Public Sector Summit Cloud Smart Zero-Trust TIC

P U B L I C S E C T O R
S U M M I T
Washingt on, DC

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Enabling Cloud Smart, Zero-Trust, and
TIC
Matt Jordan
Vice President
JHC Technology
3 2 4 1 1 5

S U M M I T
Agenda
About JHC Technology
What is Cloud Smart?
Cloud Smart Objectives
Zero-Trust Networking
Trusted Internet Connections (TIC)

S U M M I T
Related breakouts
Session title
Speaker name
Session title
Speaker name
Session title
Speaker name

S U M M I T
About JHC Technology
• SDVOSB based in the DC Metro area
• National Harbor, Md.
• Alexandria, Va.
• Tysons Corner, Va.
• Founded in 2010 to provide the expertise necessary
at the intersection of technology and innovation
• Focused on disruptive technologies, including
cloud, collaboration, virtualization, and mobility
• Ongoing enhancement of capabilities, including
• Government Competency / AWS GovCloud (US) Skill Partner
• Government and Commercial Reseller
• Non-Profit Competency
• DevOps Competency
• Authorized Training Partner
• Managed Services Provider

S U M M I T
A Sampling of our Clients
Public Sector
Department of Commerce
NOAA
ITA
USPTO
Department of Interior
USGS
Forest Service
National Institutes of Health
Federal Reserve
Department of Defense
Army
Air Force
NORAD-NORTHCOM
Navy
Department of Veterans
Affairs
State and Local
California Department of
Technology
Texas Department of
Information Resources
City of Houston
Non-Profit / Not-for-
Profit
ATCC
Boy Scouts
NRECA
Bezos Family Foundation
Partners Federal Credit
Union
The New Teachers Project
Washington State Hospital
Association
Public Sector
Department of Homeland
Security (DHS)
General Services
Administration
Congressional Budget Office
National Gallery of Art
Department of Energy
Department of Justice
FBI
ATF
Bureau of Prisons
Higher Education
George Washington University
University of South Carolina

S U M M I T

S U M M I T
S U M M I T
“Cloud Smart focuses on equipping agencies with
the tools needed to make informative
technology decisions in accordance with their
mission needs, and leverages private sector
solutions to provide the best services to the
American people.” cloud.cio.gov
From Cloud First to Cloud Smart

S U M M I T
Cloud Smart, in focus
Re-Defining Cloud Computing
• Previous cloud strategies focused on the ownership
and structure of the cloud relationship
• Start looking at how a cloud solution, holistically, can
support the constituents and end users
• Shifting away from benefits and eyeing the outcomes
• Enabling the public sector to leverage the rapid
development of the private sector
• Account for impact vs. cost
• Account for impact vs. risk management

S U M M I T
Key Actions
• Technology-neutral
• Vendor-based solutions
• Agency-hosted solutions
• Inter- and intra-agency shared services
• Multi-cloud
• Hybrid solutions, as appropriate

S U M M I T
Modernization
• Iterative
• Policy, Guidance, and Requirements
• Look across entire portfolio
• Leverage existing tools
• Consider virtualization and containerization
• Review at the Agency CIO level
Maturity
• Three key areas for successful adoption
• Security
• Procurement
• Workforce

S U M M I T
Cloud Smart Adoption
Security
• Trusted Internet Connections (TIC)
• Continuous Data Protection and Awareness
• Federal Risk and Authorization Management Program (FedRAMP)
Procurement
• Category Management
• Service-Level Agreements
• Security Requirements for Contracts
Workforce
• Identify Skill Gaps for Current and Future Work Roles
• Reskilling and Retaining Current Federal Employees
• Recruiting and Hiring to Address Skill Gaps

S U M M I T
Cloud Smart: Security
Trusted Internet Connections (TIC)
• First introduced in 2007
• Help Federal agencies consolidate the number of external internet connections.
• Fewer egress points to enable more efficient security management
• Currently on v2.2 of the DHS TIC Reference Architecture
• Version 3.0 in draft, specifically allowing agencies to use modern technologies
• Collaborate and Iterate
• Pilots > Approval > Feedback > Acquisitions
• Streamline Verification Process
• Automation
• Develop Compliance Verification Process for TIC use case

S U M M I T
Cloud Smart: Security
Continuous Data Protection and Awareness
• Identity and Credential
• Access Management
• Encryption
FedRAMP
Standardizing:
• Security Assessments
• Authorization
• Continuous Monitoring
AWS Identity and
Access Management
(IAM)
AWS Key Management
Service (AWS KMS)
AWS Single Sign-On

S U M M I T
Cloud Smart: Procurement
Category Management
• Improves buying practices
• Eliminates cost redundancies and inefficiencies
• Increases the adoption of cloud
Service-Level Agreements
• Defines expectations for the level of performance
• How the performance will be measured?
• Quality Assurance
Security Requirements for Contracts
• High Value Asset (HVA)
• Ensure visibility into the security of the asset
• Required to employ security and privacy concepts

