1
Strategizing, Planning, Procuring and Managing Cloud Services:A Series of Discussions with the NYS Forum.
Session One:
Level Setting - Key Considerations for Cloud Adoption and Implementation in Government
February 13, 20202:00 - 3:30 pm
(1:30 pm Check-In)
Matt Reinke, Senior Systems Engineer, Nutanix
Tino Lee, Enterprise & Solutions Architect, NYC DoITT
Joint Workgroup Series
Presenting Workgroup
2
Joint Workgroup Series
● Business Analysis● Business Innovation & Emerging Technology● IT Procurement ● Project Management● Information Security
Joint Workgroup Presentation
3
Session One: Level Setting - Key Considerations for Cloud Adoption and Implementation in
Government
Matt Reinke
Sr. Systems Engineer, SLED New England
Nutanix
Strategizing, Planning, Procuring and Managing
Cloud Services
Matt Reinke is a Senior Systems Engineer with Nutanix. Matt architects solutions which simplify
and modernize government infrastructure across private, public and hybrid clouds. Prior to
Nutanix Matt was a Director of Information Technology and worked to deploy cloud technology at
Boston University.
Joint Workgroup Series
Valentino Lee
Senior Architect, Enterprise & Solution Architecture
New York City Department of Information Technology & Telecommunications
(718) 403-8486 (o)
KEY CONSIDERATIONS FOR CLOUD ADOPTION & IMPLEMENTATION IN LOCAL
GOVERNMENT
4
Session One: Level Setting - Key Considerations for Cloud Adoption and Implementation in
Government
Valentino is a highly experienced computer technologist, architect, and software developer with over 30 years in industry. His background
includes roles in government, corporate, and consulting settings where he drives the design, development, and delivery of web, mobile, and
cloud solutions.
Currently, he advises and supports senior and chief technologists across New York City government and provides technical and architectural
design expertise to help implement some of the City’s most challenging projects. He holds Master’s degrees in Computer Science, Electrical
Engineering, and Biology from London, Columbia, and Oxford Universities respectively. In his free time, he volunteers as a diver and marine
biology teacher at the New York Aquarium.
Joint Workgroup Series
5
Strategizing, Planning, Procuring and Managing Cloud Services
Matt Reinke, Sr. Systems Engineer, SLED New England
Presenting Workgroup
6
Source: Jabil IoT for All. Top 5 Digital Transformation Challenges (and How to Overcome Them)
Complex, manually managed, siloed
infrastructure
Slow infrastructure roll-out and scaling for growth
Can’t quickly provision and
deploy apps
Lack time, resources, budget to innovate
Ongoing struggle to keep apps and data secure /
compliant
Unpredictable operations = excess cost / downtime
Top IT Challenges
Presenting Workgroup
7
Source: Jabil IoT for All. Top 5 Digital Transformation Challenges (and How to Overcome Them)
IT Is Hurting Due to Siloed Infrastructure
Buy
Deploy
Manage
Troubleshoot
Upgrade
Plan
8
Easily comply with performance,
regulatory, legal andprivacy
requirements at lower TCO
Iterate faster with better dev/test
and gain actionable insights across all
data
Bring Cloud scaling and agility to
enterprise application landscapes regardless
where they live
Build an informationfortress
to protect data everywhere
& always be online
Imagine if IT Could…
9
Baseline: NIST Definition of Cloudhttps://csrc.nist.gov/publications/detail/sp/800-145/final
Essential Characteristics1. On Demand – Self Service2. Broad Network Access3. Resource Pooling4. Rapid Elasticity5. Measured Service
Service Models1. Software as a Service (SAAS) 2. Platform as a Service (PAAS)3. Infrastructure as a Service (IAAS)
Deployment Models: 1. Private Cloud2. Community Cloud3. Public Cloud4. Hybrid Cloud
1
2
3
Presenting Workgroup
10
Public Cloud BenefitsRapid Time to Market
Deploy apps in minutes
Flexible IT Consumption
Get & pay for what you need
Simplicity
No low-level infra mgmt
Continuous Innovation
Infra regularly gets better
Presenting Workgroup
11
But … Public Cloud Not Suited for All Workloads
Regulatory
Concerns
That do not permit hosting data outside of
an org's geography
Unpredictable Costs
Overruns due to limitless resources and high egress
charges
From being able to deploy custom solutions to protect your apps and
data
Loss of
Control
Data Gravity &
Legacy Apps
Make migrations hard; plus fear of vendor lock-
in where data resides
Business Apps
VDI
inv CAM
SAPHR
DBIoT
mail ERPAD BI
Stock
Payroll
CAD
CRM
webProc
Accts mobile
Why Hybrid
Cloud?
