1 / 51

Remarks Adam Montserin CEO, iGovTT

Remarks Adam Montserin CEO, iGovTT. Re-Cap of Last Meeting Update on GovNeTT RFP Status of the eGIF Policy By Kevin Ramcharitar Solution Architect Office, Consulting Unit. Draft Policy Information & Communication Technology & Systems Specifications Approval.

goro
Download Presentation

Remarks Adam Montserin CEO, iGovTT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Remarks Adam Montserin CEO, iGovTT

  2. Re-Cap of Last Meeting Update on GovNeTT RFP Status of the eGIFPolicy By Kevin Ramcharitar Solution Architect Office, Consulting Unit

  3. Draft Policy Information & Communication Technology & Systems Specifications Approval Denyse White, Consulting Unit 28 March, 2013

  4. Limited IT professionals throughout GoRTT • Administrative/Operational role of National Information Systems Centre • Process established in 1990 • NISC subsumed by National ICT Centre 20?? • Responsibilities retained by iGovTT 2010

  5. Current State • IT professionals prevalent throughout GoRTT • Strategic advisory role of iGovTT • Policy last revisited in 2006 • Incorporated within the CTB regulations

  6. Inconsistent adherence to the process • Time delays to GoRTT agencies • Value add vs. resource allocation – iGovTT

  7. Stakeholders • Ministry of Finance • Central Tenders Board • Permanent Secretaries (Equivalent Accounting Officers) • ICT and Procurement Specialists

  8. Governance

  9. Compliance Sign-Off

  10. Exception Governance

  11. Primary Questions • Do you agree with the purpose as defined in the ICT and Systems Specifications Policy? • Should there be any inclusions or exclusions to the scope? • Are there any other legislation or guidelines that should be included for consideration in the adoption of the policy? • Do you agree with the objective of establishing this devolved authority? • Are there any other areas that should be included for consideration?

  12. Consultation Process • Consultation Document Circulated • Feedback timeframe – 3 weeks from issuance • Feedback submitted via • Email - Denyse White – denyse.white@igovtt.tt • General Comments on Secure Log In Site - http://www.igovtt.tt/members/ • Print Copy Denyse White National Information and Communication Technology Company Limited (iGovTT) 52 Pembroke Street Port of Spain 624-8001 (fax)

  13. Cloud Computing Varma Maharaj Solution Architect Office, Consulting Unit 28 March, 2013

  14. Cloud Computing • What is Cloud Computing? • The Use of Computing Hardware and Software Delivered as-a-Service over a Network

  15. Cloud Computing • Common Characteristics of Cloud Computing • Ubiquitous Access • Resource Virtualization • Pay-as-You-Use • Elasticity • Remotely Hosted

  16. Cloud Deployment Models Community Cloud

  17. Cloud Deployment Models Public Cloud

  18. Cloud Deployment Models Private Cloud

  19. Cloud Deployment Models Hybrid Cloud

  20. Cloud Service Models • Infrastructure as a Service • Rent fundamental infrastructure: -processing • -storage, -networking • Deploy software,applications and evenoperating systems

  21. Cloud Service Models • Software as a Service • No Hardware/Software to Manage • Service Deliveryvia web browser

  22. Cloud Service Models • Platform as a Service • Deploy and develop your own software • Configure hostingoptions

  23. Benefits of Cloud • Reduced Procurement Times and Requirements • 24 x 7 Availability • Simplified Centralized Applications • Improved Application Redundancy • Lowered ICT Costs • Lowered Client License Cost • Pay-as-you-Use • Ubiquitous Access

  24. Disadvantages of Cloud • Disadvantages of the Cloud • Data Protection • Governance • Security Control • Requires Persistent Connection • Limited features

  25. GoRTT Benefits of Cloud • Benefits of Economies of Scale • Overall Reduction in ICT Operational and Capital Cost • Focus on Services Offered – Less Focus on Management of Infrastructure • Eco-Friendly

  26. GoRTT Benefits of Cloud • Satisfying Infrastructure Demands • Increased Elasticity and Agility • Governance & Ownership

  27. Cloud Around The World • How Developing Countries Approach Cloud: • Leverage For ICT Advancement • Advanced ICT Innovation at Lowered Cost • Begin The Transition to Next Generation Models of ICT Such as Cloud

