429
edits
Changes
Jump to navigation
Jump to search
Line 3:
Line 3: − + Line 15:
Line 15: − + − + Line 33:
Line 33: − + − + − + − + − + − + Line 54:
Line 54: − https://github.com/canada-ca/cloud-guardrails-aws + − * The GC AWS Accelerator main page is on GitHub: − * The GC AWS Accelerator main page is on GitHub: https://github.com/canada-ca/accelerators_accelerateurs-aws/blob/master/HOWTOs/GC_AWS_LZ_Package/README.md Line 64:
Line 62: − <nowiki>***</nowiki> In construction ***+ + + + + + + + + + + Line 80:
Line 88: − + Line 88:
Line 96: − +
Configuration & Toolkits (view source)
Revision as of 17:06, 28 January 2020
, 17:06, 28 January 2020no edit summary
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Editing Configuration & Toolkits</font></span>
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Editing Configuration & Toolkits</font></span>
== GC Cloud Security Risk Management Approach for Adopting Cloud ==
== GC Cloud Security Risk Management Approach for Adopting Cloud ==
Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and the develop the appropriate mitigating factors. This will required a structured approach to managing risks associated with the protection of government data and infrastructure in public cloud. GC Cloud Security Risk Management Approach for adopting Cloud is one of the initiative developed by TBS to provide the necessary direction to GC departments.
Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and the develop the appropriate mitigating factors. This will required a structured approach to managing risks associated with the protection of government data and infrastructure in public cloud. [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative#GC_Cloud_Security_Risk_Management_Approach_for_Adopting_Cloud GC Cloud Security Risk Management Approach for adopting Cloud] is one of the initiative developed by TBS to provide the necessary direction to GC departments.
== GC Cloud Operationalization Framework ==
== GC Cloud Operationalization Framework ==
== CG Accelerators - Azure ==
== CG Accelerators - Azure ==
To access the Azure accelerator, consult canada-ca/accelerators_accelerateurs-azure
To access the Azure accelerator, consult [https://github.com/canada-ca/accelerators_accelerateurs-azure canada-ca/accelerators_accelerateurs-azure]
== CG Accelerators – Amazon Web Services ==
== CG Accelerators – Amazon Web Services ==
To access the AWS accelerator, consult canada-ca/accelerators_accelerateurs-aws
To access the AWS accelerator, consult [https://github.com/canada-ca/accelerators_accelerateurs-aws canada-ca/accelerators_accelerateurs-aws]
== Secure Cloud Connectivity ==
== Secure Cloud Connectivity ==
Below are the link to the GC Secure Cloud Connectivity Requirements.
Below are the link to the GC Secure Cloud Connectivity Requirements.
• GC Secure Cloud Connectivity Requirements
• [http://%5Bhttps://www.gcpedia.gc.ca/gcwiki/images/e/e7/GC_Secure_Cloud_Connectivity_Requirements.pdf GC Secure Cloud Connectivity Requirements]
o GC Cloud Access Use Cases
o [https://www.gcpedia.gc.ca/gcwiki/images/1/18/GC_Cloud_Access_Use_Cases.xlsx GC Cloud Access Use Cases]
o GC Connection Patterns - DRAFT for Consultation
o [https://www.gcpedia.gc.ca/gcwiki/images/7/75/GC_Cloud_Connection_Patterns.pdf GC Connection Patterns - DRAFT for Consultation]
== GC Guardrails ==
== GC Guardrails ==
The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of an enrollment under the GC Cloud Services Framework Agreement.
The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of an enrollment under the GC Cloud Services Framework Agreement.
• GC Cloud Guardrails - DRAFT for Consultation
• [https://www.gcpedia.gc.ca/gcwiki/images/8/84/GC_Cloud_Guardrails.pdf GC Cloud Guardrails - DRAFT for Consultation]
o Cloud Guardrails - Initial 30 Days
o [https://www.gcpedia.gc.ca/gcwiki/images/e/ed/GC_Cloud_Guardrails.xlsx Cloud Guardrails - Initial 30 Days]
o Standard Operating Procedure for Validating Cloud Guardrails
o [https://www.gcpedia.gc.ca/gcwiki/images/1/19/SOP_for_Validating_Cloud_Guardrails.pdf Standard Operating Procedure for Validating Cloud Guardrails]
https://github.com/canada-ca/cloud-guardrails
https://github.com/canada-ca/cloud-guardrails
== GC Cloud Guardrails – Amazon Web Service ==
== GC Cloud Guardrails – Amazon Web Service ==
The GC accelerator for AWS is on GitHub: https://github.com/canada-ca/cloud-guardrails-aws
* The UTM Firewall VPC Overlay templates and scripts are also on GitHub and can be found here: https://github.com/canada-ca/accelerators_accelerateurs-aws/tree/master/templates
* The UTM Firewall VPC Overlay templates and scripts are also on GitHub and can be found here: https://github.com/canada-ca/accelerators_accelerateurs-aws/tree/master/templates
* The GC AWS Accelerator documentation including build books, etc., is currently stored in GCCode: https://gccode.ssc-spc.gc.ca/GCCloudEnablement/AWS/tree/master/GC%20Accelerator%20-%20AWS%20Landing%20Zone%20Package%20(July%202019)
* The GC AWS Accelerator documentation including build books, etc., is currently stored in GCCode: https://gccode.ssc-spc.gc.ca/GCCloudEnablement/AWS/tree/master/GC%20Accelerator%20-%20AWS%20Landing%20Zone%20Package%20(July%202019)
== Cloud reference Architecture ==
== Cloud reference Architecture ==
In construction
== Naming and Tagging ==
== Naming and Tagging ==
To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services.