12
Business Apps
VDI
inv CAM
SAPHR
DBIoT
mail ERPAD BI
Stock
Payroll
CAD
CRM
webProc
Accts mobile
SIMPLIFYReduced Operation overhead
Reduce the resources invested
Deliver the SLA
REDUCE COST OF BUSINESS
13
Re-Platform
- Build Agility, Automation
- Performance and Scalability
- Mission Critical/Disaster Recovery
GROWING THE EXIISTING BUSINESS
Business Apps
VDI
inv CAM
SAPHR
DBIoT
mail ERPAD BI
Stock
Payroll
CAD
CRM
webProc
Accts mobile
SIMPLIFYReduced Operation overhead
Reduce the resources invested
Deliver the SLA
REDUCE COST OF BUSINESS
14
- Self Service, Web-Scale
- Modern Dev Env
- Support Mobile Apps, AI, BI, IoT
NEW BUSINESS, NEW MARKETS
Web Scale
Digital Transformation
Business Apps
VDI
inv CAM
SAPHR
DBIoT
mail ERPAD BI
Stock
Payroll
CAD
CRM
webProc
Accts mobile
SIMPLIFYReduced Operation overhead
Reduce the resources invested
Deliver the SLA
REDUCE COST OF BUSINESS
Re-Platform
- Build Agility, Automation
- Performance and Scalability
- Mission Critical/Disaster Recovery
GROWING THE EXIISTING BUSINESS
15
- Self Service, Web-Scale
- Modern Dev Env
- Support Mobile Apps, AI, BI, IoT
NEW BUSINESS, NEW MARKETS
Web Scale
Digital Transformation
Business Apps
VDI
inv CAM
SAPHR
DBIoT
mail ERPAD BI
Stock
Payroll
CAD
CRM
webProc
Accts mobile
SIMPLIFYReduced Operation overhead
Reduce the resources invested
Deliver the SLA
REDUCE COST OF BUSINESS
Re-Platform
- Build Agility, Automation
- Performance and Scalability
- Mission Critical/Disaster Recovery
GROWING THE EXIISTING BUSINESS
- Agility –IT projects on-demand
- Cloud Native DevOps Environment
- 40-60% Lower TCO than now
- Scale as needed - Service catalogue,
- Automation & Orchestration
- Resilient and Secure
- One Click Operations
- Multi-Cloud enabled for AWS,GCP, Azure, +++
- Application Lifecycle Management
ENTERPRISE CLOUD SOLUTION
16
One Platform. Any App. Any Location
Seamless Hybrid Cloud Operations
CLOUD PLATFORM
Modernize your Infrastructure
Secure your Environment
Consolidate your Data
Automate Operations
Ensure Business Continuity
ON-PREMISE PUBLIC CLOUD
End User Computing/ VDI
Database Enterprise Apps Cloud Native ROBO & Edge Dev & Test Analytics
HARDWARE PLATFORM CHOICE PUBLIC CLOUD CHOICE
17
18
Thank You for Your Time
NYS Forum
KEY CONSIDERATIONS FOR CLOUD ADOPTION & IMPLEMENTATIONIN LOCAL GOVERNMENT
Valentino Lee
Enterprise & Solutions Architect
New York City Department of Information Technology & Telecommunications
(718) 403-8486 (o)
February 13th, 2020
Presenting WorkgroupNYS Forum
Agenda
▪ Traditional Computing
▪ What Is Cloud Computing?
