Cloud Collaboration

Revision as of 15:45, 19 June 2019 by Tyler.murray (talk | contribs) (Added Social Media section)

A page for Government of Canada departments and partners to share information, strategies, and products for all communications regarding the "Cloud".

Frequently Asked Questions (FAQs)

General cloud information

Q: What is Cloud?

A: Cloud is a network of servers hosted over the Internet that is used to store, manage, and process data and applications in place of local servers or personal computers. Companies offering these services are called Cloud service providers and typically charge for services based on the consumption.

Cloud computing has been around since the late 1990s and continues to be a proven option for hosting data and applications. Cloud services often offer greater flexibility, mobility and efficiency.

Q: What is the Cloud first policy requirement?

A: Cloud first is a policy requirement that can be found in section 6.2.6 of the Treasury Board Secretariat of Canada’s Policy on Management of Information Technology.

It is further elaborated in the Cloud Adoption Strategy where “Cloud first” is recommended as the preferred option for delivering IT services.

This means that Government of Canada departments will prioritize the use of Cloud to store, manage, and process data and applications whenever possible.

Q: What are the different Cloud option models?

A: The Treasury Board of Canada Secretariat offers Government of Canada Right Cloud Selection Guidance to help departments decide which Cloud model is right for them.

  • Public cloud
    • A commercially available offering procured and security-assessed for the use of all government organizations. In this deployment model, the government organizations will securely share tenancy with private companies, non-profits and individuals. [1]
  • Private cloud
    • A Cloud offering tailored to the Government of Canada (GC). In this deployment model, the GC will be the only tenant residing on the Cloud. Private clouds include both off-premises and on-premises clouds managed by the GC or by a third party. [1]
  • Non-cloud
    • A traditional IT environment for hosting legacy applications that cannot be deployed to a Cloud environment. [1]
  • Hybrid cloud or IT environment
    • A combination of the above models. This model takes a pragmatic approach to integrating legacy technology with Cloud technology. [1]

[source: Government of Canada Cloud Adoption Strategy]

Q: How many contracts are in place for providing unclassified Cloud?

A: The Government of Canada currently has twenty-six contracts in place for commercially available unclassified Cloud services. They are available through the Cloud Brokering Portal for on-demand consumption and are based on actual usage.

Q: What are the different Cloud service models Cloud service providers (CSP) offer?

A:

  • Software as a Service (SaaS): The Cloud Service Provider hosts and manages software applications and the infrastructure that supports them. Clients can access these applications using devices through a web browser.
  • Platform as a Service (PaaS):  An environment where the Cloud Service Provider gives users access to infrastructure, services and tools such as programming languages, libraries, where users can create or customize applications.
  • Infrastructure as a Service (IaaS): The Cloud Service Provider provides an underlying infrastructure that gives the consumer control over operating systems, storage, and applications. It may also give users limited control of some networking components.

Q: How does migration to the Cloud fit within the workload migration process?

A: Shared Services Canada is working with Government of Canada departments to migrate their data and applications from aging data centres to modern infrastructures like Cloud and enterprise data centres. With its increased performance, agility and elasticity, Cloud is the technology of choice to attain this goal. Budget 2018 also refers to Cloud as an option for migrating from legacy, at risk, data centres:

“$110 million over six years, starting in 2018–19, to be accessed by Shared Services Canada’s partner departments and agencies to help them migrate their applications from older data centres into more secure modern data centres or cloud solutions.”

Q: Which Government of Canada (GC) departments have the mandate and authority to independently procure Cloud services?

A: Only Shared Services Canada (SSC) and Public Services and Procurement Canada (PSPC) have the delegated authority to procure cloud services.

Each department has a procurement mandate. For instance, SSC’s procurement vehicle supports the delivery of network services, compute and storage capabilities and applications related to workplace technologies for GC departments.  PSPC’s vehicle will support Software-as-a-Service requirements, which correspond with the traditional procurement of software applications and associated support.

Roles and responsibilities

Q: From an enterprise perspective, who is responsible for what?

