after the department has determined which cloud deployment model best meets their business requirements. | | '''A:''' The Treasury Board Secretariat (TBS) and Shared Services Canada (SSC) work together to offer guidance and advice to Government of Canada (GC) departments on what data and applications should go where. TBS’ Cloud Adoption Strategy recommends “'''cloud-first”''' as the preferred option for delivering IT services: “Public cloud services will be the priority choice for departments when choosing a cloud deployment model,” and “[d]epartments will use private clouds where needs cannot be met by public clouds (e.g., secret information).” This means that all cloud requests must be submitted to SSC through the Cloud intake process after the department has determined which cloud deployment model best meets their business requirements. |
| | | |
− | '''Q:''' [[#A14|How much technical involvement will Shared Services Canada have once Cloud services have been purchased?]] | + | '''Q:''' How much technical involvement will Shared Services Canada have once Cloud services have been purchased? |
| | | |
| '''A:''' The Cloud Adoption Strategy and supporting security guidance place the responsibility of cloud operations with the Government of Canada departments. SSC’s involvement will remain on networking, security and any other optional services that departments may want SSC to deliver. SSC is working with departments to identify these. In addition, SSC is responsible to provide secure network connectivity to address their responsibility for cloud service readiness. | | '''A:''' The Cloud Adoption Strategy and supporting security guidance place the responsibility of cloud operations with the Government of Canada departments. SSC’s involvement will remain on networking, security and any other optional services that departments may want SSC to deliver. SSC is working with departments to identify these. In addition, SSC is responsible to provide secure network connectivity to address their responsibility for cloud service readiness. |
| | | |
| === Security === | | === Security === |
− | '''Q:''' [[#A15|Is my data safe? Can data and applications be securely stored in the Cloud?]] | + | '''Q:''' Is my data safe? Can data and applications be securely stored in the Cloud? |
| | | |
| '''A:''' Yes. Canadians can rest assured that their data is safe. The Government of Canada has policies in place that enforce where data resides (residency), how it is controlled (sovereignty), and has an extensive set of guidelines that detail departments’ accountability for managing services securely. Cloud service provider infrastructures are thoroughly assessed from the onset as part of the procurement process. | | '''A:''' Yes. Canadians can rest assured that their data is safe. The Government of Canada has policies in place that enforce where data resides (residency), how it is controlled (sovereignty), and has an extensive set of guidelines that detail departments’ accountability for managing services securely. Cloud service provider infrastructures are thoroughly assessed from the onset as part of the procurement process. |
| | | |
− | '''Q:''' [[#A16|How is the security and confidentiality of data protected?]] | + | '''Q:''' How is the security and confidentiality of data protected? |
| | | |
| '''A:''' Shared Services Canada works continuously with security partners to ensure that Government of Canada (GC) security requirements are implemented to reduce threats to the confidentiality, integrity and availability of infrastructure that supports processes. Compliance to GC security requirements is also continuously monitored to ensure they remain in place. Departments are responsible for the security and confidentiality of the data. | | '''A:''' Shared Services Canada works continuously with security partners to ensure that Government of Canada (GC) security requirements are implemented to reduce threats to the confidentiality, integrity and availability of infrastructure that supports processes. Compliance to GC security requirements is also continuously monitored to ensure they remain in place. Departments are responsible for the security and confidentiality of the data. |
| | | |
− | '''Q:''' [[#A17|What is Secure Cloud Enablement and Defense (SCED)?]] | + | '''Q:''' What is Secure Cloud Enablement and Defense (SCED)? |
| | | |
| '''A:''' Secure Cloud Enablement and Defense (SCED) is an architected security perimeter that will focus on the network connectivity between the cloud environment and the public internet. The main purpose of SCED will be to secure Government of Canada (GC) data deployed by GC departments to public cloud environments. | | '''A:''' Secure Cloud Enablement and Defense (SCED) is an architected security perimeter that will focus on the network connectivity between the cloud environment and the public internet. The main purpose of SCED will be to secure Government of Canada (GC) data deployed by GC departments to public cloud environments. |
Line 101: |
Line 101: |
| '''Please note:''' The communications between the GC cloud environments and the GC data and applications hosted in Enterprise Data Centres will be trusted. The SCED perimeter will not be required for securing these communications. | | '''Please note:''' The communications between the GC cloud environments and the GC data and applications hosted in Enterprise Data Centres will be trusted. The SCED perimeter will not be required for securing these communications. |
| | | |
− | '''Q:''' [[#A18|What are the timelines for SCED?]] | + | '''Q:''' What are the timelines for SCED? |
| | | |
| '''A:''' We will be piloting SCED within the next year. | | '''A:''' We will be piloting SCED within the next year. |
| | | |
− | '''Q:''' [[#A19|Who is responsible for IT/IM security?]] | + | '''Q:''' Who is responsible for IT/IM security? |
| | | |
