Embed Size (px)
Citation preview
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 1/14
SOFTWARE-AS-A-SERVICE (SAAS)
Security and compliance-driven inraStructure conSiderationS or
Sotware/SaaS irmS targeting public Sector organizationS
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 2/14
COnTEnTS
EXECUTIVE SUMMARY 3
INTRodUCTIoN 4
A WoRkINg dEINITIoN o goVERNMENT-CoMplIANT SAAS 5
kEY TEChNICAl dIERENCES ANd REqUIREMENTS IN dElIVERINg
SAAS To goVERNMENT CUSToMERS 7
kEY BUSINESS dIERENCES ANd REqUIREMENTS IN
dElIVERINg SAAS To goVERNMENT CUSToMERS 10
BENEITS o A EdERAllY-CoMplIANT INRASTRUCTURE pARTNER 12
RECoMMENdATIoNS oR SAAS pRoVIdERS ThAT TARgET pUBlIC SECToR oRgANIzATIoNS 13
CoNClUSIoN 14
ABoUT CARpAThIA hoSTINg 14
g-c S-s--S (SS) © 2010 ch Hs, i.
[ beSt practiceS or commercial compliance ] 2
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 3/14
EXECUTIVE SUMMARY
As te Stware-as-a-Service (SaaS) eivery me as mature in bt accetance
an atin in te cmmercia maretace, attentin as turne t gvernment
maret, wic ers a simiary ucrative rtunity In act, accrin t a recent
INpUT US gvernment Maret survey, mre tan 78% eera Aencies state tat
SaaS is activey utiie r is uner evauatin r varius aicatins
/s, hs// s,
, , , h
, hs, h () ss s
x it s s sh s iSmadiacap omb s h
hs q
g s. Sot
war/SaaS frms mst mt ths rgatory
rirmnts in a crtifab mannr as part o
thir aifcations to gay and ctiy pro
id SaaS srics to many organiations within
th pbic sctor.
th h h xss S/SS s
ss h g- SS k s
. s, s s s h h
it s hs sh . S, , s-
s s h qs
h s ss h g-
- .
g- s-s--s-
s h s h ss () k
s s h -
s sh s s, k, sss,
[ beSt practiceS or commercial compliance ] 3
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 4/14
ss h s k
- SS s h
.
InTROdUCTIOn
s, s x: ths h s -
S-s--S (SS). th
SS s h s h
SS s, ss hs
hs, s, , hs s SS s
. th s hs h s ss
h s s h s s
SS h s
h g ss,
s h qs.
wh h it s s SS s
sss s, h h
s sss s
s. ths s s s -
s – hs s s
ss – s h h
SS h s h h q s
, s, s h
s, skhs u.S. s h h s
m s, S/SS s s ,
s, hs q g-
SS h sss
hss :
wh h ss (s
s).
wh s/s h ss h -
(hs ).
wh s s -
h .
H hs s h ss -
s ,
q g ss.
wh s h h
s .
wh s - s
ss xs ( h h g’s
sss /
s h s s)
ss.
oh s, ss/ -
qs.
, s g-
SS s s, ss h
ss s h ss hs -
s s SS
h ’s s s
qs. t, hs ss
s s s-
s h -s x-
, s ,
g s.
S/SS s sk h
g k
h
x -h -
s h
s. ths s s
s s , - s h x x-
s hs s .
Sss g- SS -
s h h s
SS h g ss -
s, x
q , s h
s h SS s ss
Yes
Under Evaluation
No
45%
33%
22%
ARE YOU COnSIdERIng SAAS InYOUR COMPAnY?
[ beSt practiceS or commercial compliance ] 4
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 5/14
ths :
p k g-
SS.