A:

  • TBS: The Treasury Board of Canada Secretariat is responsible for enterprise strategies, policies, standards, governance and the coordination of supply and demand.
  • SSC: Shared Services Canada is responsible for Cloud service supply, readiness, enablement and standardization.
  • PSPC: As a common service procurement provider, PSPC responds to client department needs by developing procurement tools and procuring solutions on their behalf.
  • Departments: Each department is responsible for choosing and adopting Cloud services. They will lead change activities and analyze application portfolios for opportunities to take advantage of Cloud services. The Treasury Board of Canada Secretariat also has a roles and responsibilities document.

Q: Who determines the prioritization of migration (departments) to the Cloud and how is it being managed?

A: The departmental chief information officers make the choice to use Cloud and set migration priorities, based on a number of criteria.

Cloud client information

Q: What are Shared Services Canada’s Cloud Brokering Services?

A: Government of Canada (GC) departments can review, purchase and provision public Cloud services through Shared Services Canada’s (SSC) Cloud Brokering Service (CBS).

As the Cloud broker, SSC is the liaison between qualified external Cloud service providers and GC departments, ensuring they receive the best possible Cloud solution to meet their needs.

Following a rigorous procurement process, the GC qualified twenty-six suppliers of commercial unclassified public Cloud services. These services are available to GC departments through the Cloud Brokering Portal.

Q: What is the Cloud Broker Fee?

A: Cloud services are provided based on commercial pricing, as advertised by each of the qualified suppliers. Commercial pricing for unclassified public Cloud services is available through the Cloud Brokering Service. Billing is issued directly to GC departments by the supplier on the services consumed.

A ten percent (10%) brokering fee, which is not included in the direct billing between the supplier and the GC department, is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly.

The brokering fee recovers the cost of the Cloud Brokering Service.

Q: What steps must Government of Canada departments take to adopt Cloud?

A: Before adopting Cloud, departments must develop a Cloud strategy document and put a number of plans in place. These plans would touch on the following key steps towards Cloud readiness:

  • Application Design
  • Platform Configuration
  • Network Connectivity
  • Foundational Services
  • Access Management
  • Security Monitoring
  • Configuration Management and Automation
  • Financial Monitoring
  • Security Assessment
  • Human Resource Skills and Capacity
  • Governance

Q: How do Government of Canada departments know what should be destined for the Enterprise Data Centre vs. the various Cloud options?

A: Departments determine when Cloud or data centre services are appropriate. This responsibility is embedded in the Policy for the Management of IT. All data having national interest (i.e. PROTECTED C, CONFIDENTIAL, SECRET, TOP SECRET) cannot be deployed to public Cloud. Protected B and unclassified data are deemed appropriate for public Cloud deployment, but departments are ultimately responsible for determining if an Enterprise Data Centre or Cloud services best meets their business requirements.

The Treasury Board Secretariat has oversight of that decision, while Shared Services Canada and Public Services and Procurement Canada supply the Cloud services.

The Government of Canada’s Cloud First Policy requires departments to choose public Cloud service as their principal deployment model for IT.

Q: How much technical involvement will Shared Services Canada have once the Cloud services have been purchased?

A: The Cloud Adoption Strategy and supporting security guidance place the responsibility of Cloud operations with the Government of Canada departments. SSC will remain involved with networking, security and any other optional services that departments may want SSC to deliver. SSC is working with departments to identify these. In addition, SSC is responsible to provide secure network connectivity to address their responsibility for cloud service readiness.

Security

Q: Is my data safe? Can data and applications be securely stored in the Cloud?

A: Yes. Canadians can rest assured that their data is safe.

The Government of Canada (GC) has policies in place that enforce where data resides (residency), how it is controlled (sovereignty), and has begun to develop guidelines that detail departments’ accountability for managing services securely.

Cloud service provider infrastructures are assessed by the Canadian Industrial Security Directorate (CISD), Canadian Centre for Cyber Security (Cyber Centre), Cloud Service Provider Assessment Program, and the Cyber Centre/Shared Services Canada Supply Chain Integrity (SCI) processes from the onset as part of the procurement process.

