Identity Proofing in the Cloud

February 15, 2012

Greg CapellaDeputy Executive Director

DHS/OCIO/ESDO

DHS’s History

• Established on November 25, 2002– Cabinet level post created– Incorporated 22 agencies into one organization

“The creation of DHS constituted the most significant government reorganization since

the Cold War, and the most substantial reorganization of federal agencies since the

National Security Act of 1947”

2

Reference: Peter Andreas: “Redrawing the line “

DHS Data Center Consolidation

• Consolidating to 2 operational centers• Lift and shift approach not viable

– Expensive– Inefficient for most applications– Takes too long

• New guidance reinforced desire for a “better way”

• Enhance Security Posture and Information Sharing Capabilities

3

IT Reform @ DHS

Cloud First• Enable and leverage secure XaaS (i.e.,

SaaS, PaaS, IaaS)• Standup and enable IT commodity

services (e.g., SharePoint, Email, CRM, and Auth as a Service, Service Catalog)

• Public and Private Offerings

Owner(s)< 6

mos.6-12 mos.

12-18 mos.

DHS Component

1 Complete detailed implementation plans to consolidate 800 data centers by 2015

OMB, Agenciesl

2 Create a government-wide marketplace for data center availability

OMB, GSAl

3 Shift to a “Cloud First” policy OMB, Agencies l4 Stand-up contract vehicles for secure IaaS

solutionsGSA

l

5 Stand-up contract vehicles for “commodity” services

GSAl

6 Develop a strategy for shared services Federal CIO l

7 Design a formal IT program management career path

OPM, OMBl

8 Scale IT program management career path OPM, Agencies l

9 Require Integrated Program Teams OMB l10 Launch a best practices collaboration

platformFederal CIO Council

l

11 Launch technology fellows program Federal CIO l12 Enable IT program manager mobility

across government and industryOMB, CIO Council, OPM

l

13 Design and develop cadre of specialized IT acquisition professionals

OMB, Agenciesl

14 Identify IT acquisition best practices and adopt government-wide

OFPPl

15 Issue contracting guidance and templates to support modular development

OFPPl

16 Reduce barriers to entry for small innovative technology companies

SBA, GSA, OFPPl

17 Work with Congress to create IT budget models that align with modular development

OMB, Agenciesl

18 Develop supporting materials and guidance for flexible IT budget models

OMB, CFO Council, CIO Council l

19 Work with Congress to scale flexible IT budget models more broadly

OMB, Agenciesl

20 Work with Congress to consolidate Commodity IT spending under Agency CIO

OMB, Agenciesl

21 Reform and strengthen Investment Review Boards

OMB, Agenciesl

22 Redefine role of Agency CIOs and Federal CIO Council

Federal CIO, Agency CIOsl

23 Rollout “TechStat” model at bureau-level Agency CIOs l24 Launch “myth-busters” education

campaignOFPP

l

25 Launch an interactive platform for pre-RFP agency-industry collaboration

GSAl

Effectively Managing Large-Scale IT Programs

Achieving Operational Effi ciency

Action Item

Consolidate IT Assets• Data Center consolidation (i.e., EDC)• Network consolidation (i.e., OneNet)• IT buying services (i.e., EAGLE II,

FirstSource II, GSA IaaS)• ICAM

Collaboration & Best Practices• IT Councils (i.e., ASC, SIOC, CISOC, etc)• Executive Steering Committees (ESCs) (i.e.,

TASC, Screening, HC/HR, etc)• Portfolio Governance and Integrated

Investment Lifecycle (i.e., PMCOE, SEWG, etc)

• FedSpace/Best Practice Platform

IT Reform @ DHSDepartmental PlanFederal Plan

04/21/23 4

“Shift to a “Cloud First” policy”

Cloud ServicesSoftware as a Service (SaaS):Delivery of business applications over the Intranet on demand.Customers leverage ESDO development capabilities to provide complete end-user applications.

Platform as a Service (PaaS):Delivery of a combination of infrastructure and “middleware” software combined togetherProvides an end-to-end software development and production pipeline in a “hosted” model on demand.Customers use the platform solutions develop and launch new applications

Infrastructure as a Service (IaaS):Customers use the secure, reusable infrastructure to run their platform and business servicesDelivery of technology infrastructure on demand (e.g., network, servers, memory, storage, and database).

Cloud ServicesSoftware as a Service (SaaS):Delivery of business applications over the Intranet on demand.Customers leverage ESDO development capabilities to provide complete end-user applications.

Platform as a Service (PaaS):Delivery of a combination of infrastructure and “middleware” software combined togetherProvides an end-to-end software development and production pipeline in a “hosted” model on demand.Customers use the platform solutions develop and launch new applications

Infrastructure as a Service (IaaS):Customers use the secure, reusable infrastructure to run their platform and business servicesDelivery of technology infrastructure on demand (e.g., network, servers, memory, storage, and database).

“Private and Public Cloud Services”DHS established a model for enabling available, secure, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud Attributes1. Services BasedComputing resources are consumed as services

2. Multi TenantResources are shared among many customersReuse – Source Forge Concept

3. Pay Per UseCustomers pay based on usage; not for full stand up

4. Scalable and ElasticResources and provisioned or released in near real-time

5. AccessRole Based access and Authentication

6. CompliantSecurity Profile for Production Environment508 Compliant Templates

Cloud Attributes1. Services BasedComputing resources are consumed as services

2. Multi TenantResources are shared among many customersReuse – Source Forge Concept

3. Pay Per UseCustomers pay based on usage; not for full stand up

4. Scalable and ElasticResources and provisioned or released in near real-time

5. AccessRole Based access and Authentication

6. CompliantSecurity Profile for Production Environment508 Compliant Templates

04/21/23 5

DHS Identity Proofing in the Cloud

• VIS provides ability for employer to confirm workers right to work in US

• Congress requested the DHS (USCIS) create a program so the worker could check their status– Confirm right to work– Obtain information on next steps if there was an

issue

• DHS (USCIS) created the SelfCheck program to provide this capability to workers

6

www.uscis.gov/everifyselfcheck

7

Identifying Information

8

E-Verify Self Check 9

Mismatch Resolution:Users receive instructions on how to correct any data mismatches in SSA or DHS records

Employment Eligibility Verification:Self Check returns either an affirmative response or any data mismatches found in DHS or SSA records

Web Based:Self Check is offered over the Internet and other channels are being investigated

US Workforce:Self Check is available to the entire US workforce, regardless of employment with an E-Verify employer

Identity Assurance: Level 2Identity Proofing, including knowledge based questioning, ensures Self Check is only used by identity information owners

Fraud Prevention:A user is only able to use Self Check if he is able to successfully authenticate his identity

Self Check ResultsSample

Sample

Sample

SampleX

March 2010

Self Check: Identity Proofing in the Cloud

Summary

• DHS has embraced both the Public and Private Clouds– Reduce costs and time to deploy– Increase flexibility and responsiveness– Decrease carbon footprint– Decrease floor space

• DHS is rolling out numerous Public and Private Cloud efforts

• Need to apply sound security management practices to use Clouds safely and effectively

10