Download Cloud Zip File

More than 100 million users around the globe rely on Cloud Software Group to help them adapt, transform, and meet the challenges facing every modern enterprise across private, public, managed and sovereign cloud environments. We enable our customers to evolve, compete and succeed leveraging our software franchises for and across data, automation, insight and collaboration.

Cloud technology is one of the most significant shifts your company will face, offering agility, scale, and favorable economics. But the integration of private clouds, public clouds, and legacy IT environments can be daunting. HPE Services can help you find the right mix of hybrid cloud and sustainable IT that can turn your organization into a valuable change agent for innovation and growth.

Download 🔥 https://urlgoal.com/2y84ed 🔥

With an unbiased approach developed through more than 1,000 cloud transformation projects, our hybrid cloud consultants help you stay ahead of the best way to optimize your environments and unleash your people.

No matter where you are in your journey to hybrid cloud, our cloud consultants can help you map out your next steps. From determining what workloads should live where, to handling governance and compliance, to managing costs, our experts can help you optimize your operations. As part of these engagements, our consultants will recommend strategies for IT to become more sustainable.

The new strategy is founded on three key pillars of successful cloudadoption: security, procurement, and workforce.Collectively, these elements embody the interdisciplinary approach to ITmodernization that the Federal enterprise needs in order to provideimproved return on its investments, enhanced security, and higherquality services to the American people.

Additionally, all Federal agencies will rationalize their applicationportfolios to drive Federal cloud adoption. The rationalization processwill involve reducing an application portfolio by 1) assessing the needfor and usage of applications; and 2) discarding obsolete, redundant, oroverly resource-intensive applications. Decreased application managementresponsibilities will free agencies to focus on improving servicedelivery by optimizing their remaining applications.

To support these rationalization efforts, the CIO Council will developbest practices and other resources. Furthermore, while the initial CloudSmart work plan will be executed over an eighteen-month period, itsactions will be refreshed continuously as needed to keep up with thechanging cloud market and emerging technologies.

Furthermore, Cloud Smart operates on the principle that agencies shouldbe equipped to evaluate their options based on their service and missionneeds, technical requirements, and existing policy limitations.Computing and technology decisions should also consider customer impactbalanced against cost and cybersecurity risk management criteria.Additionally, agencies need to weigh the long-term inefficiencies ofmigrating applications as-is into cloud environments against theimmediate financial costs of modernizing in advance or replacing themaltogether.

Cloud adoption strategies that successfully meet the intent of CloudSmart should not be developed around the question of who owns whichresources or what anticipated cost savings exist. Instead, agenciesshould assess their requirements and seek the environments andsolutions, cloud or otherwise, that best enable them to achieve theirmission goals while being good stewards of taxpayer resources.

Agencies should conduct regular evaluations of customer experience anduser needs to ensure that their solutions successfully fosterefficiency, accessibility, and privacy.4 Additionally, agenciesshould regularly rationalize and update their applications, migrating asneeded, to reduce the risk of large-scale failure, better allocate theirresources, and provide staff with adequate time to become familiar withcontemporary product management techniques. Agencies must also tracktheir growth in areas where decisions about technology intersect otherdisciplines. Namely, serious consideration and investment should bededicated to the three key pillars of successful cloud adoption:security, procurement, and workforce.

Given the distributed nature of cloud and the growing number of discretecapabilities and deployment models available to choose from, agenciesmight consider moving or adding security and privacy controls to thedata layer itself, rather than just where they have historically residedat the network perimeter. By doing so, agencies can improve theiroverall security and privacy posture, empowering them to fully embracecloud technologies while granting them peace of mind that theconfidentiality and integrity of their data are intact.

To realize not only the security benefits of cloud infrastructure, butalso its benefits related to scalability and speed-to-market, agenciesshould utilize mature agile development practices, including DevSecOps.The use of automated and assistive technologies such as artificialintelligence and machine learning can help agencies to further improvesecurity. Agencies should also review their IT portfolios regularly todetermine modernization plans for existing tools and compare potentialservice offerings designated as Best In Class (BIC) solutions formaximized return on investment.