  28. Cloud Around The World • How Major Countries Approach Cloud: • Incorporate cloud computing in their ICT strategy • Many applications already deployed via the cloud • Enables efficient/effective ICT sharing • United States, United Kingdom and Singapore

  29. Conclusion • Cloud is Here • Structural and Cultural Shift from Traditional ICT • Security Concerns Can Be Overcome • Leverage Existing Government ICT Infrastructure • Explore and Implement a Cloud Strategy

  30. Conclusion

  31. Security Considerations in Cloud Computing Khafra Murray, Security & Assurance Unit 28 March, 2013

  32. Security/Risk - Cloud Computing • Security Considerations of the Cloud • No information system is 100% Safe • Understand the risks of cloud computing • How cloud hosting companies have approached security • Law and Jurisdiction are critical • Best practice for companies utilizing the cloud

  33. Risks in The Cloud • No System is 100% Safe • Every system once thought secure has been breeched • Cloud services have become and will continue to be a very lucrative target for hackers • It’s still Hardware + Software + People, just not YOUR hardware, YOUR software or YOUR people.

  34. Risks in The Cloud • Risks Inherent to Cloud Computing • Disconnect in Information Control • Disconnect in control systems and policy • Disconnect in SLA interpretations • Black Box Managed Services / Lack of Transparency • Single Points of Failure

  35. Risks in The Cloud • Information Control • Data is no longer “on premises” subject to audited physical protections • Data subject to service provider’s backup policies, including off-site storage • Data is subject to service provider’s retention policies • Provider Liability for data loss is minimal

  36. Risks in The Cloud • Disconnect in Internal Controls • Service Provider will have their own control mechanisms • Policies (HR, Financial, workflows) internal to the provider and invisible to the cloud subscriber will have an impact on the risk to cloud services. • Processes such as change management may not align to client standards (Microsoft Azure failure 2013)

  37. Risks in The Cloud • Service Level Agreements • Do not provide guarantees, only a promise of best effort • Can often be misinterpreted, disagreements in SLA interpretation can stall service delivery • There is always compromise/imbalance between the risk transferred to the provider and the accountability in the event of service or data loss.

  38. Risks in The Cloud • Black Box / Lack of Transparency • Service providers provide high level concepts of the architecture, but no more • Hardware and software used in the infrastructure cannot be audited for vulnerabilities by the client • Providers do not permit audits of their operations/processes/policies by the client • Public Cloud subscribers are co-tenants - you don’t know who’s data or what class of data is being hosted along with yours

  39. Risks in The Cloud • Single Points of Failure • Despite the distributed nature of many cloud services, even the largest suffer system-wide outages (Amazon, Windows Azure) • Business operations are affected without any powers or access to affect the recovery • Traditional BCP cannot replicate cloud based services

  40. Risks in The Cloud • Law • The Patriot Act stipulates than data stored in the USA or under the custodianship of a US company can be accessed by that government in the course of an investigation – Service providers are legally barred from informing subscribers of the access to their data • In T&T it is illegal to store sensitive government data overseas unless the foreign territory provides equal or greater protections for data privacy and confidentiality

  41. Risks in The Cloud • Jurisdiction • Data stored in any country is subject to the laws and compliance requirements of that country in preference to any other • Companies registered in the United States can be mandated to provide electronic data stored in any servers under it’s control in any country • In the event of a data breach of GoRTT data at a foreign cloud service provider, the process to grant access to digital evidence would take no less than 6 months

  42. Managing Risk in Cloud • Maintain Control and Confidentiality • Private Cloud deployments over public cloud services • Data encryption for data in motion (client/server) as well as data at rest. – There are security solutions which do this • Ensure that data classification policies are robust and services subscribed to support the class of data

  43. Managing Risk in Cloud Managing Risk in The Cloud: • Due Diligence • Inquire about exception monitoring and reporting • Vigilance around platform updates and access privileges • Ask where data (including backups) is stored AND processed, and inquire as to the details of data protection laws in the relevant jurisdictions.

  44. Managing Risk in Cloud Managing Risk in The Cloud: • Due Diligence • Independent assessments and certifications • Third party transparency • BCP/DR activities align with cloud based processing and services • Availability guarantees and liability • Find out whether the cloud provider will accommodate of GoRTT security policy

  45. Moderated by Denyse White

More Related