Navy Path to Cloud Commercial Services Integration (CSI) Team November 2013 ACT-IAC Pacific: Cloud...
-
Upload
amy-perkins -
Category
Documents
-
view
213 -
download
0
Transcript of Navy Path to Cloud Commercial Services Integration (CSI) Team November 2013 ACT-IAC Pacific: Cloud...
Navy Path to Cloud
Commercial Services Integration (CSI) Team
November 2013
ACT-IAC Pacific: Cloud Computing Panel & Roundtable
CSI Timeline
SPAWAR Datacenter
Consolidation (2010)
Navy DCC Task Force
(Fall 2010)
SPAWAR Commercial
Service Brokerage (Spring 2011)
FedRAMP and NIST Cloud (Fall 2011)
DoD Cloud Strategy / DISA ECSB Standup (Summer 2012)
Navy IATO for Public
(Fall 2012)
Navy ATO for Public
(Spring 2013)Today…
3 This document, and the information contained herein, is confidential. In this document, the term "Deloitte" refers to Deloitte Touche Tohmatsu Limited member firms and the term "Deloitte Network" refers to DTTL and its member firms.
• Attempt to fit AWS into existing DOD DIACAP/8500.2 framework, attempt a ‘traditional’ ATO;
• Supporting an Echelon III command, there was not much influence on IA policy, so we had to mitigate risks with engineering and architecture;
• We did not attempt to solve for ‘cloud’ in generic sense (no funding, too strategic for operations);
• The team solved most non-technical issues through existing use cases (Navy NMCI experience, NAVFAC Utilities contracting/budgeting experience, etc.).
The Team’s Approach
Our Challenge: Complex, Changing Environment
ATO?
DIACAP
NIST800-53
DoD ECSB CSM
CNSSI 1253DoD
InstructionsCJCSM
FAR /
Public Law
CSP Capability
FedRAMP
5 This document, and the information contained herein, is confidential. In this document, the term "Deloitte" refers to Deloitte Touche Tohmatsu Limited member firms and the term "Deloitte Network" refers to DTTL and its member firms.
• Consistent terminology is critical (NIST 800-145 is only 3 pages, in plain language!)
• Public multi-tenancy is a primarily ‘new’ component of AWS
• Have IA, CA, DAA, AO folks involved as early in the process as possible
• Engage in phases, rather than jumping in the deep end
• Revisit policy to verify assumptions about actual requirements
• Communication with the vendor is important, especially when doing initial C&A work
The Team’s Approach
CSI Operating Model
Scoping Questionnaire
/ ASHRD
Cost Estimation
Engineering MIPR
Engineering Analysis
Execution MIPR Execution
• System Size and Scoping Questionnaire
• Application &SystemHostingRequirementsDocument
• Rough Cost of Cloud component
• Total depending on scope/size
• Analyze sponsor requirements
• Develop execution plan, schedule and costing
• Assess security posture
• Total depending on scope/size
Deloitte Consulting, LLP
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
© 2013 Deloitte Development LLC. All rights reserved.
Adam CrosbySpecialist Master
Deloitte Consulting LLP295 Bendix Road, Suite 105, Virginia Beach, VA 23452
Mobile: +1 757 839 [email protected] | www.deloitte.com