Hhh k h sss -s qs SS
g ss.
ds s h hh
sh h -
s/ hs .
o s SS ps h
s s.
wh h s h
s SS s ss
s, s hh /sss
s s SS h hs, h
s SS s s
s -- hs h u.S.
g s. S, k s
h h SS ss :
s s
i q
r s
S s s s
ss
r k it s h
s h ss
a, SS ss s
s s hss h h -
ss,
h sss h
s (s h s
h hs h h s).
th s s . a s
idc, SS s j s
$3.7 2006 $14.8 2011. o h
ss hs x , ss SS
s h w-s -
s h -s .
ms h ss h SS
s s. th s,
s s ss h , S
l s s x SS
h sss, s h qs.
i , input u.S. g
mk s, 78% as s
h SS s s
s p s. (S h.)
th g k s s k s s h SS
s h ss, s
qs hs g s.
i s SS s h s
h s h s ss
h h s
s – s s
– h
sss.
A WORkIng dEFInITIOn OF
gOVERnMEnT-COMPlIAnT SAAS
u.S. as h g -
s sk
s- hs ss, s x SS s
h s -
s. th s, SS s
s s s
h s -s.
uk - SS s –
hh h ss h, h, h s
h ss s sj
As raniatins tat serve teubic sectr nw, te business
gvernment is ierent Tese
ierences nee t be embrace,
unerst an aie t SaaS
eivery an surt mes
i stware cmanies e teectivey se teir manae
services t gvernment entities
[ beSt practiceS or commercial compliance ] 5
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 6/14
h x,
s h ss – g -
s ss s k ( q
k) :
wh h ss (s
s).
wh s h ss h
(hs ).
wh s s -
h .
wh s - s
ss xs ( h h g’s
sss /
s h s s) ss.
H hs s h ss -
s ,
q g ss.
wh s h h
s .
oh s, ss/ -
qs.
a g-c SS (
s h s h h
ss SS ss ss h
s, , - q g
s.
S g-c SS x
s xs h ss hs s
s SS hs
s s qs? th
sh s s s, h k
s. ths ss
s s s -
s h x, s ,
g s.
o x -s h h g
s SS
s s s n-c es S-
s (nceS) c, s s
qs h dd : h://
s./s/.h. ths s h
s -s g s
s
h ss -s, SS
ss.
oh xs s s h
h SS h ps
ds, s h ls bsss (lob
s s s, s s
ss hh h a .
MAjOR gOVERnMEnT MAndATES/STAndARdS
FISMA, u.S. p l 107-347 DIACAP, ddd 8500.1 ddi 8500.2, J 6, 2006
NIACAP, nStiSSc a, 2000
NISPOM, dd 5220.22-m, 28, 2006
Prsidntia Dcision Dircti NSC-63, c is
p, m 22, 1998
HSPD 12, H S ps d, p c
i S es cs, as 27,
2004
FIPS 200, m S rqs i
i Sss, 2006 mh
FIPS 199, Ss S c i
i Sss, 2004
OTHER MAndATES/STAndARdS
OMB Mandats (s m-06 m-07)
Prsidntia Dirctis
GSA Faciity Standards
NIST Standards and Gidins
[ beSt practiceS or commercial compliance ] 6
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 7/14
th s a lobs -
s h s
ss s hh sss -
s. a lobs - x $20 u.S. -
- s 2007. a k
s h lob js sh
ss – ss h s -
a qs. ths sh ss
s ss h SS ss – h -
s s s .
S l g s s
sk h s SS. x, s
s c, oh, a
c, va, h s
s s h SS xs, h
s h hs s s
ss. i c, SS crm s s
ss ssss, h
a c SS crm xss s
s o erp s. a h h -
s s SS, hs -
s
h s s
h .
as g s’ s qs
SS s, s s h
SS s h h s
k s h h -
sss h h h
g ss’ ss qs.
ds hs s s h hs
h ; h, hs s s
h h SS h s s
s, h s s
s h h g’s
(s s k ) qs s-
s . S hs qs
iSma, diacap, omb s, ps d-
s, e e Ss, h - a- qs.
th s s s s h h
h g- SS
– h h s, s, -
s –
s s h
s, -
k h h h
s s .
kEY TECHnICAl dIFFEREnCES And
REqUIREMEnTS In dElIVERIng
SAAS TO gOVERnMEnT CUSTOMERS
S/SS s s hs
s s g-
. i s ss, s
s x sss. ths s
hhhs h k h s s
g- SS s: it
s, -, s,
h h sss.