▪ How Is Cloud Computing Different?
▪ The Move To Adopt Cloud Computing
▪ Small-Scale, Publicly-Hosted SaaS Products
▪ SaaS Considerations
▪ Cloud Reviews
▪ More Complex Cloud Solutions
▪ Cloud-Based CMS
▪ On The Horizon & Final Thoughts
▪ Questions?
Presenting WorkgroupNYS Forum
PROBLEMS
Reliance on non‐shareable, dedicated infrastructures
Own large server farms but may only utilize a fraction of it ~10%
Can’t easily scale up/down – not elastic
Insufficient or no disaster recovery ability
Slow and difficult to change – not flexible or agile
Difficult to foster innovation
Difficult to collaborate with external partners
CHARACTERISTICS
Assets are owned
Software, platforms, and infrastructure procured
Software installed primarily on-premises (e.g. desktops or servers)
Technologies held in on-premises data centers
Internal security
Internal data storage
Internal operations & support
CHANGING WORLD
Many more people online
Many, many more devices (e.g. mobile, IoT)
More types of online services and products
Things change more quickly and go out of date faster – difficult to keep up
Traditional Computing
Small Cloud Presence
Primarily On-Premises
Presenting Workgroup NYS Forum
SERVICE MODELS
SaaS – Software as a Service
PaaS – Platform as a Service
IaaS – Infrastructure as a Service
What Is Cloud Computing?
Cloud computing is a means for rapidly delivering hardware and
software technology and services over the Internet to a wide
range of people. Today, it is widely used in the public and private
sectors. Characteristics include:
On-Demand Self Service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
WHAT IS CLOUD COMPUTING?
“Cloud”
SaaS, PaaS & IaaS can be hosted in a public/private/community cloud.
See https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
DEPLOYMENT MODELS
Public Cloud
Private Cloud
Community Cloud (e.g. Gov Cloud)
Hybrid Cloud
Presenting WorkgroupNYS Forum
Potential cost duplication – on-premises and cloud
Limited direct oversight, governance and control
Often a combination of on-premises and cloud services
Determine “good” cloud and on-premises balance
CONSIDERATIONS
How Is Cloud Computing Different?
HOW IS CLOUD COMPUTING DIFFERENT?
Rent or lease technology – don’t buy or own it
Paid service or subscription
“Someone else’s” data centers
Staff may/may not be managing applications/servers
Software may be off premises
Data may be stored off premises
Elastic – easily scale up/down
No charge for non-use
More Cloud Presence
Reduced Footprint
Presenting WorkgroupNYS Forum
Agencies need to implement new technology solutions more quickly
while removing outdated applications in order to improve
efficiencies, reduce costs, and be more responsive to New Yorkers.
Business units within an agency or department want to leverage the
range of modern cloud products and cloud services and sometimes
work independently to obtain them. IT must support the business
but is not always quick enough or in a position to do so.
Products and vendors are no longer selling software that live on-
premises – many are only available in the cloud.
WHAT IS DRIVING ADOPTION?
The Move To Adopt Cloud Computing
Many NYC agencies and departments are using cloud services
extensively, including DEP, DOE, DOHMH, DOITT, DOT, DPR,
DSNY, and NYPD to:
Improve services to New Yorkers
Innovate with different vendors and service providers
Leverage new technologies and services
Improve operational efficiencies
TODAY
Presenting WorkgroupNYS Forum
Small-Scale, Publicly-Hosted SaaS ProductsCOMMON SAAS PRODUCTS
Project Management (e.g. Asana, Monday, Smartsheet, Trello)
Event Management (e.g. EventBrite)
Forms Management (e.g. Form Assembly)
Human Resources Management (e.g. BambooHR, Workday)
Learning Management
Mass Emailing (e.g. Constant Contact, MailChimp, SendGrid)
Search
Surveys and Polls (e.g. Doodle, SurveyMonkey)
Office Tools (e.g. Office 365, Gsuite)
Translation
Video (e.g. Vimeo, YouTube)
Collaboration (e.g. Slack)
In principle, SaaS products are easy to subscribe to and can be
deployed in literally just a few minutes So why does it still take
weeks/months to do?
