“Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are

Clouds” Federal Committee for Statistical Methodology (FCSM)

Policy Conference

Presented by:

Harry Lee, Senior Computer Scientist for InfrastructureU.S. Census Bureau

December 5, 2012

U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU

Census Bureau Cloud Approach OverviewAgenda

2U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU

• Cloud Computing Defined

• Why Cloud?

• Census Hybrid Cloud Approach

• Internal Census Use of Cloud Services

• External Access to Census Data and Services

• Shared Infrastructure and Services

• What Controls are Needed?

• Is the “Cloud” Safe Enough?

• Questions

Census Bureau Cloud Approach OverviewCloud Computing Defined

3U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU

The NIST Definition of Cloud Computing

“Cloud computing is a model for enabling

convenient, on-demand network access to a

shared pool of configurable computing

resources (e.g., networks, servers, storage,

applications, and services) that can be rapidly

provisioned and released with minimal

management effort or service provider

interaction. This cloud model is composed of

five essential characteristics, three service

models, and four deployment models.”

Census Bureau Cloud Approach OverviewWhy Cloud?

4U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU

Alignment with Federal Government Goals, Objectives and Initiatives, primary examples include:

• 25 Point Implementation Plan to Reform Federal Information Technology Management (12/9/2010)• “Cloud First” Policy when looking to add IT resources

and or capabilities

• Federal Cloud Computing Strategy (2/8/2011)• Highly reliable, innovative services quickly

despite resource constraints

• Digital Government Strategy (5/23/2012)• Better content and data through

multiple channels

Census Bureau Cloud Approach OverviewWhy Cloud?

5U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU

Cloud Benefits - Better, Faster, Cheaper…….even “Greener”

Efficiency• Improved asset utilization (server utilization > 60-70%)• Aggregated demand and accelerated system consolidation

(e.g., Federal Data Center Consolidation Initiative)• Improved productivity in application development,

application management, network, and end-user

Agility• Purchase “as-a-service” from trusted cloud providers• Near-instantaneous increases and reductions in capacity• More responsive to urgent agency needs

Innovation• Shift focus from asset ownership to service management• Tap into private sector innovation• Encourages entrepreneurial culture• Better linked to emerging technologies (e.g., devices)

Census Bureau Cloud Approach OverviewHybrid Cloud Approach

(composition of two or more clouds that remain unique entities but are bound together, offering the

benefits of multiple deployment models.)

• 3 Cloud Model – Private, Government Community, Public

• 2 Consumer Groups – Internal (Census, Partners), External (Gov, Public)

• Multiple levels of security – data, apps, network, device, user

• Multiple methods of data access – web site, web apps, APIs, VDI, LAN

• Shared Infrastructure – network, servers, storage, security

• Shared Services – data management, collaboration, applications

• Governance & Compliance

7

Census Bureau Cloud Approach OverviewBoth internal and external Census customers use a growing list of IT services

8

Census Bureau Cloud Approach OverviewCensus’ public API - Makes data available to developers, both inside and outside of Census

9

Census Bureau Cloud Approach OverviewMobile applications provide powerful data visualization of the nation’s economy, people & places

10U.S. Department of CommerceEconomics and Statistics AdministrationU.S. CENSUS BUREAU

Census Bureau Private Cloud

Teleworker/WAH

Firewall

Authorized External

Using personally owned PCs, MACs,

or tablets users view work sessions run through a firewall

and processed in the Census Bureau’s

Private Cloud

#1

Users work with files and applications

which are centrally located

Session A

Session B

Session B

Session A

Idle (Available Resources)

Session C

Session C

Session D

Session D

Session E

Session E

#2

All system administration tasks, systems and

software upgrades, backup of user files, etc. occur

within the Census Bureau’s Private Cloud

#4

Users located at Census Headquarters

Virtual Desktop Infrastructure

Threats of the user’s device contaminating Census Bureau systems and/or network are eliminated#3

Note: The Census VDI infrastructure is currently capable of supporting over 10,000 users, is scalable to over a million users, and provides the opportunity to replace all desktops PCs with thin clients.

Census Bureau Cloud Approach Overview Enabling Telework via a Virtual Desktop Infrastructure (VDI)4 Points about VDI

Census Bureau Cloud Approach OverviewWhat Controls are Needed?

• Data Security – Secure the data as primary security control

• Application Security – Build security into the application as well as the data being accessed

• Network Security – User and device network access controls

• Device Security – Control and protect the devices accessing your data/systems

• User Authentication and Authorization – For access to “protected” data and associated services

• Web Browser Security - Cloud users and administrators rely heavily on Web browsers, so browser security features can lead to cloud security breaches

Census Bureau Cloud Approach OverviewIs the “Cloud” Safe Enough?

• With the proper security controls (based on level of data sensitivity)

• With the proper visibility (into access and usage)

• With the proper reviews (into who and what; and how to improve controls)

Questions?

Census Bureau Mission“The Census Bureau serves as the leading source of quality data about the nation's people and economy. We honor privacy, protect confidentiality,

share our expertise globally, and conduct our work openly. We are guided on this mission by our strong and capable workforce, our readiness to innovate, and our abiding commitment to our customers.”