While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
For the Consumer Financial Protection Bureau (CFPB), the future is definitely in the cloud.
The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).
As Federal Times notes, the agency has about two and a half years left on a private cloud contract, but is clearly looking to public cloud offerings as the way forward for its core enterprise applications.
The CFPB notes in its RFI that the agency currently has Microsoft Exchange 2010 and SharePoint 2013 hosted in a private cloud, and the Microsoft Office 2010 suite for 1,940 users. The agency expects the number of active users to remain at about 2,000 over the next few years.
Moving to public cloud options could give CFPB users more storage and will make their systems more modern.
Currently, the average user mailbox is roughly 5 gigabytes in size, which can get filled up quickly, and CFPB is five years old as an agency.
In the RFI, the CFPB notes that its users “would expect to immediately access emails that are several years old, and office automation tools.” CFPB’s Records Management team wants to have cloud-based management tools of electronic records.
The CFPB is currently focused on the cost of moving to a public cloud solution, the capabilities of such a system and how it would transition from its existing private cloud environment.
In the RFI, the agency is looking for a detailed cost breakdown and analysis, including transition costs from its existing Microsoft Enterprise Agreement. Among other questions, the CFPB wants to know how much traffic it should expect to see in transition (when moving email and office productivity software to the cloud) from its internal Local Area Network to the Managed Trusted Internet Protocol/Trusted Internet Connection system.
In terms of capabilities, the CFPB is looking at different cloud solutions’ office automation, electronic records management capabilities, and whether — and to what level — the offering is certified under the General Service Administration’s Federal Risk and Authorization Management Program.
The CFPB is also exploring how data loss incidents are handled; how much visibility into logs and packet monitoring the agency will have to support forensic studies and security incident handling; and whether the service integrates with Department of Homeland Security’s Einstein E3A cybersecurity program.
Among other questions, the agency is seeking guidelines and considerations on integration that would need to occur with existing on-premises platforms as part of the cloud migration. CFPB currently has Active Directory, SureFire, Splunk, Cisco Systems room-to-room video conference equipment; Lync based presence, Clearwell, Relativity, and Citrix Remote Access. Additionally, the agency uses Salesforce and Remedyforce as its primary development platforms for several applications. It is also rolling out Box as its document management solution.
The agency also wants to learn how long a cloud migration might take and how much downtime is typical during migration (including whether an email outage would occur during business hours). Additionally, the CFPB wants to know how it would handle new processes and training of users and system administrators on the new public cloud system.