In short, it is because there are technical considerations along with
policies, processes, and procedures that still must be followed in
order to protect users and data.
Nonetheless, it is still typically much quicker and more convenient to
adopt a SaaS product because you don’t have to build anything or
devote resources looking after it..
WHY SO SLOWWWWW?
With SaaS, you don’t tend to know much about
the software, platform or infrastructure as you
typically just use the service. However, you
need to be confident your user information is
protected, the application itself is secure, your
application data is protected, and you have
excellent legal and service level agreements.
USER TYPES
Internal – Employees, Contractors
External – New Yorkers
IDENTITY & ACCESS MANAGEMENT
Provisioning / De-Provisioning
Authentication – Integration With Citywide SSO / MFA
Authorization – Role-Based Access Control
APPLICATION
Application Functionality
Application Security (Application Vulnerability Scan)
DATA
Data Classification & Governance
Data Storage At Rest & In Transit & Backups
INTEGRATION/DATA FLOW WITH OTHER SYSTEMS
Mostly standalone
May sometimes send/receive data to/from on-premises systems
POLICY, PROCESS & PROCEDURE
Assessments? Comparison of vendors and products
Procurement – Funding
Legal – Agreements, Contracts
Security – Software Security Assurance Process (SSAP)
Reviews & Oversight
CONSIDERATIONS
Presenting WorkgroupNYS Forum
SaaS Considerations
Project Management SaaS
As part of the Citywide Cloud Policy, NYC DOITT and NYC3 currently
do an early pre-procurement review of a few hundred cloud-based
projects per year from multiple agencies and departments.
In doing so, we try to address common problems that could jeopardize
the project, the agency, and the City further along.
Presenting WorkgroupNYS Forum
Cloud ReviewsCLOUD REVIEWSWITH SSO & MFA NO SSO & MFA
One area we look at is the need to integrate with the Citywide SSO
solution and utilize MFA for data that is sensitive or restricted.
When an agency purchases a single SaaS product, the simplest
solution is often to provision the users in the product and use the
product’s own authentication mechanism.
However, agencies typically utilize multiple SaaS products over time.
If each is separately provisioned, a user could potentially have a
different user id, password, and MFA mechanism for every product.
Without integration with the Citywide SSO solution, it becomes
increasingly difficult to manage the provisioning and de-provisioning of
users from the different products.
Just a few SaaS products could lead to significant managerial and
logistical difficulties for the agency and increased risk.
IAM | SSO | MFA
Custom Web Applications
Case Management
Content Management System (CMS)
Customer Relationship Management (CRM)
Document Management System
Human Resources Management
Presenting WorkgroupNYS Forum
More Complex Cloud Solutions
CONTROL & INTEGRATION
Single product is insufficient – multiple components for solution
Integration/data flow between solution and on-premises systems
Integration/data flow between solution & other SaaS or cloud services
More control over the software, platform and/or infrastructure
MORE COMPLEX CLOUD SOLUTIONS
CONTROL & INTEGRATION
SaaS – No control – you just use it; the cloud service
provider/product vendor manages everything.
PaaS – You manage the applications and data but the cloud service
provider manages the runtime, middleware, O/S, virtualization,
storage, and networking pieces.
IaaS – You manage the applications, data, runtime, middleware,
and O/S but the cloud service provider manages the virtualization,
storage, and networking pieces.
On-Premises – Full control – you manage everything.