The GC takes into account industry benchmarks and certifications as part of the requirements that the Cloud service providers must meet (e.g. SOC2 and ISO27000 series).

The GC will not award contracts unless these requirements are met.

Q: How is the security and confidentiality of data protected?

A: The Government of Canada (GC) works with security partners to ensure that the security and confidentiality of data remain intact.  The GC continuously monitors any potential cyber threats and has robust measures in place to address them.

To ensure the security of government networks and systems, Shared Services Canada (SSC) and the Canadian Centre for Cyber Security has established a Supply Chain Integrity process, which evaluates the security of goods and services at all stages of the procurement process. This ensures that only trusted equipment, software and managed services are used in the delivery of government services.

Q: What is Secure Cloud Enablement and Defence (SCED)?

A: Secure Cloud Enablement and Defence (SCED) is an architected security perimeter that will focus on the network connectivity between the Cloud environment and the public Internet. The main purpose of SCED will be to secure Government of Canada (GC) data deployed by GC departments to public Cloud environments.

Please note: The communications between the GC Cloud environments and the GC data and applications hosted in enterprise data centres will be trusted. The SCED perimeter will not be required for securing these communications.

Q: What are the timelines for SCED?

A: The pilot of Secure Cloud Enablement and Defence (SCED) architecture 1 is being finalized and assessed for Treasury Board of Canada Secretariat and Statistics Canada.

Q: Who is responsible for IT/IM security?

A: Cloud service providers are responsible for the security of the Cloud; the departments are responsible for Security in the Cloud; and Shared Services Canada provides security "to and from" the Cloud.

Cloud security is a shared responsibility between the Cloud service provider, SSC, the Canadian Centre for Cyber Security, and the departments. Security controls must be implemented appropriately to allow for the proper hosting of GC data and applications.

The combination of Treasury Board Secretariat of Canada Cloud directives and the Canadian Centre for Cyber Security Cloud Service Provider (CSP) Assessment Program methodology documentation provide advice and more information.

Q: What security certifications do the cloud services hold?

A: At a minimum the Government of Canada (GC) has indicated that Cloud Service Provider’s require up to date industry benchmarks and certifications like SOC2 and ISO27000 series to demonstrate compliance to security requirements. Additional evidence or documentation may also be collected and reviewed as necessary.

Protected B

Q: How many vendors have for qualified Protected B Cloud Services?

A: No news is available on this subject until the contract process is complete.

Q: What is the difference between Protected B Cloud and SCED?

A: The Secure Cloud Enablement and Defence (SCED) Project is designing a firewall to secure GC content. Its main focus is on protecting the network connectivity between the Cloud environment and the public Internet. Protected B Cloud is an approved Cloud solution for Protected B data. SCED may be a component, but is not limited to, of any one specific Protected B Cloud offering.

Q: Are there different types of Protected B (public vs. private)?

A: Yes. The public Protected B Cloud is housed on a public Cloud provider’s infrastructure, while a private Protected B Cloud would be a reserved and segregated working Cloud environment for a single organization.

Q: What steps do Government of Canada departments need to follow to access Protected B Cloud services?

A: When the Protected B supply is in place, it will be available through the Cloud Brokering Portal.

Q: Does the Cloud Brokering Service function the same way for Protected B?

A: Yes.

Q: Is the Cloud brokering fee the same for Protected B?

A: Yes. A ten percent (10%) brokering fee, not included in the direct billing between the supplier and the GC department is applied by Shared Services Canada to the value of services consumed. The brokering fee is based on monthly consumption and is retrieved quarterly.

The brokering fee recovers the cost of Cloud Brokering Service.

Q: When will Protected B Cloud services be available?

A: The procurement process is nearing completion. As of June 17, the Government of Canada is ready to receive bids from pre-qualified vendors.

Once the bids are received, they will be evaluated and contract negotiations will take place with pre-qualified vendors. Initial contracts are expected to be issued during summer 2019.

