Configuration & Toolkits

Banne cloud.jpg


Tech build.jpg

Configuration & Toolkits

GC Cloud Security Risk Management Approach for Adopting Cloud

Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and develop the appropriate mitigating factors. This will required a structured approach to managing risks associated with the protection of government data and infrastructure in a public cloud. GC Cloud Security Risk Management Approach for adopting Cloud is one of the initiatives developed by TBS to provide the necessary direction to GC departments.

GC Cloud Operationalization Framework

With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework approved by the GC Enterprise Architecture Review Board (EARB).

GC Event Logging Guidance

TBS had developed a High-level strategy to configure event logging.

GC Accelerator

Conscious of the fact that wide adoption in GC will require enabling GC departments to effectively and rapidly deploy applications, computing etc. in public cloud environment. TBS in collaboration with SSC and other departments has developed a GC accelerator for Microsoft Azure and AWS cloud.

GC Accelerators - Azure

To access the Azure accelerator, consult canada-ca/accelerators_accelerateurs-azure

GC Accelerators – Amazon Web Services

To access the AWS accelerator, consult canada-ca/accelerators_accelerateurs-aws

Secure Cloud Connectivity

The establishment of secure cloud connections to cloud services and trusted interconnection points will:

• Improve resiliency of the GC infrastructure with dedicated and private connections to the cloud;

• Thereby ensuring continued access to GC information systems and solutions hosted in the cloud;

• Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and

• Enhance the protection of on-premise networks from compromised GC resources in the cloud.

Below are the link to the GC Secure Cloud Connectivity Requirements.

o GC Secure Cloud Connectivity Requirements
GC Cloud Access Use Cases
GC Connection Patterns - DRAFT for Consultation

GC Guardrails

The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of enrollment under the GC Cloud Services Framework Agreement.

o GC Cloud Guardrails - DRAFT for Consultation
Cloud Guardrails - Initial 30 Days
Standard Operating Procedure for Validating Cloud Guardrails

GC Cloud Guardrails – AZURE

GC Cloud Guardrails – Amazon Web Service

The GC accelerator for AWS is on GitHub:

Cloud reference Architecture

*** In construction ***

Naming and Tagging

To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services.