Cloud-Based CMS
Presenting WorkgroupNYS Forum
USER TYPES
IDENTITY & ACCESS MANAGEMENT
APPLICATION – CONTENT MANAGEMENT SYSTEM
DATA
INTEGRATION/DATA FLOW WITH ON-PREMISES SYSTEMS
INTEGRATION/DATA FLOW WITH ANCILLARY SAAS SYSTEMS
POLICY, PROCESS & PROCEDURE – PRE-IMPLEMENTATION
1
2
3
4
5
6
7
8
9
1
2
3
4
5
6
1
Large-scale, public-facing, web site created by a cloud-based
content management system.
Accessible, multi-language, with data and document feeds
from backend systems
CMS can be hosted using PaaS or IaaS and utilizes a
number of ancillary SaaS products.
CONSIDERATIONS
A “CLOUD” PROJECT
PROJECT MANAGEMENT & GOVERNANCE – IMPLEMENTATION
ENVIRONMENT(S)
Presenting WorkgroupNYS Forum
Cloud-Based CMS
USER TYPES
Internal Users – Employees (e.g. Content Editors, Administrators)
External Users – Public-Facing End Users / Consumers
IDENTITY & ACCESS MANAGEMENT
Provisioning / De-Provisioning
Authentication – Integration With Citywide SSO / MFA
Authorization – Role-Based Access Control
APPLICATION – CONTENT MANAGEMENT SYSTEM (CMS)
Content Management & Governance
Accessible – WCAG 2.0AA
UI/UX – Wireframes, Study Groups, Use of HTML5/JavaScript/CSS
Device (laptops, tablets, phones) & browser independence (all current browsers)
Quality Checking & Enforcement Tools – Accessibility, SiteImprove, Grammarly, SortSite
Application Security (Application Vulnerability Scan)
DATA
Data Classification & Governance
Data Storage At Rest & In Transit & Backups
Cloud Storage of content and code
INTEGRATION/DATA FLOW WITH ON-PREMISES SYSTEMS
Data loaded from on-premises data repository to cloud-based CMS database (“pipe”)
INTEGRATION/DATA FLOW WITH ANCILLARY SAAS SYSTEMS
Document management system
Search – multi-language search engine
Translation – translation management system
Videos - accessible
Surveys – multi-language survey service
Email Marketing – mass mailing service
Events
POLICY, PROCESS & PROCEDURE – PRE-IMPLEMENTATION
Assessments? Comparison of vendors and products
Procurement – Funding
Legal – Agreements, Contracts
Security – Software Security Assurance Process (SSAP)
Reviews & Oversight
PROJECT MANAGEMENT & GOVERNANCE – IMPLEMENTATION
Project Management
Requirements
Architecture Design – Current & Target State | Business, Application, Technical Views
Development – Utilize CI/CD or implement a regular flow of ongoing code releases
Testing – functional, performance, security, UAT, etc.
Training – CMS and Cloud Management
Production content and code pipeline
Production / DR regular failover practice
Operations – Regular, ongoing releases of content and code
Operations – Vendor patches and upgrades
ENVIRONMENT(S)
PaaS versus IaaS Cloud Management
Development | QA | Staging | Production | Disaster Recovery
Still need infrastructure planning – watch for costs!!!
1
2
3
4
5
6
7
8
9
Agencies looking at IoT – Lights, Temperature Control
IoT Devices Provide Data To Cloud-Hosted Repositories
Cloud-Based Applications & Services Consume This Data
Inter-Cloud Communication & Orchestration?
Many New Challenges – Security, Privacy
Presenting WorkgroupNYS Forum
On The Horizon & Final ThoughtsCLOUD & IOT SOLUTIONS
Many standard practices of good application design and
deployment are still highly relevant and applicable.
Data management and governance is still critical – how do you
protect your data, how do you get it back if you stop using your
cloud service provider, etc.
Implementation may not be as quick as you think – there are
still important policies, processes, and procedures to follow.
FINAL THOUGHTS
Data Between Clouds
Data From IoT Devices To Cloud
NYS Forum
Questions?
Thank You!
