Difference between revisions of "Cloud Collaboration"

From wiki
Jump to navigation Jump to search
(Formatting)
m (Updated FAQ section)
Line 89: Line 89:
 
'''Q:''' Is my data safe? Can data and applications be securely stored in the Cloud?
 
'''Q:''' Is my data safe? Can data and applications be securely stored in the Cloud?
  
'''A:''' Yes. Canadians can rest assured that their data is safe. The Government of Canada has policies in place that enforce where data resides (residency), how it is controlled (sovereignty), and has an extensive set of guidelines that detail departments’ accountability for managing services securely. Cloud service provider infrastructures are thoroughly assessed from the onset as part of the procurement process.
+
'''A:''' Yes. Canadians can rest assured that their data is safe.
 +
 
 +
The Government of Canada (GC) has policies in place that enforce where data resides (residency), how it is controlled (sovereignty), and has begun to develop guidelines that detail departments’ accountability for managing services securely.
 +
 
 +
Cloud service provider infrastructures are assessed by the Canadian Industrial Security Directorate (CISD), Canadian Centre for Cyber Security (Cyber Centre), Cloud Service Provider Assessment Program, and the Cyber Centre/Shared Services Canada Supply Chain Integrity (SCI) processes from the onset as part of the procurement process.
 +
 
 +
The GC takes into account industry benchmarks and certifications as part of the requirements that the Cloud service providers must meet (e.g. SOC2 and ISO27000 series).
 +
 
 +
The GC will not award contracts unless these requirements are met.
  
 
'''Q:''' How is the security and confidentiality of data protected?
 
'''Q:''' How is the security and confidentiality of data protected?
  
'''A:''' Shared Services Canada works continuously with security partners to ensure that Government of Canada (GC) security requirements are implemented to reduce threats to the confidentiality, integrity and availability of infrastructure that supports processes. Compliance to GC security requirements is also continuously monitored to ensure they remain in place. Departments are responsible for the security and confidentiality of the data.
+
'''A:''' The Government of Canada (GC) works with security partners to ensure that the security and confidentiality of data remain intact.  The GC continuously monitors any potential cyber threats and has robust measures in place to address them.
 +
 
 +
To ensure the security of government networks and systems, Shared Services Canada (SSC) and the Canadian Centre for Cyber Security has established a Supply Chain Integrity process, which evaluates the security of goods and services at all stages of the procurement process. This ensures that only trusted equipment, software and managed services are used in the delivery of government services.
  
 
'''Q:''' What is Secure Cloud Enablement and Defense (SCED)?
 
'''Q:''' What is Secure Cloud Enablement and Defense (SCED)?
Line 107: Line 117:
 
'''Q:''' Who is responsible for IT/IM security?
 
'''Q:''' Who is responsible for IT/IM security?
  
'''A:''' Cloud service providers are responsible for the security of the Cloud; the departments are responsible for Security in the Cloud; and Shared Services Canada provides security "to and from" public Cloud. Cloud security is a shared responsibility between the cloud service provider and the Government of Canada (GC) department. Security controls must be implemented appropriately to allow for the proper hosting of GC data and applications. The Government of Canada Cloud Security Risk Management Approach and Procedures provide advice and more information.
+
'''A:''' Cloud service providers are responsible for the security of the Cloud; the departments are responsible for Security in the Cloud; and Shared Services Canada provides security "to and from" the Cloud.
 +
 
 +
Cloud security is a shared responsibility between the Cloud service provider, SSC, the Canadian Centre for Cyber Security, and the departments. Security controls must be implemented appropriately to allow for the proper hosting of GC data and applications.
 +
 
 +
The combination of Treasury Board Secretariat of Canada Cloud directives and the Canadian Centre for Cyber Security Cloud Service Provider (CSP) Assessment Program methodology documentation provide advice and more information.
  
 
'''Q:''' What security certifications do the cloud services hold?
 
'''Q:''' What security certifications do the cloud services hold?
  
'''A:''' All services hold ISO27001 and SOC2 security certifications.
+
'''A:''' At a minimum the Government of Canada (GC) has indicated that Cloud Service Provider’s require up to date industry benchmarks and certifications like SOC2 and ISO27000 series to demonstrate compliance to security requirements. Additional evidence or documentation may also be collected and reviewed as necessary.  
  