IT Inrastructurec- SS hs s s
s s sh ss
h it h s, s h
h h ss. th
hss s hh- h
s h , h
s h ss h hs
s h. m, h h -
s s ( ) h s
hs SS s, g
h h s s
h h S l as (Slas).
wh ( ) SS, h
hss s h h s
h h h s h . ths h
ss g a s
ks h s s
s. th s h hs
h h, h h ss h. h
s h - SS s g s. ths ss
s s h
h s, s
g s’ qs.
eh h j s s
h s SS s hs s
s h h g
[ beSt practiceS or commercial compliance ] 7
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 8/14
s hs ss , h
( ) h
g SS .
as h ss, s s-
s h s SS s
x g-SS . ths s s
s s-
s. as sh, SS s k
k ( ss) sh
h s sk shs h
ss s h hs s h
h xs xs hs g-
s .
Muti-Tenancya h h h SS h h s
-. m- s
h SS it h h s h
h / ss h
sh s s -
s (s). ths h hs - s xs hh s
h ss - s
s s
k h
s s, s s ss h
x SS ss.
m- s k h SS
sss, qs s
Traitina Me r Stware
deyment an Surt rgvernment Aencies
gvernment-Cmiant SaaS
deivery Me r gvernmentAencies
Witut a gvernment-
Cmiant SaaS oerin rdeivery Me, Caenes r
Stware Cmanies Incue:
aciityi -ss h
g
i h
g ss
(iSma, .)
n- -
s h
s s ss
ss sks xss
Inrastructure
d a
h (k, ss
& s)
d a
h (k, ss
& s)
Sh SS s
s
a
qs ss
Sta/persnne
as s
a s
s
(tes)
c u.S.
s; c s
s ;
s s
( Sw ) s
ss
Sh SS s s
k ss
a , sss
s
picy/
prceures
d ss--ss
ss Slas, &
h js
bs s
s ,
g s
g- s
SS
. uk ss
s s h
s
[ beSt practiceS or commercial compliance ] 8
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 9/14
h h s -
q h s. m, -
s h x h -
. rh, h s s s-ss h
ss h sh s, h
h s qs
g . m,
s s s -
s, h - h s ss
h hhs k s
h g ss h
SS . S , h -
s ss s.
th s hh- s
h - s h
s g- SS
s:d Ss Sa -, s h s -
, s ss h SS-hs
. i s ss h s s h
SS-s s s s
h hs ss, h, g s
s hs q ks h
s s ss
s s. d h s
, s ,
s
s h s . c-
MAPPIng OF gOVERnMEnT HOSTEd APPlICATIOn REqUIREMEnTS
And PROPOSEd SAAS ARCHITECTURE APPROACHES
MAnAgEdHOSTIngSERVICE
ISOlATEdTEnAnCY
SHAREdEXECUTIOn
MUlTI-TEnAnT/ SInglE
VERSIOn
MUlTI-TEnAnT/ MUlTIVERSIOn
APPlICATIOn
EXECUTIOnInFRASTRUCTURE
d d Sh Sh Sh
APPlICATIOnVERSIOnIng
m S S S m
dATA (& OTHERInFRASTRUCTURE
SEPARATIOn)
phs phs phs l l
*ths 4x6 ( )
g SS
g
s h
hh ss
( Sbu), /
ss sh
it s
g
s
(hs h h
s a
d) h
s s/
qs
s
/sss
g
s h
s , h
h sh
s s
s h
s s
h s
s qs
uk
s
g
s
h h
s h s
s
h
s
s
[ beSt practiceS or commercial compliance ] 9
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 10/14
h h s sks s s
s sk, s h
s s h -
g- SS .
Interatin wit Existin Systems,
prcesses, & prceures
as SS g-
s k h
xs sss, sss –
– g’s it s. ahh
s , SS -
s k s s. a-
s sss s sh s h sk/
k, s ss,
s (pmo), -
s hs s -
h SS s
h h g ’s qs.