NYS Forum
KEY CONSIDERATIONS FOR CLOUD ADOPTION & IMPLEMENTATIONIN LOCAL GOVERNMENT
Valentino Lee
Enterprise & Solutions Architect
New York City Department of Information Technology & Telecommunications
(718) 403-8486 (o)
February 13th, 2020
Presenting WorkgroupNYS Forum
Agenda
▪ Traditional Computing
▪ What Is Cloud Computing?
▪ How Is Cloud Computing Different?
▪ The Move To Adopt Cloud Computing
▪ Small-Scale, Publicly-Hosted SaaS Products
▪ SaaS Considerations
▪ Cloud Reviews
▪ More Complex Cloud Solutions
▪ Cloud-Based CMS
▪ On The Horizon & Final Thoughts
▪ Questions?
Presenting WorkgroupNYS Forum
PROBLEMS
Reliance on non‐shareable, dedicated infrastructures
Own large server farms but may only utilize a fraction of it ~10%
Can’t easily scale up/down – not elastic
Insufficient or no disaster recovery ability
Slow and difficult to change – not flexible or agile
Difficult to foster innovation
Difficult to collaborate with external partners
CHARACTERISTICS
Assets are owned
Software, platforms, and infrastructure procured
Software installed primarily on-premises (e.g. desktops or servers)
Technologies held in on-premises data centers
Internal security
Internal data storage
Internal operations & support
CHANGING WORLD
Many more people online
Many, many more devices (e.g. mobile, IoT)
More types of online services and products
Things change more quickly and go out of date faster – difficult to keep up
Traditional Computing
Small Cloud Presence
Primarily On-Premises
Presenting Workgroup NYS Forum
SERVICE MODELS
SaaS – Software as a Service
PaaS – Platform as a Service
IaaS – Infrastructure as a Service
What Is Cloud Computing?
Cloud computing is a means for rapidly delivering hardware and
software technology and services over the Internet to a wide
range of people. Today, it is widely used in the public and private
sectors. Characteristics include:
On-Demand Self Service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
WHAT IS CLOUD COMPUTING?
“Cloud”
SaaS, PaaS & IaaS can be hosted in a public/private/community cloud.
See https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
DEPLOYMENT MODELS
Public Cloud
Private Cloud
Community Cloud (e.g. Gov Cloud)
Hybrid Cloud
Presenting WorkgroupNYS Forum
Potential cost duplication – on-premises and cloud
Limited direct oversight, governance and control
Often a combination of on-premises and cloud services
Determine “good” cloud and on-premises balance
CONSIDERATIONS
How Is Cloud Computing Different?
HOW IS CLOUD COMPUTING DIFFERENT?
Rent or lease technology – don’t buy or own it
Paid service or subscription
“Someone else’s” data centers
Staff may/may not be managing applications/servers
Software may be off premises
Data may be stored off premises
Elastic – easily scale up/down
No charge for non-use
More Cloud Presence
Reduced Footprint
Presenting WorkgroupNYS Forum
Agencies need to implement new technology solutions more quickly
while removing outdated applications in order to improve
efficiencies, reduce costs, and be more responsive to New Yorkers.
Business units within an agency or department want to leverage the
range of modern cloud products and cloud services and sometimes
work independently to obtain them. IT must support the business
but is not always quick enough or in a position to do so.
Products and vendors are no longer selling software that live on-
premises – many are only available in the cloud.
WHAT IS DRIVING ADOPTION?
The Move To Adopt Cloud Computing
Many NYC agencies and departments are using cloud services
extensively, including DEP, DOE, DOHMH, DOITT, DOT, DPR,
DSNY, and NYPD to:
Improve services to New Yorkers
Innovate with different vendors and service providers
Leverage new technologies and services
Improve operational efficiencies
TODAY
Presenting WorkgroupNYS Forum
Small-Scale, Publicly-Hosted SaaS ProductsCOMMON SAAS PRODUCTS
Project Management (e.g. Asana, Monday, Smartsheet, Trello)
Event Management (e.g. EventBrite)
Forms Management (e.g. Form Assembly)
Human Resources Management (e.g. BambooHR, Workday)
Learning Management
Mass Emailing (e.g. Constant Contact, MailChimp, SendGrid)
Search
Surveys and Polls (e.g. Doodle, SurveyMonkey)
Office Tools (e.g. Office 365, Gsuite)
Translation
Video (e.g. Vimeo, YouTube)
Collaboration (e.g. Slack)
In principle, SaaS products are easy to subscribe to and can be
deployed in literally just a few minutes So why does it still take
weeks/months to do?
