Beruflich Dokumente
Kultur Dokumente
November 1, 2014
Enterprise Cloud Computing Strategy
APPROVAL
Executive Approval
As the Chief Information Officer, I approve the PBGC Cloud Computing Concept of Operations.
ii
Enterprise Cloud Computing Strategy
Table of Contents
EXECUTIVE SUMMARY .......................................................................................................................1
1 OVERVIEW ..................................................................................................................................2
1.1 BACKGROUND ................................................................................................................................... 2
1.2 PURPOSE.......................................................................................................................................... 2
1.3 AUDIENCE ........................................................................................................................................ 2
1.4 WHAT IS CLOUD? - CLOUD COMPUTING DEFINED AT PBGC ..................................................................... 2
1.5 CLOUD DETERMINATION ..................................................................................................................... 4
1.6 MANAGED SERVICES – A NON-CLOUD SERVICE MODEL........................................................................... 5
1.7 BENEFITS OF CLOUD COMPUTING......................................................................................................... 5
1.8 ORGANIZATIONAL CHANGE MANAGEMENT............................................................................................ 6
1.9 CLOUD COMPUTING ALIGNMENT WITHIN PBGC .................................................................................... 7
1.10 PBGC CLOUD COMPUTING VISION AND GOALS ...................................................................................... 7
2 PBGC ENTERPRISE CLOUD COMPUTING STRATEGY .......................................................................9
2.1 GOAL 1: ADOPT A PBGC CORPORATE-WIDE APPROACH TO CLOUD COMPUTING .......................................... 9
2.2 GOAL 2: DEVELOP A PBGC SPECIFIC ENTERPRISE CLOUD COMPUTING CONCEPT OF OPERATIONS .................. 9
2.3 GOAL 3: INCREASE THE EFFICIENCY OF CURRENT AND FUTURE IT PROGRAM INVESTMENTS .......................... 10
2.4 GOAL 4: MANAGE TECHNICAL AND BUSINESS RISKS IN SUPPORT OF PBGC’S TRANSITION TO CLOUD SERVICES 10
2.5 GOAL 5: ENSURE THAT POTENTIAL BENEFITS ARE CAPTURED AND MEASURED ........................................... 11
2.6 STRATEGIC CLOUD TRANSITION ROADMAP .......................................................................................... 11
3 PBGC’S TARGET CLOUD ENVIRONMENT .....................................................................................13
List of Tables
TABLE 1: NIST ESSENTIAL CLOUD CHARACTERISTICS............................................................................................... 3
TABLE 2: NIST DEPLOYMENT MODELS ................................................................................................................. 4
TABLE 3: NIST SERVICE MODELS......................................................................................................................... 4
List of Figures
FIGURE 1: NIST CLOUD COMPUTING FRAMEWORK................................................................................................. 3
FIGURE 2: HIGH-LEVEL CLOUD TRANSITION ROADMAP .......................................................................................... 12
iii
Enterprise Cloud Computing Strategy
Executive Summary
Cloud computing provides a new way of acquiring and delivering computing resources to the Pension Benefit
Guaranty Corporation (PBGC). Cloud computing presents a compelling opportunity to PBGC senior leadership to
address critical information technology (IT) issues including increased cost efficiency and business agility through
provisioning speed, flexibility and scalability. Cloud computing offers multiple benefits to PBGC by leveraging scale
economies, commoditizing IT infrastructure, and a paying per-use model. In addition, there are cloud computing
benefits that support and accelerate existing federal and PBGC IT initiatives including data center consolidation,
shared services, innovation, and sustainability.
While the adoption of cloud computing offers multiple potential benefits to PBGC, it also presents critical
challenges and risks that must be considered when evaluating and deciding to use cloud computing services. PBGC
must balance the business needs and characteristics of individual information systems against potential cloud
computing risks to ensure the continued performance, security, and reliability of PBGC information systems.