Ss hs h q s ss
xs SS , h h q-
s h ss s -
s/apis, h s hs s-
s h ss
h s h qs g -
. rss, hs ss SS -
s , s s ss
h s s q
xs g sss, h ss
s, s s.
kEY BUSInESS dIFFEREnCES And
REqUIREMEnTS In dElIVERIng
SAAS TO gOVERnMEnT CUSTOMERS
g h s SS h h
g s, h sss s ss
h h h h s-s. H, s s
s SS s h s-
ss s . w h s
ss sss ss h hs s.
Asset ownersi & Cntrg s h j hs
h q it s.
us, h s ,
h h
h hh s. SS s s
q h hs s. th s, SS
s x s sh sg-sh q (ge), h
sh s ss. ths
ss s h
h sss sh s -,
k h x s ss h
. b hs s
h SS g k
g s SS
. ths s
h s ss sss s
s ssq hs sss
(ss h h hs s).
Revenue/pricin Mewh s , SS s ss
h -s s. th s, ss
h s s ss (s
s s , h s
s h ss
h
s ( ss) ss. “p h
s” h k s
sk h ss hs . g
s, h
, s k
h hs s. m s x
, sss
s s s s h h
as sh, s sh s “--x-
” s s es s s sh
s . a,
ss ss h
s g-
s.
a s s g
s, h k
a s SS ? is h, s s? a -
xs? Ss s
s h h g
ss h SS s h
h xs s. 10 14 r
, SS s s
s s h (s h -s
s), s h
s – k
[ beSt practiceS or commercial compliance ] 10
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 11/14
s h g
ss. d h g ,
hs h s s h . S hh
h s / -
s s
s j h SS . “Sh” s
( )
s s h s h
g ss. SS k h -
s h s s s h ssq
s .
Cntract Terminatin an
Service Assurance
as, aqs rs
(ar) a
s, / g
( ) ’s
sss h g. S -
ss xs h S l s. ths -
q ss s ss
SS , s sh h-
, s s s hs q-
. x, h s ,
SS s s s
x/ h hs
h g’s s s – s-
s SS s.
a s s S ass,
g -
h s hh , s-
, h . uk
s, h s
ss sss s ss
sh s s-
. ms , hs s s
h h
ss s.
Stafn an persnned h s
g s, s s
q u.S. s, / h k
hks h h h
s, ks, h -
fs. e q, s
s h SS s
s hs s ( h h
s) h h
- - s h
h h s k
c osh & l ps
g s, h s q
s ’s -
sh sh, f
s. S l gs, h
s hs s h
s/s s s h g
’s js. S g as
h, q k
u.S. s. ths s sh
s h SS s,
sh s .
past perrmance/Certifcatin
& Accreitatin
g s
ss : SS ss h
hs s
s q hs h s
a, s g s sk-
s , h s s
h s s h s SS ss s . i
s s h hs sh
s , h h (s
) s h s h ss .
Csin te rit sutin artner tat is exerience wit te varius cnsieratins
gvernment-cmiant inrastructure eivery can yie sinifcant benefts t
stware cmanies taretin te ubic sectr
[ beSt practiceS or commercial compliance ] 11
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 12/14
Software Companies/
SaaS Providers
Federally-Compliant Managed
Infrastructure Hosting Provider
SCIF-compliant Facility
Cleared & Clearable Personnel
Compliant Underlying Tools & Technologies
Proven Policies, Procedures & Practices
Certified & Accredited Delivery Model
Federally-Compliant
SaaS Offering+ =
Application Software Application Support
Data/Storage Management
Systems/Server Management
Network Management
Facility Management
BEnEFITS OF A FEdERAllY-
COMPlIAnT InFRASTRUCTURE
PARTnER
chs h h s h s x-
h h s sss h-
ss g- s-
s s s
s h s. exs
s h s/SS s s
:
ReDuCe OveRAll RISk – isss
s, q s h
hs, h ss h “-” xs
h h g s
hh x ss
s- qs. c -
– th s s js ss s-
SS s s. e k s
h ssh h -
s h s h h -
h s xs
g qs.
