Cloud Collaboration

Revision as of 16:43, 13 June 2019 by Tyler.murray (talk | contribs) (Added Frequently Asked Questions section)

A page for Government of Canada departments and partners to share information, strategies, and products for all communications regarding the "Cloud".

Frequently Asked Questions

General cloud information

What is Cloud?

What is the Cloud-First Strategy?

What are the different Cloud option models?

How many contracts are in place for providing unclassified cloud?

What are the different Cloud service models Cloud Service Providers (CSP) offer?

Which Government of Canada (GC) departments have the mandate and authority to independently procure Cloud services?

Roles and responsibilities

From an Enterprise perspective who is responsible for what?

Who determines the prioritization of migration (departments) to the Cloud and how is it being managed?

Cloud client information

What are Shared Services Canada’s Cloud Brokering Services?

What is the Cloud Broker Fee?

What steps must Government of Canada departments take to adopt cloud?

How do Government of Canada departments know what should be destined for the Enterprise Data Centre vs. the various Cloud options?

How much technical involvement will Shared Services Canada have once Cloud services have been purchased?

Security

Is my data safe? Can data and applications be securely stored in the Cloud?

How is the security and confidentiality of data protected?

What is Secure Cloud Enablement and Defense (SCED)?

What are the timelines for SCED?

Who is responsible for IT/IM security?

What security certifications do the cloud services hold?

Protected B

How many vendors have qualified Protected B?

What is the difference between Protected B and SCED?

Are there different types of Protected B (public vs. private)?

What steps do Government of Canada departments need to follow to access Protected B cloud services?

Does the Cloud Brokering Service function the same way for Protected B?

Is the Cloud brokering fee the same for Protected B?

When will Protected B cloud services be available?

What’s next?

Will there be Protected A options in the future?

Additional information

Where can I get more information/documentation on Cloud?

General

Q: What is Cloud?

A: Cloud is a network of servers hosted over the Internet that is used to store, manage, and process data and applications in place of local servers or personal computers. Companies offering these services are called cloud service providers and typically charge for services based on the consumption. Cloud computing has been around since the late 1990s and continues to be a proven option for hosting data and applications. Cloud services often offer greater flexibility, mobility and efficiency.

Q: What is the Cloud-First Strategy?

A: The Treasury Board Secretariat Cloud Adoption Strategy recommends “cloud-first” as the preferred option for delivering IT services. This means that Government of Canada departments will prioritize the use of cloud to store, manage, and process data and applications whenever possible.

Q: What are the different Cloud option models?

A: Treasury Board Secretariat offers Government of Canada Right Cloud Selection Guidance to help departments decide which cloud model is right for them.

  • Public cloud
    • A commercially available offering procured and security-assessed for the use of all government organizations. In this deployment model, the government organizations will securely share tenancy with private companies, non-profits and individuals.[1]
  • Private cloud
    • A cloud offering tailored to the GC. In this deployment model, the GC will be the only tenant residing on the cloud. Private clouds include both off-premises and on-premises clouds managed by the GC or by a third party.[1]
  • Non-cloud
    • A traditional IT environment for hosting legacy applications that cannot be deployed to a cloud environment.[1]
  • Hybrid cloud or IT environment
    • A combination of the above models. This model takes a pragmatic approach to integrating legacy technology with cloud technology. [1]

[source: Government of Canada Cloud Adoption Strategy]

Q: How many contracts are in place for providing unclassified cloud?

A: The Government of Canada currently has twenty-six contracts in place for commercially available unclassified cloud services. They are available through the Cloud Brokering Portal for on-demand consumption and based on actual usage.

Q: What are the different Cloud service models Cloud Service Providers (CSP) offer?

A:

  • Software as a Service (SaaS): The Cloud Service Provider hosts and manages software applications and the infrastructure that supports them. Clients can access these applications using devices through a web browser.
  • Platform as a Service (PaaS):  An environment where the Cloud Service Provider gives users access to infrastructure, services and tools such as programming languages, libraries, where users can create or customize applications .
  • Infrastructure as a Service (IaaS): The Cloud Service Provider provides an underlying infrastructure that gives the consumer control over operating systems, storage, and applications. It may also give users limited control of some networking components.

Q: How does migration to the Cloud fit within the workload migration process?

A: Shared Services Canada is working with Government of Canada departments to migrate their data and applications from aging data centres to modern infrastructures like Cloud and enterprise data centres. With its increased performance, agility and elasticity, Cloud is the technology of choice to attain this goal.

Q: Which Government of Canada departments have the mandate and authority to independently procure Cloud services?

A: Only SSC and Public Services and Procurement Canada (PSPC) have the delegated authority to procure cloud services.

Roles and responsibilities

Q: From an Enterprise perspective who is responsible for what?

A: TBS: The Treasury Board Secretariat is responsible for enterprise strategies, policies, standards, governance and the coordination of supply and demand.

SSC: Shared Services Canada is responsible for cloud service supply, readiness, enablement and standardization.

Departments: Each department is responsible for choosing and adopting cloud services. They will lead change activities and analyze application portfolios for opportunities to take advantage of cloud services.

Q: Who determines the prioritization of migration (departments) to the Cloud and how it will be managed?

A: The Treasury Board Secretariat works with departmental Chief Information Officers’ in setting migration priorities, based on a number of criteria.

Cloud client information

Q: What are Shared Services Canada’s Cloud Brokering Services?