In short, it is because there are technical considerations along with
policies, processes, and procedures that still must be followed in
order to protect users and data.
Nonetheless, it is still typically much quicker and more convenient to
adopt a SaaS product because you don’t have to build anything or
devote resources looking after it..
WHY SO SLOWWWWW?
With SaaS, you don’t tend to know much about
the software, platform or infrastructure as you
typically just use the service. However, you
need to be confident your user information is
protected, the application itself is secure, your
application data is protected, and you have
excellent legal and service level agreements.
USER TYPES
Internal – Employees, Contractors
External – New Yorkers
IDENTITY & ACCESS MANAGEMENT
Provisioning / De-Provisioning
Authentication – Integration With Citywide SSO / MFA
Authorization – Role-Based Access Control
APPLICATION
Application Functionality
Application Security (Application Vulnerability Scan)
DATA
Data Classification & Governance
Data Storage At Rest & In Transit & Backups
INTEGRATION/DATA FLOW WITH OTHER SYSTEMS
Mostly standalone
May sometimes send/receive data to/from on-premises systems
POLICY, PROCESS & PROCEDURE
Assessments? Comparison of vendors and products
Procurement – Funding
Legal – Agreements, Contracts
Security – Software Security Assurance Process (SSAP)
Reviews & Oversight
CONSIDERATIONS
Presenting WorkgroupNYS Forum
SaaS Considerations
Project Management SaaS
As part of the Citywide Cloud Policy, NYC DOITT and NYC3 currently
do an early pre-procurement review of a few hundred cloud-based
projects per year from multiple agencies and departments.
In doing so, we try to address common problems that could jeopardize
the project, the agency, and the City further along.
Presenting WorkgroupNYS Forum
Cloud ReviewsCLOUD REVIEWSWITH SSO & MFA NO SSO & MFA
One area we look at is the need to integrate with the Citywide SSO
solution and utilize MFA for data that is sensitive or restricted.
When an agency purchases a single SaaS product, the simplest
solution is often to provision the users in the product and use the
product’s own authentication mechanism.
However, agencies typically utilize multiple SaaS products over time.
If each is separately provisioned, a user could potentially have a
different user id, password, and MFA mechanism for every product.
Without integration with the Citywide SSO solution, it becomes
increasingly difficult to manage the provisioning and de-provisioning of
users from the different products.
Just a few SaaS products could lead to significant managerial and
logistical difficulties for the agency and increased risk.
IAM | SSO | MFA
Custom Web Applications
Case Management
Content Management System (CMS)
Customer Relationship Management (CRM)
Document Management System
Human Resources Management
Presenting WorkgroupNYS Forum
More Complex Cloud Solutions
CONTROL & INTEGRATION
Single product is insufficient – multiple components for solution
Integration/data flow between solution and on-premises systems
Integration/data flow between solution & other SaaS or cloud services
More control over the software, platform and/or infrastructure
MORE COMPLEX CLOUD SOLUTIONS
CONTROL & INTEGRATION
SaaS – No control – you just use it; the cloud service
provider/product vendor manages everything.
PaaS – You manage the applications and data but the cloud service
provider manages the runtime, middleware, O/S, virtualization,
storage, and networking pieces.
IaaS – You manage the applications, data, runtime, middleware,
and O/S but the cloud service provider manages the virtualization,
storage, and networking pieces.
On-Premises – Full control – you manage everything.