| '''A:''' Cloud service providers are responsible for the security of the Cloud; the departments are responsible for Security in the Cloud; and Shared Services Canada provides security "to and from" public Cloud. Cloud security is a shared responsibility between the cloud service provider and the Government of Canada (GC) department. Security controls must be implemented appropriately to allow for the proper hosting of GC data and applications. The Government of Canada Cloud Security Risk Management Approach and Procedures provide advice and more information. | | '''A:''' Cloud service providers are responsible for the security of the Cloud; the departments are responsible for Security in the Cloud; and Shared Services Canada provides security "to and from" public Cloud. Cloud security is a shared responsibility between the cloud service provider and the Government of Canada (GC) department. Security controls must be implemented appropriately to allow for the proper hosting of GC data and applications. The Government of Canada Cloud Security Risk Management Approach and Procedures provide advice and more information. |
| | | |
− | '''Q:''' [[#A20|What security certifications do the cloud services hold?]] | + | '''Q:''' What security certifications do the cloud services hold? |
| | | |
| '''A:''' All services hold ISO27001 and SOC2 security certifications. | | '''A:''' All services hold ISO27001 and SOC2 security certifications. |
| | | |
| === Protected B === | | === Protected B === |
− | '''Q:''' [[#A22|How many vendors have qualified Protected B?]] | + | '''Q:''' How many vendors have qualified Protected B? |
| | | |
| '''A:''' No news is available on this subject until the contract process is complete. | | '''A:''' No news is available on this subject until the contract process is complete. |
| | | |
− | '''Q:''' [[#A23|What is the difference between Protected B and SCED?]] | + | '''Q:''' What is the difference between Protected B and SCED? |
| | | |
| '''A:''' The Secure Cloud Enablement and Defense (SCED) Project is designing a firewall to secure GC content. Its main focus is on protecting the network connectivity between the cloud environment and the public internet. Protected B Cloud is an approved cloud solution for Protected B data. SCED may be a component, but is not limited to, of any one specific Protected B cloud offering. | | '''A:''' The Secure Cloud Enablement and Defense (SCED) Project is designing a firewall to secure GC content. Its main focus is on protecting the network connectivity between the cloud environment and the public internet. Protected B Cloud is an approved cloud solution for Protected B data. SCED may be a component, but is not limited to, of any one specific Protected B cloud offering. |
| | | |
− | '''Q:''' [[#A24|Are there different types of Protected B (public vs. private)?]] | + | '''Q:''' Are there different types of Protected B (public vs. private)? |
| | | |
| '''A:''' Yes. The public Protected B cloud is housed on a public cloud provider’s infrastructure, while a private Protected B cloud would be a reserved and segregated working cloud environment for a single organization. | | '''A:''' Yes. The public Protected B cloud is housed on a public cloud provider’s infrastructure, while a private Protected B cloud would be a reserved and segregated working cloud environment for a single organization. |
| | | |
− | '''Q:''' [[#A25|What steps do Government of Canada departments need to follow to access Protected B cloud services?]] | + | '''Q:''' What steps do Government of Canada departments need to follow to access Protected B cloud services? |
| | | |
| '''A:''' When the Protected B supply is in place, it will be available through the Cloud Brokering Portal. | | '''A:''' When the Protected B supply is in place, it will be available through the Cloud Brokering Portal. |
| | | |
− | '''Q:''' [[#A26|Does the Cloud Brokering Service function the same way for Protected B?]] | + | '''Q:''' Does the Cloud Brokering Service function the same way for Protected B? |
| | | |
| '''A:''' Yes. | | '''A:''' Yes. |
| | | |
− | '''Q:''' [[#A27|Is the Cloud brokering fee the same for Protected B?]] | + | '''Q:''' Is the Cloud brokering fee the same for Protected B? |
| | | |
| '''A:''' Yes. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of Cloud Brokering Service. | | '''A:''' Yes. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of Cloud Brokering Service. |
| | | |
− | '''Q:''' [[#A28|When will Protected B cloud services be available?]] | + | '''Q:''' When will Protected B cloud services be available? |
| | | |
| '''A:''' The procurement process is nearing completion. It is expected that SSC will be ready to receive bids from pre-qualified vendors as of late summer 2019. | | '''A:''' The procurement process is nearing completion. It is expected that SSC will be ready to receive bids from pre-qualified vendors as of late summer 2019. |
Line 145: |
Line 145: |
| | | |
| === What’s next? === | | === What’s next? === |
− | '''Q:''' [[#A29|Will there be Protected A options in the future?]] | + | '''Q:''' Will there be Protected A options in the future? |
| | | |
| '''A:''' Yes. The contract addressing Protected A supply will be in place over the next year. | | '''A:''' Yes. The contract addressing Protected A supply will be in place over the next year. |
| | | |
| === Additional information === | | === Additional information === |
− | '''Q:''' [[#A32|Where can I get more information/documentation on Cloud?]] | + | '''Q:''' Where can I get more information/documentation on Cloud? |
| | | |
| '''A:''' The SSC Cloud Program office at: The Treasury Board Secretariat website at: <nowiki>https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services.html</nowiki><references /> | | '''A:''' The SSC Cloud Program office at: The Treasury Board Secretariat website at: <nowiki>https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services.html</nowiki><references /> |