Identity Proofing in the Cloud
description
Transcript of Identity Proofing in the Cloud
Identity Proofing in the Cloud
February 15, 2012
Greg CapellaDeputy Executive Director
DHS/OCIO/ESDO
DHS’s History
• Established on November 25, 2002– Cabinet level post created– Incorporated 22 agencies into one organization
“The creation of DHS constituted the most significant government reorganization since
the Cold War, and the most substantial reorganization of federal agencies since the
National Security Act of 1947”
2
Reference: Peter Andreas: “Redrawing the line “
DHS Data Center Consolidation
• Consolidating to 2 operational centers• Lift and shift approach not viable
– Expensive– Inefficient for most applications– Takes too long
• New guidance reinforced desire for a “better way”
• Enhance Security Posture and Information Sharing Capabilities
3
IT Reform @ DHS
Cloud First• Enable and leverage secure XaaS (i.e.,
SaaS, PaaS, IaaS)• Standup and enable IT commodity
services (e.g., SharePoint, Email, CRM, and Auth as a Service, Service Catalog)
• Public and Private Offerings
Owner(s)< 6
mos.6-12 mos.
12-18 mos.
DHS Component
1 Complete detailed implementation plans to consolidate 800 data centers by 2015
OMB, Agenciesl
2 Create a government-wide marketplace for data center availability
OMB, GSAl
3 Shift to a “Cloud First” policy OMB, Agencies l4 Stand-up contract vehicles for secure IaaS
solutionsGSA
l
5 Stand-up contract vehicles for “commodity” services
GSAl
6 Develop a strategy for shared services Federal CIO l
7 Design a formal IT program management career path
OPM, OMBl
8 Scale IT program management career path OPM, Agencies l
9 Require Integrated Program Teams OMB l10 Launch a best practices collaboration
platformFederal CIO Council
l
11 Launch technology fellows program Federal CIO l12 Enable IT program manager mobility
across government and industryOMB, CIO Council, OPM
l
13 Design and develop cadre of specialized IT acquisition professionals
OMB, Agenciesl
14 Identify IT acquisition best practices and adopt government-wide
OFPPl
15 Issue contracting guidance and templates to support modular development
OFPPl
16 Reduce barriers to entry for small innovative technology companies
SBA, GSA, OFPPl
17 Work with Congress to create IT budget models that align with modular development
OMB, Agenciesl
18 Develop supporting materials and guidance for flexible IT budget models
OMB, CFO Council, CIO Council l
19 Work with Congress to scale flexible IT budget models more broadly
OMB, Agenciesl
20 Work with Congress to consolidate Commodity IT spending under Agency CIO
OMB, Agenciesl
21 Reform and strengthen Investment Review Boards
OMB, Agenciesl
22 Redefine role of Agency CIOs and Federal CIO Council
Federal CIO, Agency CIOsl
23 Rollout “TechStat” model at bureau-level Agency CIOs l24 Launch “myth-busters” education
campaignOFPP
l
25 Launch an interactive platform for pre-RFP agency-industry collaboration
GSAl
Effectively Managing Large-Scale IT Programs
Achieving Operational Effi ciency
Action Item
Consolidate IT Assets• Data Center consolidation (i.e., EDC)• Network consolidation (i.e., OneNet)• IT buying services (i.e., EAGLE II,
FirstSource II, GSA IaaS)• ICAM
Collaboration & Best Practices• IT Councils (i.e., ASC, SIOC, CISOC, etc)• Executive Steering Committees (ESCs) (i.e.,
TASC, Screening, HC/HR, etc)• Portfolio Governance and Integrated
Investment Lifecycle (i.e., PMCOE, SEWG, etc)
• FedSpace/Best Practice Platform
IT Reform @ DHSDepartmental PlanFederal Plan
04/21/23 4
“Shift to a “Cloud First” policy”
Cloud ServicesSoftware as a Service (SaaS):Delivery of business applications over the Intranet on demand.Customers leverage ESDO development capabilities to provide complete end-user applications.
Platform as a Service (PaaS):Delivery of a combination of infrastructure and “middleware” software combined togetherProvides an end-to-end software development and production pipeline in a “hosted” model on demand.Customers use the platform solutions develop and launch new applications
Infrastructure as a Service (IaaS):Customers use the secure, reusable infrastructure to run their platform and business servicesDelivery of technology infrastructure on demand (e.g., network, servers, memory, storage, and database).
Cloud ServicesSoftware as a Service (SaaS):Delivery of business applications over the Intranet on demand.Customers leverage ESDO development capabilities to provide complete end-user applications.
Platform as a Service (PaaS):Delivery of a combination of infrastructure and “middleware” software combined togetherProvides an end-to-end software development and production pipeline in a “hosted” model on demand.Customers use the platform solutions develop and launch new applications
Infrastructure as a Service (IaaS):Customers use the secure, reusable infrastructure to run their platform and business servicesDelivery of technology infrastructure on demand (e.g., network, servers, memory, storage, and database).
“Private and Public Cloud Services”DHS established a model for enabling available, secure, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud Attributes1. Services BasedComputing resources are consumed as services
2. Multi TenantResources are shared among many customersReuse – Source Forge Concept
3. Pay Per UseCustomers pay based on usage; not for full stand up
4. Scalable and ElasticResources and provisioned or released in near real-time
5. AccessRole Based access and Authentication
6. CompliantSecurity Profile for Production Environment508 Compliant Templates
Cloud Attributes1. Services BasedComputing resources are consumed as services
2. Multi TenantResources are shared among many customersReuse – Source Forge Concept
3. Pay Per UseCustomers pay based on usage; not for full stand up
4. Scalable and ElasticResources and provisioned or released in near real-time
5. AccessRole Based access and Authentication
6. CompliantSecurity Profile for Production Environment508 Compliant Templates
04/21/23 5
DHS Identity Proofing in the Cloud
• VIS provides ability for employer to confirm workers right to work in US
• Congress requested the DHS (USCIS) create a program so the worker could check their status– Confirm right to work– Obtain information on next steps if there was an
issue
• DHS (USCIS) created the SelfCheck program to provide this capability to workers
6
www.uscis.gov/everifyselfcheck
7
Identifying Information
8
E-Verify Self Check 9
Mismatch Resolution:Users receive instructions on how to correct any data mismatches in SSA or DHS records
Employment Eligibility Verification:Self Check returns either an affirmative response or any data mismatches found in DHS or SSA records
Web Based:Self Check is offered over the Internet and other channels are being investigated
US Workforce:Self Check is available to the entire US workforce, regardless of employment with an E-Verify employer
Identity Assurance: Level 2Identity Proofing, including knowledge based questioning, ensures Self Check is only used by identity information owners
Fraud Prevention:A user is only able to use Self Check if he is able to successfully authenticate his identity
Self Check ResultsSample
Sample
Sample
SampleX
March 2010
Self Check: Identity Proofing in the Cloud
Summary
• DHS has embraced both the Public and Private Clouds– Reduce costs and time to deploy– Increase flexibility and responsiveness– Decrease carbon footprint– Decrease floor space
• DHS is rolling out numerous Public and Private Cloud efforts
• Need to apply sound security management practices to use Clouds safely and effectively
10