PSPC has developed a Supply Arrangement allowing vendors to qualify for the provision of SaaS solutions.  Starting from June 17, PSPC is accepting and reviewing submissions and as vendors qualify, client departments can start consuming.

What’s next?

Q: Will there be Protected A options in the future?

A: Yes. The contract addressing Protected A supply will be in place over the next year.

Additional information

Q: Where can I get more information/documentation on Cloud?

A: The SSC Cloud Program office at: [[1]]

The Treasury Board of Canada Secretariat website at: https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services.html

Anticipatory Media Lines

Protected B Public Cloud Services Procurement

ISSUE

In 2018, Government of Canada updated its Cloud Adoption Strategy to draw its vision and commitment to adopting Cloud based solutions, in particular in the area of the public cloud deployment and software-as-a-service (SaaS).

In February 2018, the Government of Canada awarded twenty-six contracts for commercially available unclassified Cloud services. These contracts make these services available on demand through the Cloud Brokering Portal, with costs based on actual usage.

On September 7, 2018, Shared Services Canada (SSC) posted an Invitation to Qualify (ITQ) for Protected B Public Cloud Services on buysandsell.gc.ca. This new procurement process will expand the range of Cloud services available to help departments manage their data and application workloads. As of June 17, the Government of Canada will be ready to receive bids from ITQ qualified respondents for Protected B Cloud services.  

KEY MESSAGES

  • The Government of Canada must be capable of delivering a range of digital services, at various security levels, to meet the needs of Canadians.
  • As the Government of Canada’s Cloud broker, enabler and service provider, Shared Services Canada:
    • ensures the Cloud solutions are provided from qualified vendors; and
    • provides the network connectivity and security needed to support use of the Cloud.
  • As of June 17, the Government of Canada will be ready to receive bids from qualified respondents for Protected B Cloud services.
  • Protected B Cloud services will respond to the increasing demand for options that enable departments to securely store data and applications in Canada.
  • Choosing Protected B vendors will expand the range of cloud services available to departments so they can manage their data and applications.
  • The protection and privacy of Government of Canada data stored and processed in the Cloud is a top priority for Shared Services Canada.
If pressed on the cloud protected B procurement process
  • Shared Services Canada posted the Invitation to Qualify on September 7, 2018. This was the first phase of the procurement process to find qualified suppliers with experience in delivering cloud services at various security levels.
  • The scope of each process aligns with the procurement mandates of each department. For instance:
    • SSC’s procurement vehicle supports delivering of their core mandate of network services, compute and storage capabilities and applications related to workplace technologies for GC departments; and
    • PSPC’s vehicle will support SaaS requirements, which correspond with the traditional procurement of software applications and associated support.
  • Shared Services Canada and PSPC work with industry stakeholders to ensure open, fair and transparent procurement processes.
  • Building on lessons learned from procuring unclassified Cloud services, Shared Services Canada and PSPC are using a multi-phased procurement process that works with industry to define and develop service requirements.
  • As of June 17, the Government of Canada is ready to receive bids qualified respondents for Protected B Cloud services.
  • For SSC’s vehicle, once it receives the bids, the Government of Canada will begin contract negotiations with these qualified respondents.
  • When the procurement process is complete, partner departments will have access to Protected B Cloud services through the Cloud Brokering Portal.
  • PSPC’s RFSA is posted continuously to enable suppliers to qualify on an ongoing basis.
If pressed on security
  • Shared Services Canada and PSPC work with security partners to ensure its service offerings meet specified Government of Canada security requirements to mitigate to the confidentiality, integrity and availability of data and business processes.
  • Shared Services Canada monitors compliance to Government of Canada-specified security requirements to ensure they remain in place.
If pressed on networks
  • Shared Services Canada is focusing on the network connectivity to increase reliability and capacity for access to cloud services.