ReDuCe COST – p h hss g
s s (, k, ss
h s SS
ss sss h
s. dss s ss h “-
” h g s q xs
h .
FASTeR TIMe TO MARkeT – l xs
sh
s hs s. a h
s s
hh sh s ss
SS s s
s.
FOCuS ON CORe COMPeTeNCIeS – S
s s – h
s s
s h h s. th
FEdERAllY-COMPlIAnT SAAS/HOSTEd
InFRASTRUCTURE & APPlICATIOn SERVICES
[ beSt practiceS or commercial compliance ] 12
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 13/14
dna s ss ss h
h s (o&m) x
q SS k s hh-
ss. t ss x- s s, hs o&m
s s xs h xs.
b s s s, -
s s , s
s sss s. a- s
s s
s s s h q s -
, s, s s – sss
h s s h hh sh.
OPTIMIze OFFeRINGS FOR SPeCIFIC CuS-TOMeRS/RequIReMeNTS – th s’s
h s SS s s , s
s s, h k g
s s s s. as hs s
SS s, h -
s qs s h s
s g as s
ss. s qs,
s s h , -
h xs sss - s s
. hs ss, h
h fx h h SS s-
hs qs
--k s.
RECOMMEndATIOnS FOR SAAS
PROVIdERS THAT TARgET PUBlIC
SECTOR ORgAnIzATIOnS
bs ch Hs’s x s-
s
s s – s SS
– h h s h h
sss s s
g s:
Unerstan yur Taret Maret an
desin Yur SaaS Sutin Accriny
as s h hs , h g
k s . th ss -
s ss as h h , S
l g ks. rqs hs g-
s h h s s,
, -s , Slas
( ) h
sss sss h SS -
s s s hs ss. is ss, hs k h ss s
s s, h
SS s’ s/ ss
s. ms SS
s ,
h h ss ( ).
Tae Measure StesSS s h s -
h . c hs h
h s SS
h g s, s s
h
s h h s k. w
s
s s. ask qss
ss h x
s qs. i ss
s s. cs
s. a s h h
q h . b
, SS s h s s
g ss h h
s k s.
partner wit Cmanies W CmementYur Cmany an Imrve g-t-Maret
psitin
th ss s s k
s h s s
s SS-s
s - . ths
s sh s, s it
s hs ss s-
s s h s
s s s h
it s s, iSma, diacap, Ss-ox Hipaa. wh h
s ss, SS-’s
s h s
s h hs s s ss g-
s. th h s
sss h h s -
s qs ssh --k
s h sss s qs, s
s h.
[ beSt practiceS or commercial compliance ] 13
CARPATHIA.COM
8/2/2019 Security and Compliance-Driven Infrastructure Considerations for Software/SaaS Firms Targeting Public Sector Orga…
http://slidepdf.com/reader/full/security-and-compliance-driven-infrastructure-considerations-for-softwaresaas 14/14
21000 a b | S 500 | ds, va 20166 703.840.3900 / 1.888.200.9494
ch Hs s hs ss, s, it s s h ’s s ss
s. 2003, ch s , sss ss h x s hs ss , s
s . ch’s s ss s s s sk s, s, s s- hs ss h qk s
q qs. bk s e3 ps, ch ss s x h xs ss’ x s. ch qs s s sss. c ch 1.888.200.9 494
s .h. . rs h s sh . a s / s hs s k
h s s. th s h s s s hs s, ss hs .
14[ beSt practiceS or commercial compliance ]
COnClUSIOna h SS g h 2008, K es, s h omb’s o
e g i th, h s hs s SS hk s. “o k s – s h
s,” , “w ’ h hs h. w h s sh s
sss.” t h , s h s SS. K es,
s h o m b, hs ss h ’s h
s- s s. th s s s h hs k es
x h s SS . th h ss h hs k
s ss h s s g a s k h h h h s s
s s.
Footnotes: * - IDC, “Worldwide Software Business Strategies 2008 Top 10 Predictions,” Doc#210334, January
2008).
CARPATHIA.COM