 
=== Protected B ===
 
=== Protected B ===

Revision as of 15:03, 19 June 2019

A page for Government of Canada departments and partners to share information, strategies, and products for all communications regarding the "Cloud".

Frequently Asked Questions (FAQs)

General cloud information

Q: What is Cloud?

A: Cloud is a network of servers hosted over the Internet that is used to store, manage, and process data and applications in place of local servers or personal computers. Companies offering these services are called cloud service providers and typically charge for services based on the consumption. Cloud computing has been around since the late 1990s and continues to be a proven option for hosting data and applications. Cloud services often offer greater flexibility, mobility and efficiency.

Q: What is the Cloud-First Strategy?

A: The Treasury Board Secretariat Cloud Adoption Strategy recommends “cloud-first” as the preferred option for delivering IT services. This means that Government of Canada departments will prioritize the use of cloud to store, manage, and process data and applications whenever possible.

Q: What are the different Cloud option models?

A: Treasury Board Secretariat offers Government of Canada Right Cloud Selection Guidance to help departments decide which cloud model is right for them.

  • Public cloud
    • A commercially available offering procured and security-assessed for the use of all government organizations. In this deployment model, the government organizations will securely share tenancy with private companies, non-profits and individuals.[1]
  • Private cloud
    • A cloud offering tailored to the GC. In this deployment model, the GC will be the only tenant residing on the cloud. Private clouds include both off-premises and on-premises clouds managed by the GC or by a third party.[1]
  • Non-cloud
    • A traditional IT environment for hosting legacy applications that cannot be deployed to a cloud environment.[1]
  • Hybrid cloud or IT environment
    • A combination of the above models. This model takes a pragmatic approach to integrating legacy technology with cloud technology. [1]

[source: Government of Canada Cloud Adoption Strategy]

Q: How many contracts are in place for providing unclassified cloud?

A: The Government of Canada currently has twenty-six contracts in place for commercially available unclassified cloud services. They are available through the Cloud Brokering Portal for on-demand consumption and based on actual usage.

Q: What are the different Cloud service models Cloud Service Providers (CSP) offer?

A:

  • Software as a Service (SaaS): The Cloud Service Provider hosts and manages software applications and the infrastructure that supports them. Clients can access these applications using devices through a web browser.
  • Platform as a Service (PaaS):  An environment where the Cloud Service Provider gives users access to infrastructure, services and tools such as programming languages, libraries, where users can create or customize applications .
  • Infrastructure as a Service (IaaS): The Cloud Service Provider provides an underlying infrastructure that gives the consumer control over operating systems, storage, and applications. It may also give users limited control of some networking components.

Q: How does migration to the Cloud fit within the workload migration process?

A: Shared Services Canada is working with Government of Canada departments to migrate their data and applications from aging data centres to modern infrastructures like Cloud and enterprise data centres. With its increased performance, agility and elasticity, Cloud is the technology of choice to attain this goal.

Q: Which Government of Canada (GC) departments have the mandate and authority to independently procure Cloud services?

A: Only SSC and Public Services and Procurement Canada (PSPC) have the delegated authority to procure cloud services.

Roles and responsibilities

Q: From an Enterprise perspective who is responsible for what?

A: TBS: The Treasury Board Secretariat is responsible for enterprise strategies, policies, standards, governance and the coordination of supply and demand.

  • SSC: Shared Services Canada is responsible for cloud service supply, readiness, enablement and standardization.
  • Departments: Each department is responsible for choosing and adopting cloud services. They will lead change activities and analyze application portfolios for opportunities to take advantage of cloud services.

Q: Who determines the prioritization of migration (departments) to the Cloud and how is it being managed?

A: The Treasury Board Secretariat works with departmental Chief Information Officers’ in setting migration priorities, based on a number of criteria.

Cloud client information

Q: What are Shared Services Canada’s Cloud Brokering Services?

A: Government of Canada (GC) departments can review, purchase and provision public cloud services through Shared Services Canada’s (SSC) Cloud Brokering Service (CBS). As the Cloud broker, SSC is the liaison between qualified external Cloud service providers and GC departments, ensuring they receive the best possible Cloud solution to meet their needs. Following a rigorous procurement process, the GC qualified twenty-six suppliers of commercial unclassified public cloud services. These services are available to GC departments through the Cloud Brokering Portal.