SPOKESPERSON

  • Media Relations Office, 613-670-1626

President (SSC) Speaking Points: Stratosphere - The Government of Canada's Conference on Cloud and DevOps

Background Information: The Event

  • The Government of Canada has partnered with the Association of Public Sector Information Professionals (DPI), to host Stratosphere – a conference focused on Cloud and DevOps.
  • This conference is an opportunity for participants to share their experiences and lessons learned with their peers, and for the GC IT community to learn about possible partnerships with industry.

SSC and TBS

  • Shared Services Canada and the Treasury Board of Canada Secretariat are working together to bring Cloud services to the Government of Canada.
  • The Treasury Board of Canada Secretariat is responsible for Government of Canada enterprise governance, strategy and policy for Cloud services. This includes oversight and risk assessment of Cloud service requests from departments.
  • Under the leadership of TBS, the Government of Canada committed to a government-wide Cloud-First Adoption Strategy in which Cloud is the preferred option for delivering IT services to Canadians.
    • This means that departments will use Cloud to store, manage, and process data and applications where possible.
  • As part of our mandate on Cloud, SSC has 3 core roles: Broker, Provider, and Enabler.
  1. As a Cloud Broker, we offer the Cloud Brokering Service for public commercial unclassified supply to Government departments. We will soon be offering the supply for Protected B data.
  2. As a Cloud Provider, we plan to create additional private supply to complement the public commercial Cloud.
  3. As a Cloud Enabler, we enable the delivery of foundational services like connectivity and security to enable departments to consume Cloud supply.
  • There are currently 26 contracts in place for commercially available unclassified Cloud services available to departments for on-demand consumption, subscription or pre-paid services.

Protected B Cloud Services

  • On September 7, 2018, SSC posted an Invitation to Qualify (ITQ) for Protected B public Cloud services on buysandsell.gc.ca. A number of vendors were pre-qualified as a result.
  • The procurement of Cloud for Protected B information responds to increasing demand from departments, enabling them to benefit from tools that are capable of securely storing data in Canada.
  • As of June 17, the Government of Canada is ready to receive bids from ITQ qualified respondents for Protected B Cloud services.
  • Upon receiving bids, the Government of Canada will evaluate them and begin contract negotiations with the qualified respondents.
  • Following these final procurement steps, departments will be able to access Protected B Cloud services through the Government of Canada Cloud Brokering Service.
  • We have a number of pilots and projects underway with select departments on migrating their workloads to the Cloud.

Statistics Canada

  • Most recently, Statistics Canada and SSC successfully tested a small subset of users to a secure, fully integrated active directory in the Cloud. Statistics Canada’s active directory is forecasted to be live early this summer.
  • With the news of this success travelling, we expect that the other pathfinder departments and other departments in general, will be approaching us to leverage lessons learned to follow suit.
  • While SSC has provisioned early connectivity to Cloud Service Providers for some of the pathfinders via existing network connections, SSC is investigating optimal end state connectivity through pilot projects.

Enterprise Approach 3.0

  • At SSC, we are focusing on putting the “Shared” in Shared Services to enable a digital government. This means embracing an enterprise approach to provide quicker turnarounds, enhance collaboration, increase reliability and reduce risk.
  • Cloud computing is a big part of this new approach. The department is focusing on three key priorities:
    • Solidifying the IT foundation by increasing network reliability and capacity, and strengthening security;
    • Modernizing collaboration tools to enable, engage, and empower employees; and
    • Adopting Cloud and enterprise data centers to improve reliability and reduce risk.
  • Most of our data is currently stored in aging data centres across the country.
    • We are working with our partners to move their content into the hosting solution that meets their needs and one that provides a secure, reliable environment for their applications and data.
    • The objective is to have the majority of our data stored in our state-of-the-art EDCs, or in the Cloud, with consistent operating models.
  • In terms of workplace tools, the current landscape largely consists of standalone or loosely integrated productivity, communication and collaboration tools such as Skype, and audio/videoconferencing used from desktop devices and/or standalone devices.
    • The objective it to get to a point where Cloud-based services are used, leveraging industry standards and practices to interoperate with SSC end-state services and co-exist with legacy components during our transformation.

Social Media Products

xxx xxx