Cloud-Based CMS
Presenting WorkgroupNYS Forum
USER TYPES
IDENTITY & ACCESS MANAGEMENT
APPLICATION – CONTENT MANAGEMENT SYSTEM
DATA
INTEGRATION/DATA FLOW WITH ON-PREMISES SYSTEMS
INTEGRATION/DATA FLOW WITH ANCILLARY SAAS SYSTEMS
POLICY, PROCESS & PROCEDURE – PRE-IMPLEMENTATION
1
2
3
4
5
6
7
8
9
1
2
3
4
5
6
1
Large-scale, public-facing, web site created by a cloud-based
content management system.
Accessible, multi-language, with data and document feeds
from backend systems
CMS can be hosted using PaaS or IaaS and utilizes a
number of ancillary SaaS products.
CONSIDERATIONS
A “CLOUD” PROJECT
PROJECT MANAGEMENT & GOVERNANCE – IMPLEMENTATION
ENVIRONMENT(S)
Presenting WorkgroupNYS Forum
Cloud-Based CMS
USER TYPES
Internal Users – Employees (e.g. Content Editors, Administrators)
External Users – Public-Facing End Users / Consumers
IDENTITY & ACCESS MANAGEMENT
Provisioning / De-Provisioning
Authentication – Integration With Citywide SSO / MFA
Authorization – Role-Based Access Control
APPLICATION – CONTENT MANAGEMENT SYSTEM (CMS)
Content Management & Governance
Accessible – WCAG 2.0AA
UI/UX – Wireframes, Study Groups, Use of HTML5/JavaScript/CSS
Device (laptops, tablets, phones) & browser independence (all current browsers)
Quality Checking & Enforcement Tools – Accessibility, SiteImprove, Grammarly, SortSite
Application Security (Application Vulnerability Scan)
DATA
Data Classification & Governance
Data Storage At Rest & In Transit & Backups
Cloud Storage of content and code
INTEGRATION/DATA FLOW WITH ON-PREMISES SYSTEMS
Data loaded from on-premises data repository to cloud-based CMS database (“pipe”)
INTEGRATION/DATA FLOW WITH ANCILLARY SAAS SYSTEMS
Document management system
Search – multi-language search engine
Translation – translation management system
Videos - accessible
Surveys – multi-language survey service
Email Marketing – mass mailing service
Events
POLICY, PROCESS & PROCEDURE – PRE-IMPLEMENTATION
Assessments? Comparison of vendors and products
Procurement – Funding
Legal – Agreements, Contracts
Security – Software Security Assurance Process (SSAP)
Reviews & Oversight
PROJECT MANAGEMENT & GOVERNANCE – IMPLEMENTATION
Project Management
Requirements
Architecture Design – Current & Target State | Business, Application, Technical Views
Development – Utilize CI/CD or implement a regular flow of ongoing code releases
Testing – functional, performance, security, UAT, etc.
Training – CMS and Cloud Management
Production content and code pipeline
Production / DR regular failover practice
Operations – Regular, ongoing releases of content and code
Operations – Vendor patches and upgrades
ENVIRONMENT(S)
PaaS versus IaaS Cloud Management
Development | QA | Staging | Production | Disaster Recovery
Still need infrastructure planning – watch for costs!!!
1
2
3
4
5
6
7
8
9
Agencies looking at IoT – Lights, Temperature Control
IoT Devices Provide Data To Cloud-Hosted Repositories
Cloud-Based Applications & Services Consume This Data
Inter-Cloud Communication & Orchestration?
Many New Challenges – Security, Privacy
Presenting WorkgroupNYS Forum
On The Horizon & Final ThoughtsCLOUD & IOT SOLUTIONS
Many standard practices of good application design and
deployment are still highly relevant and applicable.
Data management and governance is still critical – how do you
protect your data, how do you get it back if you stop using your
cloud service provider, etc.
Implementation may not be as quick as you think – there are
still important policies, processes, and procedures to follow.
FINAL THOUGHTS
Data Between Clouds
Data From IoT Devices To Cloud
NYS Forum
Questions?
Thank You!