A: Government of Canada (GC) departments can review, purchase and provision public cloud services through Shared Services Canada’s (SSC) Cloud Brokering Service (CBS). As the Cloud broker, SSC is the liaison between qualified external Cloud service providers and GC departments, ensuring they receive the best possible Cloud solution to meet their needs. Following a rigorous procurement process, the GC qualified twenty-six suppliers of commercial unclassified public cloud services. These services are available to GC departments through the Cloud Brokering Portal.

Q: What is the Cloud Broker Fee?

A: Cloud services are provided based on commercial pricing as advertised by each of the qualified suppliers. Commercial pricing for unclassified public Cloud services is available through the Cloud Brokering Service. Billing is issued directly to GC departments by the supplier on the services consumed. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of the Cloud Brokering Service.

Q: What steps must Government of Canada departments take to adopt cloud?

A: Before adopting cloud, departments must develop a cloud strategy document and put a number of plans in place. These plans would touch on the following key steps towards cloud readiness:

  • Application Design
  • Platform Configuration
  • Network Connectivity
  • Foundational Services
  • Access Management
  • Security Monitoring
  • Configuration Management & Automation
  • Financial Monitoring
  • Security Assessment
  • Human Resource Skills and Capacity
  • Governance

Q: How do Government of Canada departments know what should be destined for the Enterprise Data Centre vs. the various Cloud options?

A: The Treasury Board Secretariat (TBS) and Shared Services Canada (SSC) work together to offer guidance and advice to Government of Canada (GC) departments on what data and applications should go where. TBS’ Cloud Adoption Strategy recommends “cloud-first” as the preferred option for delivering IT services: “Public cloud services will be the priority choice for departments when choosing a cloud deployment model,” and “[d]epartments will use private clouds where needs cannot be met by public clouds (e.g., secret information).” This means that all cloud requests must be submitted to SSC through the Cloud intake process after the department has determined which cloud deployment model best meets their business requirements.

Q: How much technical involvement will Shared Services Canada’s have once Cloud services are purchased?

A: The Cloud Adoption Strategy and supporting security guidance place the responsibility of cloud operations with the Government of Canada departments. SSC’s involvement will remain on networking, security and any other optional services that departments may want SSC to deliver. SSC is working with departments to identify these. In addition, SSC is responsible to provide secure network connectivity to address their responsibility for cloud service readiness.

Security

Q: Is my data safe? Can data and applications be securely stored in the Cloud?

A: Yes. Canadians can rest assured that their data is safe. The Government of Canada has policies in place that enforce where data resides (residency), how it is controlled (sovereignty), and has an extensive set of guidelines that detail departments’ accountability for managing services securely. Cloud service provider infrastructures are thoroughly assessed from the onset as part of the procurement process.

Q: How is the security and confidentiality of data protected?

A: Shared Services Canada works continuously with security partners to ensure that Government of Canada (GC) security requirements are implemented to reduce threats to the confidentiality, integrity and availability of infrastructure that supports processes. Compliance to GC security requirements is also continuously monitored to ensure they remain in place. Departments are responsible for the security and confidentiality of the data.

Q: What is Secure Cloud Enablement and Defense (SCED)?

A: Secure Cloud Enablement and Defense (SCED) is an architected security perimeter that will focus on the network connectivity between the cloud environment and the public internet. The main purpose of SCED will be to secure Government of Canada (GC) data deployed by GC departments to public cloud environments.

Please note: The communications between the GC cloud environments and the GC data and applications hosted in Enterprise Data Centres will be trusted. The SCED perimeter will not be required for securing these communications.

Q: What are the timelines for SCED?

A: We will be piloting SCED within the next year.

Q: Who is responsible for IT/IM security?

A: Cloud service providers are responsible for the security of the Cloud; the departments are responsible for Security in the Cloud; and Shared Services Canada provides security "to and from" public Cloud.

Cloud security is a shared responsibility between the cloud service provider and the Government of Canada (GC) department. Security controls must be implemented appropriately to allow for the proper hosting of GC data and applications.

The Government of Canada Cloud Security Risk Management Approach and Procedures provide advice and more information.

Q: What security certifications do the cloud services hold?

A: All services hold ISO27001 and SOC2 security certifications.

Protected B

Q: How many vendors have qualified Protected B?

A: No news is available on this subject until the contract process is complete.

Q: What is the difference between Protected B Cloud and SCED?

A: The Secure Cloud Enablement and Defense (SCED) Project is designing a firewall to secure GC content. Its main focus is on protecting the network connectivity between the cloud environment and the public internet. Protected B Cloud is an approved cloud solution for Protected B data. SCED may be a component, but is not limited to, of any one specific Protected B cloud offering.

Q: Are there different types of Protected B (public vs. private)?

A: Yes. The public Protected B cloud is housed on a public cloud provider’s infrastructure, while a private Protected B cloud would be a reserved and segregated working cloud environment for a single organization.

Q: What steps do Government of Canada departments need to follow to access Protected B cloud services?

A: When the Protected B supply is in place, it will be available through the Cloud Brokering Portal.

Q: Does the Cloud Brokering Service function the same way for Protected B?

A: Yes.

Q: Is the Cloud brokering fee the same for Protected B?

A: Yes. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly. The brokering fee recovers the cost of Cloud Brokering Service.

Q: When will Protected B cloud services be available?

A: The procurement process is nearing completion. It is expected that SSC will be ready to receive bids from pre-qualified vendors as of late summer 2019.

Once the bids are received, they will be evaluated and contract negotiations will take place with pre-qualified vendors.

What’s next?

Q: Will there be Protected A options in the future?

A: Yes. The contract addressing Protected A supply will be in place over the next year.

Additional information

Q: Where can I get more information/documentation on Cloud?

A: The SSC Cloud Program office at: [[1]]

The Treasury Board Secretariat website at: https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services.html