To accelerate the adoption of cloud computing across the Federal Government, the Office of Management and
Budget (OMB) has made cloud computing an integral part of the IT management reform and instituted a “Cloud
First” policy. This policy requires agencies to consider and evaluate a safe and secure cloud computing option
before making investments. If such an option exists, then OMB is expecting that agencies consider this as a
potentially viable option.
The purpose of the PBGC Enterprise Cloud Computing Strategy is to define an actionable set of goals that when
implemented capture cloud computing benefits across PBGC while continuing to maintain a safe, secure and
reliable environment for information systems that enable and support PBGC’s mission.
Identify and migrate suitable IT services to a cloud computing environment to reduce costs and
increase IT provisioning speed, while ensuring that PBGC information systems maintain their
current high levels of safety, security, reliability, and performance.
PBGC’s Enterprise Cloud Computing Strategy will advance and accelerate the current adoption of cloud computing
across the Corporation to capture benefits and provide tangible business value, while ensuring that PBGC’s
information systems are safe, secure and reliable in support of its mission. To achieve this, PBGC will use a
structured approach to balance requirements, schedule, cost and risk when migrating business systems to the
most appropriate cloud environment. The scope, timing and goal implementation of this strategy will be impacted
by the readiness, priorities and funding commitment of PBGC.
1
Enterprise Cloud Computing Strategy
1 Overview
1.1 Background
In 2010, OMB published the 25 Point Implementation Plan to Reform Federal Information Technology
1
Management to guide the Federal Government to become a more cost efficient and effective provider of public
2
services. The Federal Cloud Computing Strategy published in 2011, articulates the benefits, considerations, and
trade-offs of cloud computing, and provides a decision framework to support agencies in migrating toward cloud
computing. OMB has also instituted a “Cloud First” policy that requires agencies to consider and evaluate a safe
and secure cloud computing option before making investments. If such an option exists, then agencies must
consider the viability of the cloud solution in their environment. PBGC needs an overarching strategy to set the
vision for and guide the adoption of cloud computing across PBGC and capture its potential benefits while ensuring
that systems remain safe, secure and reliable to fulfill PBGC’s mission.
1.2 Purpose
The purpose of this document is to define and communicate a unified PBGC direction and strategy on cloud
computing. It is also intended to serve as a communication vehicle within the PBGC and with external
organizations as required. It is not intended to define, prescribe or constraint any particular technical approach,
plan or solution, service type, or deployment model.
The Enterprise Cloud Computing Strategy, when successfully executed, enables PBGC to realize positive strategic,
financial and operational outcomes. It facilitates a common understanding of the significance of cloud computing
for all PBGC stakeholders and how cloud can dramatically improve PBGC’s ability to serve its customers.
1.3 Audience
The intended audience of this document is PBGC’s senior leaders, business sponsors, system owners, business and
IT program and project managers, and PBGC staff who are stakeholders responsible for information systems, IT
services and cloud computing adoption.
NIST defines five essential characteristics of cloud computing, four deployment models, and three service models,
that help organizations establish requirements for transitioning to the cloud as well as determining the appropriate
cloud offering. The NIST definitions detailed in the following three sections establish the foundation for how PBGC
identifies cloud solutions and serves as the basis to determine whether a cloud offering is the most appropriate
solution to meet PBGC requirements.
1
25 Point Implementation Plan to Reform Federal Information Technology Management
http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/25-point-implementation-plan-to-reform-federal-it.pdf
2
Federal Cloud Computing Strategy http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/federal-cloud-computing-
strategy.pdf
3
The NIST Definition of Cloud Computing, pg. 2. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
2
Enterprise Cloud Computing Strategy
When consuming cloud computing, PBGC will utilize NIST definitions and commonly recognized terminology to
ensure all implemented solutions follow a commonly understood and used vocabulary. This will leverage previous
cloud computing analyses, promote consistency in implementing cloud solutions and also enable PBGC to measure
progress in comparison to other organizations that have implemented similar solutions.
Essential
NIST Definition
Characteristics
On-Demand A consumer can unilaterally provision computing capabilities as needed automatically without
Service requiring human interaction with each service provider.
Broad Network Capabilities are available over the network and accessed through standard mechanisms that
Access promote use by heterogeneous thin or thick client platforms.
Computing resources are pooled to serve multiple consumers using a multi-tenant model, with
Resource Pooling different physical and virtual resources dynamically assigned and reassigned according to
consumer demand.
Capabilities can be elastically provisioned and released to scale rapidly outward and inward
Rapid Elasticity
commensurate with demand.
Cloud systems automatically control and optimize resource use by leveraging a metering
capability at some level of abstraction appropriate to the type of service (e.g., storage,
Measured Service processing, bandwidth, and active user accounts). Resource usage can be monitored,
controlled, and reported, providing transparency for both the provider and consumer of the
utilized service.
Table 1: NIST Essential Cloud Characteristics
4
The NIST Definition of Cloud Computing, pg. 2. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
5
The NIST Definition of Cloud Computing, pg. 3. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
3
Enterprise Cloud Computing Strategy
The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple
consumers. It may be owned, managed, and operated by the organization, a third party, or some
Private Cloud
combination of them, and it may exist on or off premises.
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from
organizations that have shared concerns. It may be owned, managed, and operated by one or more of the
Community organizations in the community, a third party, or some combination of them, and it may exist on or off
Cloud premises. For government organizations, this deployment model represents intra-agency sharing of cloud
capabilities and resources.
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community,
or public) that remain unique entities, but are bound together by standardized or proprietary technology that
Hybrid Cloud
enables compute, network, data, and application portability.
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or
Platform as a acquired applications created using programming languages, libraries, services, and tools supported by
Service (PaaS) the provider.
The capability provided to the consumer is to provision processing, storage, networks, and other
Infrastructure as a fundamental computing resources where the consumer is able to deploy and run arbitrary software,
Service (IaaS) which can include operating systems and applications.
6
The NIST Definition of Cloud Computing, pg. 2. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
4
Enterprise Cloud Computing Strategy
When determining whether an IT service defined as cloud computing, it must meet all five essential MIST
characteristics to be considered c loud. Once a service meets all five characteristics, the service and deployment
model may be determined.
A managed service provides application functionality and hosting in a single service offering. A managed service
does not provide the five essential cloud characteristics such as resource pooling and rapid elasticity. If a managed
service does provide the five essential cloud characteristics, it would be a cloud service offering, not a managed
service.
Managed services, in the PBGC IT environment are typically those services provided by Federal shared service
providers (see Uncle Sam’s List on https://unclesamslist.max.gov/). When assessing PBGC applications and IT
services for cloud environment, specifically SaaS, IPgTs and Integrated Project Teams (IPTs) should consider
managed services as an additional service model to be considered.
For instance, think of a potential scenario where the need for a data and financial analysis tool is presented. The
required functionality is already provided in the form of Software as a Service (SaaS) by an authorized cloud service
provider (CSP). Authorized users in the business may get near immediate access to the SaaS capability on a pay-
per-use model. There would be no need to procure and buy a server, software, connect it to the network, and
provide access, before users can use the functionality. Cloud can also be implemented for development and test
environments. With cloud, development and test environments may be established in minutes and hours rather
than days, weeks or months.
5
Enterprise Cloud Computing Strategy
IT organization, operation costs represent a significant percentage of the IT budget, and the opportunity to
optimize and reduce operation costs by using cloud services represent a very attractive option to IT organizations
and PBGC. For instance, many organizations across PBGC maintain multiple servers (hardware and software) with
similar characteristics and possibly low utilization rates. Costs that are associated with the servers include the
initial acquisition of hardware and software, annual license fees, periodic technology refreshes, and the associated
administration and maintenance of the environment. Depending on the criticality and sensitivity of the data and
systems that they support, the next time that a group of servers requires a technology refresh, the need for these
servers may be provisioned by a CSP, either a Platform or Infrastructure as a Service (PaaS or IaaS) platform
provider rather than PBGC acquiring, installing and configuring a new set of infrastructure. PBGC will then replace
typical costs associated with the operations and maintenance of the servers with a lower pay-per-use rate for the
servers.
Develop and implement a cloud computing communication, outreach and training plan. PBGC will
identify stakeholders and their communication, outreach and training needs. It will develop appropriate
material to satisfy those needs.
PBGC will establish the appropriate planning, migration and post-migration mechanisms to enable,
monitor and control cloud migrations. Integration with the existing IT Solutions Life Cycle Management
(ITSLCM), portfolio management processes and IT Tactical Planning will help to minimize the amount of
change the organization will need to adapt and to absorb.
The Enterprise Cloud Computing ConOps document will expand and detail the organizational change management
approach and activities.
6
Enterprise Cloud Computing Strategy
Organizational Transparency
PBGC IT governance processes provide the opportunity for all relevant stakeholders to contribute in the
assessment of cloud solutions, ensuring decision are not being made in a vacuum. This collaborative approach will
support budget and funding decisions and ensure they are made in a transparent atmosphere and maximize buy-in
from all stakeholders.
Identify and migrate suitable IT services to appropriate cloud computing environments to increase business
agility and reduce costs, while ensuring that PBGC information systems maintain their current high levels of
safety, security, reliability, and performance.
PBGC envisions a future state IT environment that takes advantage of available commercially available and public
sector cloud services (such as infrastructure, platform, and software) and deployment models (such as public,
private, community, and hybrid). PBGC is planning to leverage the PBGC ITSLCM to enable the acquisition,
migration and consumption of cloud services across the Corporation. With cloud computing, most IT initiatives
should not require a significant upfront investment, making it easier for the agency to launch strategic Business
initiatives that are technology enabled. PBGC IT programs will be able to provision services to customers that
satisfy PBGC’s operational demands for flexibility, scalability and timeliness. PBGC IT Programs will be able to
deploy development and test environments quickly and with minimal upfront investments. PBGC IT users will be
able to access authorized data and services from virtually anywhere, anytime they can establish a secure network
8
PBGC Strategic Plan. http://intranet/strategicplanning/PBGC-Strategic-Plan-2014-2018.pdf
9
PBGC IT Strategic Plan. http://intranet/it/PBGC-IT-Strategic-Plan-FY14-FY18.pdf
7
Enterprise Cloud Computing Strategy
connection. IT complexity will be significantly reduced and the IT environment will be adequately protected from
growing and evolving cyber security threats. PBGC IT environment will be scalable and flexible to take advantage of
newer and emerging technologies as required including mobile computing, data analytics, and social collaboration.
8
Enterprise Cloud Computing Strategy
Objectives include:
Provide a comprehensive and holistic analysis framework of PBGC IT services to identify candidates for
cloud adoption based on benefits and risks to PBGC. This will be an enterprise-level PBGC analysis where
all relevant PBGC programs, business units, and service providers are analyzed for consolidation and
optimization opportunities from cloud adoption. The enterprise-level and holistic analysis is key. This
analysis will be shared with the individual Integrated Program Management Teams (IPgT) for
consideration and analysis.
Develop a business case framework to be used by the IPgT and IPTs to measure value and benefits from
cloud candidates. Factors that need to be considered for cloud computing include opportunities for
consolidation and optimization, elimination of redundancies, economies of scale, and a pay-per-use cost
model. IT operation costs to buy, maintain and refresh required software, tools and infrastructure may be
significantly reduced or eliminated. In a cloud computing service model, the CSP (internal or external) is
responsible for buying, maintaining and refreshing the required IT components.
PBGC IT Programs as cloud service consumers can use a flexible utility-type, pay-per-use model to pay
only for IT services that they need and consume without the expenses required for IT components
purchase, maintenance and refresh. The structure and management of these pay per use models must be
addressed to ensure there is no violation of the Anti-Deficiency Act.
Provide guidance as to what types of cloud deployment and service model to use based on the type of
workload. Based on benefits and risks to PBGC, IPgT and IPTs will provide recommendations for
deployment to cloud environments. Their analysis will be based on value and risks to the agency.
9
Enterprise Cloud Computing Strategy
The objective of the ConOps is to provide specific recommendations and actions that enable PBGC to plan, migrate
and manage PBGC IT services in cloud environments. To that end, the ConOps will take a phased approach to an
enterprise acceptance of moving to the cloud. These phases include:
Governance will be addressed in the ConOps and is two-fold – business and investment related
governance and technical governance. For business and investment related governance, the Information
Technology Portfolio Review Board (ITPRB) will be used. Technical governance relates to the post-
migration management of cloud environments. It will be necessary to identify and implement the skills,
roles and responsibilities necessary for the successful management of the Post Migration Cloud
environment. During the Planning Phase, the Office of Information Technology must develop and gain
consensus on the responsibility assignment (RACI) matrix and identify necessary training requirements to
support cloud service level management.
Revise relevant EA standards and processes across PBGC’s ITSLCM to ensure that they support and enable
the adoption and migration to cloud services.
Ensure cloud computing assessments follow the established IT governance structure and processes; and
Integrate the portfolio and project management processes in which individual program assessments will
be validated during the investment cycle and ITSLCM.
Cloud adoption and migration outside of the existing IT governance structures exposes PBGC to additional and
unnecessary operational, financial, and technology risks. Adopting cloud or managed services requires a cross-
organizational, structured approach that is not supported by one-off efforts.
Additional risks and challenges from cloud computing include the capacity and readiness of existing network
infrastructure, interoperability, integration with existing systems, and technology maturity. Cloud services are
10
Enterprise Cloud Computing Strategy
delivered over a network and PBGC must ensure that cloud solution’s response-time and bandwidth requirements
will not impact negatively the performance and normal operations of PBGC business information systems.
The adoption and migration to cloud services in PBGC will be an incremental process and it requires co-existence,
interoperability and integration with existing systems to avoid disruption of PBGC operations. PBGC will also
evaluate the need for and identify cloud migration pilots to manage and minimize risks and challenges from the
adoption of cloud services.
Integrate the Enterprise Cyber-Security Division (ECD) into cloud computing decision-making to
adequately protect PBGC IT environment from growing and evolving cyber-security threats
Develop an enterprise cloud computing risk assessment as part of an overall cloud decision framework to
identify potential risks introduced to PBGC IT environment,
Ensure the network and telecommunication decisions will not represent a bottleneck to network services,
and
Conduct technology pilots to manage and minimize cyber-security and network risks to PBGC IT
environment.
2.5 Goal 5: Ensure that potential benefits are captured and measured
PBGC will ensure that the value proposition and cost benefits from cloud service investments are realistic and
measurable. PBGC will identify, develop, and monitor performance metrics for cloud service solutions. There are
numerous financial and customer centric benefits that can be made possible.
Cloud computing promises to deliver financial value by reducing long-term IT hosting costs and IT asset ownership.
Measuring the financial performance of cloud migrations may be difficult without a more defined cost per unit
measurement of the existing legacy environment. Cost attribution is key in determining current and comparison to
proposed cloud costs.
Financial value performance of cloud migrations may be measured in a number of ways including:
Customer satisfaction is both internal and external. Internal customer satisfaction of cloud migrations can be done
through existing IT internal surveys to business customers. External satisfaction is only measured when externally
facing business information is migrated to the cloud. The cost and time to implement these changes to existing
surveys should be minimal to the survey owners.
11
Enterprise Cloud Computing Strategy
12
Enterprise Cloud Computing Strategy
All of these factors will ultimately result in a strategic enterprise-wide cloud environment that delivers the agreed
upon benefits to PBGC:
An established and repeatable methodology to identify and assess actionable opportunities and readiness
to migrate to the best suited cloud computing services.
A cloud-oriented IT environment that enables a continued success of the PBGC mission.
13