2013 aws worldwide public sector summit

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Web Mapping and Security – A View From Esri

Bonnie Stayer – Solutions Engineer

Dan O’Leary – Director, D.C. Software

Development Center

2013 AWS Worldwide Public Sector Summit

Introduction

• Cloud security affected by many moving parts

– Cloud security standards evolving – FISMA/FedRAMP

– “Cloud First” initiative

– Advancing ArcGIS security capabilities

– Evolution of cloud provider capabilities

– Mobilization of workforce


Introduction

• Choosing an appropriate cloud deployment

– Not just technical issues/concerns

– Political push/pull issues

• Cloud First vs. “We don’t trust cloud providers, yet”

– No silver bullet for all cloud security concerns

• Esri provides a roadmap of options and best practices,

not just a “Safe” button to push


Esri – A Global Company

US Regional Offices

US Satellites

International Satellites

International Distributors


Server Online Content

and Services

Desktop Web Device

ArcGIS

Online

ArcGIS – A Complete Platform

• Data Management

• Visualization

• Analysis

• Dissemination


Cloud Implementation Options

Service Non-Cloud IaaS SaaS Model AGS Your Location AGS in AWS ArcGIS Online

Cloud On-premises

Deployment On-Premises Community Hybrid Public Model Your location AWS GovCloud Your Loc+AWS AWS/Azure

Management Self-Managed Managed Model You Esri

ArcGIS Server Security

Architecture


Deploying ArcGIS Server in AWS

• Pre-built AMIs

– Windows, Linux

– Include RDBMS

– Launch instance, authorize license, create site

• Cloud Builder

– Desktop application

– Simplifies assembly and administration


ArcGIS IaaS Security

• Question

– If my cloud IaaS is FISMA/FedRAMP accredited and I deploy my app into that cloud,

is the overall implementation FISMA/FedRAMP equivalent?

• Answer

– No

• Question – Part 2

– Okay, so it’s not FISMA/FedRAMP equivalent, but the IaaS by itself ensures the

solution is “secure enough”, right?

• Answer

– No

IaaS

FISMA

Default

ArcGIS


Security Responsibility

Customer

Managed

Cloud

Provider

Managed

Server Infrastructure (Servers, Storage, Racks)

Network Infrastructure (Switches, Routers, Cables, SAN)

Data Center (Physical facility, UPS, Cooling)

Data

Platform, Applications, Identity & Access

Management

Operating System, Network, & Firewall

ArcGIS Online Security


ArcGIS

Online

Executive

Access

Public

Engagement

Work

Anywhere

Knowledge

Workers

Enterprise

Integration

Professional

GIS

How is it used?


ApplicationCustomer Configured

ApplicationEsri Managed

Infrastructure Cloud Provider

Managed

Server Infrastructure(Servers, Storage, Racks)

Network Infrastructure(Switches, Routers, Cables, SAN)

Data Center(Physical facility, UPS, Cooling)

Web Admin App(Org-wide settings, Management)

End-User Org Portal(Create maps, Share, Discover)

ArcGIS Online Application(Portal, Map Services, Account Management)

Data(Portal, Index, Hosted)

OS & Middleware

Esri & Cloud Provider Managed

Middleware

Operating System

Security Responsibility


Deployment Options

Intranet Intranet Intranet

Intranet Intranet

Portal Server Server Server

Server Server Server

Online

Online Server Server Server

Portal Server Server Server

Online

Read-only

Basemaps

Cloud On-premises


Server

Web/Mobile

View

Desktop

View

ArcGIS

Online Web Map

Desktop Geodatabase

Hybrid Deployment

Assessment & Authorization


Product Cloud

Provider

Planned

Federal

A&A

Q1 -

2013

Q2 -

2013

Q3 -

2013

Q4 -

2013 2014

ArcGIS

Online

Amazon

Web

Services

FISMA

Low

ATO

FISMA

USDA

Amazon

Web

Services

&

MS Azure

FedRAMP

Mod

FedRAMP

SaaS

Reviews

Started

ArcGIS

Server

CSP or

AWS

GovCloud

FISMA

Mod

ATO

FISMA

Esri

Managed

AWS,CSP

FedRAMP

Mod

Establish

AGS Fed

Image

Incorporate

Lessons Learned

Implement

Implement

Implement Alignment

Alignment

Facilitate

ATO

Federal A&A Roadmap

ATO


ArcGIS Online Security Certification Efforts

• In Place

– Esri Data Center Operations - SSAE 16 Type 1

– Expanded to Managed Services in 2012

– Safe Harbor Self-Certification

• Currently Pursuing

– FISMA Low Accreditation • Includes 3rd party assessment

• Expected completion over next several months

• Future

– FedRAMP Moderate • Incorporates more advanced security controls

Thank You

2013 aws worldwide public sector summit

Documents