Q: What is the Cloud Broker Fee?

A: Cloud services are provided based on commercial pricing as advertised by each of the qualified suppliers. Commercial pricing for unclassified public Cloud services is available through the Cloud Brokering Service. Billing is issued directly to GC departments by the supplier on the services consumed. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of the Cloud Brokering Service.

Q: What steps must Government of Canada departments take to adopt cloud?

A: Before adopting cloud, departments must develop a cloud strategy document and put a number of plans in place. These plans would touch on the following key steps towards cloud readiness:

  • Application Design
  • Platform Configuration
  • Network Connectivity
  • Foundational Services
  • Access Management
  • Security Monitoring
  • Configuration Management & Automation
  • Financial Monitoring
  • Security Assessment
  • Human Resource Skills and Capacity
  • Governance

Q: How do Government of Canada departments know what should be destined for the Enterprise Data Centre vs. the various Cloud options?

A: The Treasury Board Secretariat (TBS) and Shared Services Canada (SSC) work together to offer guidance and advice to Government of Canada (GC) departments on what data and applications should go where. TBS’ Cloud Adoption Strategy recommends “cloud-first” as the preferred option for delivering IT services: “Public cloud services will be the priority choice for departments when choosing a cloud deployment model,” and “[d]epartments will use private clouds where needs cannot be met by public clouds (e.g., secret information).” This means that all cloud requests must be submitted to SSC through the Cloud intake process after the department has determined which cloud deployment model best meets their business requirements.

Q: How much technical involvement will Shared Services Canada have once Cloud services have been purchased?

A: The Cloud Adoption Strategy and supporting security guidance place the responsibility of cloud operations with the Government of Canada departments. SSC’s involvement will remain on networking, security and any other optional services that departments may want SSC to deliver. SSC is working with departments to identify these. In addition, SSC is responsible to provide secure network connectivity to address their responsibility for cloud service readiness.

Security

Q: Is my data safe? Can data and applications be securely stored in the Cloud?

A: Yes. Canadians can rest assured that their data is safe.

The Government of Canada (GC) has policies in place that enforce where data resides (residency), how it is controlled (sovereignty), and has begun to develop guidelines that detail departments’ accountability for managing services securely.

Cloud service provider infrastructures are assessed by the Canadian Industrial Security Directorate (CISD), Canadian Centre for Cyber Security (Cyber Centre), Cloud Service Provider Assessment Program, and the Cyber Centre/Shared Services Canada Supply Chain Integrity (SCI) processes from the onset as part of the procurement process.

The GC takes into account industry benchmarks and certifications as part of the requirements that the Cloud service providers must meet (e.g. SOC2 and ISO27000 series).

The GC will not award contracts unless these requirements are met.

Q: How is the security and confidentiality of data protected?

A: The Government of Canada (GC) works with security partners to ensure that the security and confidentiality of data remain intact.  The GC continuously monitors any potential cyber threats and has robust measures in place to address them.

To ensure the security of government networks and systems, Shared Services Canada (SSC) and the Canadian Centre for Cyber Security has established a Supply Chain Integrity process, which evaluates the security of goods and services at all stages of the procurement process. This ensures that only trusted equipment, software and managed services are used in the delivery of government services.

Q: What is Secure Cloud Enablement and Defense (SCED)?

A: Secure Cloud Enablement and Defense (SCED) is an architected security perimeter that will focus on the network connectivity between the cloud environment and the public internet. The main purpose of SCED will be to secure Government of Canada (GC) data deployed by GC departments to public cloud environments.

Please note: The communications between the GC cloud environments and the GC data and applications hosted in Enterprise Data Centres will be trusted. The SCED perimeter will not be required for securing these communications.

Q: What are the timelines for SCED?

A: We will be piloting SCED within the next year.

Q: Who is responsible for IT/IM security?

A: Cloud service providers are responsible for the security of the Cloud; the departments are responsible for Security in the Cloud; and Shared Services Canada provides security "to and from" the Cloud.

Cloud security is a shared responsibility between the Cloud service provider, SSC, the Canadian Centre for Cyber Security, and the departments. Security controls must be implemented appropriately to allow for the proper hosting of GC data and applications.

The combination of Treasury Board Secretariat of Canada Cloud directives and the Canadian Centre for Cyber Security Cloud Service Provider (CSP) Assessment Program methodology documentation provide advice and more information.