To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services.
<br>
<br>
<br>
== Cloud Security Initiative ==
<br>
=== Overview ===
<br>
Cloud computing has introduced a fundamental shift in the way IT services are delivered and the Government of Canada (GC) will position itself to use this alternative service delivery model. Cloud adoption will ensure that the GC can continue to sustain IT service excellence during a period of increased demand by Canadians for online services and timely access to accurate information. This developing shift will affect how we procure, secure, and work with IT systems that support GC and departmental programs and services.
Under the cloud computing paradigm, the GC will depend on vendors for many aspects of security and privacy, and in doing so, will confer a level of trust onto the cloud service provider (CSP). To establish this trust, the GC requires an IT security risk management approach and procedures that are adapted to cloud computing.
For more information about the Cloud Security Initiative, please read the GC Cloud Security Risk Management Approach and Procedures document and the Cloud Adoption Strategy.
For more information on the GC Cloud Security Initiative consult https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative.
== Cloud Security ==
== Cloud Security ==
=== Overview and Current Situation in Government of Canada ===
=== Overview and Current Situation in Government of Canada ===
<br><br>
<br><br>
A contributing aspect to the low penetration of low-cost, high performance solutions enabled by cloud computing is the slow uptake of cloud technology in Canada as a whole. In a white paper published by IT World Canada, the perspective of Canadian CIOs on cloud computing was described as follows:
A contributing aspect to the low penetration of low-cost, high performance solutions enabled by cloud computing is the slow uptake of cloud technology in Canada as a whole. In a white paper published by IT World Canada, the perspective of Canadian CIOs on cloud computing was described as follows:
"Their posture towards the cloud, in other words, could not be more Canadian: optimistic but pragmatic, slow but deliberate, purposeful but not aggressive."
''"Their posture towards the cloud, in other words, could not be more Canadian: optimistic but pragmatic, slow but deliberate, purposeful but not aggressive." ''
<br><br>
<br><br>
In addition to worries about security and reliability, several additional factors contribute to the slow uptake, including data and information security and the protection of personal privacy, loss of control, expected cost and effort to convert to cloud computing, lack of a clear return on investment, change to a different management and contracting paradigm, data and information sovereignty requirements, ramification from the Personal Information and Electronic Documents Acts (PIPEDA) and the US Patriot Act, lack of open cloud and cyber security standards, concerns with vendor lock-in, lack of suitable bandwidth, and the desire to try the technology first or see solid proof of cost savings from other with trusted vendors before deploying to the greater enterprise.
In addition to worries about security and reliability, several additional factors contribute to the slow uptake, including data and information security and the protection of personal privacy, loss of control, expected cost and effort to convert to cloud computing, lack of a clear return on investment, change to a different management and contracting paradigm, data and information sovereignty requirements, ramification from the Personal Information and Electronic Documents Acts (PIPEDA) and the US Patriot Act, lack of open cloud and cyber security standards, concerns with vendor lock-in, lack of suitable bandwidth, and the desire to try the technology first or see solid proof of cost savings from other with trusted vendors before deploying to the greater enterprise.
With responsibility for processing and storing large amounts of sensitive data/information (e.g. classified, protected, private), the GC needs to minimize the risk of unauthorized disclosure of data. Adoption of cloud technology provides a wrinkle in the current approach to information security since portions of the information system are out of the direct control of the GC and the department charged with protecting sensitive GC information. <br>
With responsibility for processing and storing large amounts of sensitive data/information (e.g. classified, protected, private), the GC needs to minimize the risk of unauthorized disclosure of data. Adoption of cloud technology provides a wrinkle in the current approach to information security since portions of the information system are out of the direct control of the GC and the department charged with protecting sensitive GC information. <br>
<br>
<br>
For more information, please read the GC ESA ConOps Annex B: Cloud Security document. <br>
For more information, please read the [https://www.gcpedia.gc.ca/gcwiki/images/6/68/GC_ESA_ConOps_-_ANNEX_B_Cloud_Security.pdf GC ESA ConOps Annex B: Cloud Security] document. <br>
== Cloud Security Initiative ==
== Cloud Security Initiative ==
https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative
https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative
