Performing
Now that you’re up and running in the cloud, remember our Shared Responsibilities Model – ensure that your team is taking care of their responsibilities:
Accelerated Public Cloud Services Shared Responsibilities Model
for compute and storage
Teams
Contracts & Billing
Security & Privacy
Technology Stack
RESPONSIBILITY IN the CLOUD
Ministry Teams
- Applications & Data
- Applications & Data
Apply Financial Controls, monitor
costs, pay for resources used
Contract for development, with cloud security schedule + privacy schedule
2nd stage procurement or process
to justify selection of cloud service provider
to justify selection of cloud service provider
App-specific Security & Access Management, logging, incident response, protection of data in transit and at rest
STRA & SOAR for application
and any 3rd party tools
and any 3rd party tools
Ministry Program PIA
Information Management
as per CPPM Ch 12
as per CPPM Ch 12
Manage Application Lifecycle
Code Management (GitHub)
Build & Deploy Pipelines
Support app and any 3rd party tools
Backup and restore
DR plan and test
Communities of Practice - DevOps Commons, others
Regular cadence of meetings, support from members of teams that are on the same journey, curated vendor and product
introductions and updates, highlighting of well aligned teams and their best practices
Accelerated Public
Cloud Services Team
(and service delivery
partners)
- Corporate Services
& Governance
Cloud Services Team
(and service delivery
partners)
- Corporate Services
& Governance
Parse CSP bills to provide bills to ministries.
Establish governance framework for
admin access to accounts, billing,
monitoring (including visibility into costs),
audit-ability
admin access to accounts, billing,
monitoring (including visibility into costs),
audit-ability
Automate policy and standards compliance as much as possible - includes platform security (and patching) above the virtualization layer
1st stage procurement, negotiation of contracts, to establish CSA or similar
Cloud Security and Privacy Schedules for inclusion in contracts
Corporate PIA for cloud service
types, for each CSP
types, for each CSP
Corporate STRA for each CSP
Centralized logging
Platform level incident response & investigation
IM IT Policy and Standards
Ordering & Provisioning Infrastructure
Manage catalogue(s) of compliant cloud services (initially compute and storage)
Develop library of scripts for automated provisioning of cloud infrastructure
Corporate Services (like ExpressRoute)
- all things best implemented once for the enterprise
- all things best implemented once for the enterprise
Provide curated selection of cloud-related training courses
Cloud Service Provider
- Data Centre Security and Reliability
- Data Centre Security and Reliability
RESPONSIBILITY FOR the CLOUD
Cloud Service Provider
- Data Centre Security and Reliability
- Data Centre Security and Reliability
Provide tools for monitoring and
reporting on resources used
reporting on resources used
Offer a selection of pricing models
(reserved instances, saving plans ...)
-> bill for consumption
(reserved instances, saving plans ...)
-> bill for consumption
Security (including patching)
of everything up to and including
the virtualization layer
of everything up to and including
the virtualization layer
Compliance with industry standards:
FedRAMP; EU/US Privacy Shield;
ISO 9001, 27001, 27017, 27018 ...
FedRAMP; EU/US Privacy Shield;
ISO 9001, 27001, 27017, 27018 ...
Data Centre Operations
Compute
Storage
Network
Hardware Infrastructure - Regions, Availability Zones, Edge Locations