Furthermore, providing staff with training and other educationalresources is essential to fostering maturity in the areas of privacy,security, and procurement. Agency IT staff should become familiar withlean product management, agile development, continuous delivery, andautomated infrastructure at the team and program level as part of anymodernization plan. Additionally, non-IT staff supporting privacy,security, and procurement should receive training in the multiple coredisciplines outlined above. Sustained progress in these areas of stafftraining is foundational to the successful implementation of new cloudefforts.

Successfully managing cloud adoption risks requires collaborationbetween agency leadership, mission owners, technology practitioners, andgovernance bodies. Coordination between information security and privacyprograms is necessary to ensure compliance with applicable privacyrequirements and for the successful identification and management ofrisks to individuals when processing personally identifiable information(PII).7 Senior Agency Officials for Privacy (SAOPs)8 areresponsible for managing the risk that may result from the creation,collection, use, and retention of PII, and have an important role toplay when making decisions about the adoption of technology andprocesses that concern or impact the management of PII.

Given the ease of flow of federally-owned data from internal networks toexternal, end-user devices, encryption and modern Identity, Credential,and Access Management (ICAM) implementation is essential. Encryption andICAM implementation is particularly relevant in the context ofcloud-based environments, namely in those instances where an agency ispartnering with an external service provider to manage networkvisibility and data protection.

Furthermore, agencies should be made aware if their information willreside on a third-party information system prior to signing any serviceagreement; agencies should be provided continuous access to log data;and must be notified promptly if a cybersecurity incident, breach, 11or other adverse event occurs or is suspected to have occurred thatinvolves any information or information systems covered by a serviceagreement with a cloud service provider.

The Federal Risk and Authorization Management Program (FedRAMP) providesa standardized government-wide approach to security assessment,authorization, and continuous monitoring of cloud services. Offeringcloud service providers the opportunity to demonstrate their ability tomeet Federal security requirements through standardized baselines hasallowed for a flourishing marketplace of vetted providers to develop. Ithas also allowed agencies to adapt from arcane legacy technology tomission-centric and cost-effective cloud-based systems in a more rapid,consistent, and secure manner.

Although the FedRAMP program management office has drastically reducedthe amount of time it takes to authorize a cloud service provider, thereis still work to be done to address the underlying issues thatcontribute to the relatively slow pace of assessment. For example, alack of reciprocity across agencies when adopting FedRAMP authorizationshas led to significant duplication of effort when assessing security forproduct deployment. In addition, a large number of agency-specificprocesses has made it complicated for agencies to issue an Authorizationto Operate (ATO) for solutions, even when using existing authorizedcloud service providers. In fact, despite the reiterated importance ofenterprise risk management,13 agencies continue to cite majorobstacles with their own policies and practices.

Finally, enhancing the skillsets of the Federal workforce around cloudsecurity in the FedRAMP program will allow the Federal Government tocontinue to increase the efficiency and effectiveness of agency securitypractices in adopting cloud systems, while reducing the burden onsecurity professionals, providers, and agency leadership. Assembling acadre of professionals and providing direct engagement with all aspectsof the security authorization process will build a common andcomprehensive understanding of cloud security and enable more trust whensharing ATOs. Agencies are also encouraged to take a multidisciplinaryapproach to hiring and training their workforce, as well as providecommunity spaces where digital services experts, information securityprofessionals, procurement specialists, and others with a mutualinterest in effective, secure cloud adoption can collaborate on currentchallenges and opportunities in the cloud computing space.

Industry partners, interagency working groups, and individual agencieshave provided the Federal IT and acquisition communities with a wideselection of recommended actions to accelerate the adoption of cloudsolutions. Some of these recommendations have been translated intoFederal-wide guidance, but there remains a lack of consistency acrossagency implementations and information sharing on best practices. In theabsence of comprehensive guidance, agencies must search across multiplesources to gain a basic understanding of the various types of cloudservices sold in the commercial marketplace, the different offeringsavailable on existing government-wide contracts, and the best way toevaluate which approach is best for a given requirement. 006ab0faaa