Q: What security certifications do the cloud services hold?

A: At a minimum the Government of Canada (GC) has indicated that Cloud Service Provider’s require up to date industry benchmarks and certifications like SOC2 and ISO27000 series to demonstrate compliance to security requirements. Additional evidence or documentation may also be collected and reviewed as necessary.

Protected B

Q: How many vendors have qualified Protected B?

A: No news is available on this subject until the contract process is complete.

Q: What is the difference between Protected B and SCED?

A: The Secure Cloud Enablement and Defense (SCED) Project is designing a firewall to secure GC content. Its main focus is on protecting the network connectivity between the cloud environment and the public internet. Protected B Cloud is an approved cloud solution for Protected B data. SCED may be a component, but is not limited to, of any one specific Protected B cloud offering.

Q: Are there different types of Protected B (public vs. private)?

A: Yes. The public Protected B cloud is housed on a public cloud provider’s infrastructure, while a private Protected B cloud would be a reserved and segregated working cloud environment for a single organization.

Q: What steps do Government of Canada departments need to follow to access Protected B cloud services?

A: When the Protected B supply is in place, it will be available through the Cloud Brokering Portal.

Q: Does the Cloud Brokering Service function the same way for Protected B?

A: Yes.

Q: Is the Cloud brokering fee the same for Protected B?

A: Yes. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of Cloud Brokering Service.

Q: When will Protected B cloud services be available?

A: The procurement process is nearing completion. It is expected that SSC will be ready to receive bids from pre-qualified vendors as of late summer 2019.

Once the bids are received, they will be evaluated and contract negotiations will take place with pre-qualified vendors.

What’s next?

Q: Will there be Protected A options in the future?

A: Yes. The contract addressing Protected A supply will be in place over the next year.

Additional information

Q: Where can I get more information/documentation on Cloud?

A: The SSC Cloud Program office at: The Treasury Board Secretariat website at: https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services.html

Anticipatory Media Lines

Protected B Public Cloud Services Procurement

ISSUE

In February 2018, the Government of Canada awarded twenty-six contracts for commercially available unclassified Cloud services. These contracts make these services available on demand through the Cloud Brokering Portal, with costs based on actual usage.

On September 7, 2018, Shared Services Canada (SSC) posted an Invitation to Qualify (ITQ) for Protected B Public Cloud Services on buysandsell.gc.ca. This new procurement process will expand the range of Cloud services available to help departments manage their data and application workloads. As of June 17, the Government of Canada will be ready to receive bids from ITQ qualified respondents for Protected B Cloud services.  

KEY MESSAGES

  • The Government of Canada must be capable of delivering a range of digital services, at various security levels, to meet the needs of Canadians.
  • As the Government of Canada’s Cloud broker, enabler and service provider, Shared Services Canada:
  • ensures there is supply in place from qualified vendors; and
  • provides the network connectivity and security needed to support use of the Cloud.
  • As of June 17, the Government of Canada will be ready to receive bids from ITQ qualified respondents for Protected B Cloud services.
  • Protected B Cloud services will respond to the increasing demand for options that enable departments to securely store data and applications in Canada.
  • Choosing Protected B vendors will expand the range of cloud services available to departments so they can manage their data and applications.
  • The protection and privacy of Government of Canada data stored and processed in the Cloud is a top priority for Shared Services Canada.
If pressed on the cloud protected B procurement process
  • Shared Services Canada posted the Invitation to Qualify on September 7, 2018. This was the first phase of the procurement process to find qualified suppliers with experience in delivering cloud services at various security levels.
  • Shared Services Canada works with industry stakeholders to ensure open, fair and transparent procurement processes.
  • Building on lessons learned from procuring unclassified Cloud services, Shared Services Canada used a multi-phased procurement process that works with industry to define and develop service requirements.
  • Once it receives the bids, the Government of Canada will begin contract negotiations with these qualified respondents.
  • When the procurement process is complete, partner departments will have access to Protected B Cloud services through the Cloud Brokering Portal.
If pressed on security
  • Shared Services Canada works with security partners to ensure its service offerings meet specified Government of Canada security requirements to mitigate threats to the confidentiality, integrity and availability of data and business processes.
  • Shared Services Canada monitors compliance to Government of Canada-specified security requirements to ensure they remain in place.
If pressed on networks
  • Shared Services Canada is focusing on the network connectivity to increase reliability and capacity for access to cloud services.

SPOKESPERSON

  • Media Relations Office, 613-670-1626

President (SSC) Speaking Points: Stratosphere - The Government of Canada's Conference on Cloud and DevOps

Background Information: The Event

  • The Government of Canada has partnered with the Association of Public Sector Information Professionals (DPI), to host Stratosphere – a conference focused on Cloud and DevOps.
  • This conference is an opportunity for participants to share their experiences and lessons learned with their peers, and for the GC IT community to learn about possible partnerships with industry.

SSC and TBS

  • Shared Services Canada and the Treasury Board of Canada Secretariat are working together to bring Cloud services to the Government of Canada.
  • The Treasury Board of Canada Secretariat is responsible for Government of Canada enterprise governance, strategy and policy for Cloud services. This includes oversight and risk assessment of Cloud service requests from departments.
  • Under the leadership of TBS, the Government of Canada committed to a government-wide Cloud-First Adoption Strategy in which Cloud is the preferred option for delivering IT services to Canadians.
    • This means that departments will use Cloud to store, manage, and process data and applications where possible.
  • As part of our mandate on Cloud, SSC has 3 core roles: Broker, Provider, and Enabler.
  1. As a Cloud Broker, we offer the Cloud Brokering Service for public commercial unclassified supply to Government departments. We will soon be offering the supply for Protected B data.
  2. As a Cloud Provider, we plan to create additional private supply to complement the public commercial Cloud.
  3. As a Cloud Enabler, we enable the delivery of foundational services like connectivity and security to enable departments to consume Cloud supply.
  • There are currently 26 contracts in place for commercially available unclassified Cloud services available to departments for on-demand consumption, subscription or pre-paid services.

Protected B Cloud Services

  • On September 7, 2018, SSC posted an Invitation to Qualify (ITQ) for Protected B public Cloud services on buysandsell.gc.ca. A number of vendors were pre-qualified as a result.
  • The procurement of Cloud for Protected B information responds to increasing demand from departments, enabling them to benefit from tools that are capable of securely storing data in Canada.
  • As of June 17, the Government of Canada is ready to receive bids from ITQ qualified respondents for Protected B Cloud services.
  • Upon receiving bids, the Government of Canada will evaluate them and begin contract negotiations with the qualified respondents.
  • Following these final procurement steps, departments will be able to access Protected B Cloud services through the Government of Canada Cloud Brokering Service.
  • We have a number of pilots and projects underway with select departments on migrating their workloads to the Cloud.

Statistics Canada

  • Most recently, Statistics Canada and SSC successfully tested a small subset of users to a secure, fully integrated active directory in the Cloud. Statistics Canada’s active directory is forecasted to be live early this summer.
  • With the news of this success travelling, we expect that the other pathfinder departments and other departments in general, will be approaching us to leverage lessons learned to follow suit.
  • While SSC has provisioned early connectivity to Cloud Service Providers for some of the pathfinders via existing network connections, SSC is investigating optimal end state connectivity through pilot projects.

Enterprise Approach 3.0

  • At SSC, we are focusing on putting the “Shared” in Shared Services to enable a digital government. This means embracing an enterprise approach to provide quicker turnarounds, enhance collaboration, increase reliability and reduce risk.
  • Cloud computing is a big part of this new approach. The department is focusing on three key priorities:
    • Solidifying the IT foundation by increasing network reliability and capacity, and strengthening security;
    • Modernizing collaboration tools to enable, engage, and empower employees; and
    • Adopting Cloud and enterprise data centers to improve reliability and reduce risk.
  • Most of our data is currently stored in aging data centres across the country.
    • We are working with our partners to move their content into the hosting solution that meets their needs and one that provides a secure, reliable environment for their applications and data.
    • The objective is to have the majority of our data stored in our state-of-the-art EDCs, or in the Cloud, with consistent operating models.
  • In terms of workplace tools, the current landscape largely consists of standalone or loosely integrated productivity, communication and collaboration tools such as Skype, and audio/videoconferencing used from desktop devices and/or standalone devices.
    • The objective it to get to a point where Cloud-based services are used, leveraging industry standards and practices to interoperate with SSC end-state services and co-exist with legacy components during our transformation.