S U M M I T
Cloud Smart: Workforce
Identifying
Skill Gaps
Reskilling
and
Retaining
Employees
Recruiting
and Hiring

S U M M I T
Cloud Smart: Workforce
Employee Communication
Engagement
Transition Strategies
Removing Bureaucratic
Barriers to Hiring
Talent Expeditiously

S U M M I T
AWS Shared Responsibility Model

S U M M I T
What is Zero Trust Networking?
• Segmenting access to a system into Internal and External Zones
• Internal Zone: Within an agency accreditation boundary
• External Zone: Outside the agency accreditation boundary
• TIC zone: Border between agency’s internal and external zones
• No trust of any user
• Verification required from everyone
• Stages in Zero Trust model
• Identity Assurance
• No lateral movement
• Least Privilege
• Tracking and Audit

S U M M I T
Zero Trust Best Practices
• Identity Assurance
• Centralize identity management
• Federated Login
• Individual user accounts only
• No lateral movement
• Privileged user management
• Common methodology
• Automation tools
• Least Privilege
• Access for the task at hand
• Provides stability, security, and ease of
deployment
• Tracking and Audit
• AWS CloudTrail, Amazon CloudWatch,
Third-party tools
• Multi-factor Authentication

S U M M I T
AWS to Accelerate Zero Trust
• Zero Trust out of the box
• Deny All, by default
• Requirement gathering
• Determine ports necessary for application performance
• Open only necessary communication paths
• Templatized Architecture
• ATO on AWS providing secure framework of AWS services coupled with third-party tools
• Review for gaps
• CloudTrail, CloudWatch to look for areas missing certain components
• Zero trust for management
• Not just the network, factor in administrative access to the management console

S U M M I T
AWS to Accelerate Zero Trust
• A known infrastructure
• You’re building an architecture on a fixed platform with standardized tools
• Test for compliance
• Third-party tools and AWS services such as AWS Config can provide alerting when a baseline
has been deviated from
• Many tools snap directly into the infrastructure

S U M M I T
TIC Cloud Considerations
• Version 2.2 of DHS TIC Reference Architecture provide clarification of agency network
connectivity when using a cloud service provider (CSP) within the TIC framework
• Agencies encouraged to find solutions for their workloads within TIC framework and
meeting the following criteria:
• If CSP environment is External, traffic between agency boundary and CSP must transit TIC
• If CSP environment Is Internal, traffic from agency boundary to CSP environment is not required to transit
a TIC
• If agency data at CSP environment is public and private, data must be separated by boundary between
data types; private data must be protected by TIC boundary
• Remote-access user for agency must transit TIC before accessing CSP environment

S U M M I T
Building a TIC Architecture with AWS
• Pick the right tool:
• AWS Identity and Access Management (IAM)
• AWS CloudFormation
• AWS CloudTrail
• Amazon CloudWatch
• Amazon CloudWatch Logs
• AWS Config
• Amazon Simple Storage Service (Amazon S3)
• Amazon Elastic Compute Cloud (Amazon EC2)
• Amazon Virtual Private Cloud (Amazon VPC)
• Amazon VPC Pairing
• Amazon Glacier
• Amazon VPC FlowLogs

S U M M I T
Current TIC Use Case
Use Case 2: D/A Restricted-Access Data In this use case, a D/A establishes a controlled-access website
hosted by a FedRAMP-authorized CSP for restricted-access data.
Use Case 2 Assumptions
• A D/A remote user is
accessing restricted-access
data.
• The connection between the
D/A and the CSP is an
encrypted tunnel and/or
dedicated connection.
• There are no services
offered at the CSP to the
public Internet.

S U M M I T
Iterating on TIC
Innovation
o The TIC v3.0 draft policy focuses on removing barriers
o The acceptance of alternative security controls takes advantage of innovation on the
commercial side
o Defense across the architecture for end-point and user-based protections can eliminate need
for the physical routing of traffic
o Calling for new use cases to identify scenarios where TICAP routing isn’t required
Collaboration
o Develop Pilot > Initiate Pilot > Approve Use Case > Solicit Feedback > Acquisitions
Automated Verification
o Ongoing assessments through common AWS native and third-party tools enable streamlined
validation process
o Programs such as ATO on AWS deliver structured architectures to support compliance

S U M M I T
Benefits of v3.0 Framework
Efficient deployment
o Use AWS native services to deploy templated, repeatable environments
o AWS and Third-Party Tools allow for the creation of Infrastructure as code to feed the
repeatable deployment methodologies and frameworks
Rely on Commercial Research & Development
o CSPs – and in particular AWS – are constantly innovating, with AWS making thousands of new
services or capabilities available yearly
o Third-party tools are rapidly evolving and earning FedRAMP status along the way
o TIC v3.0 focuses on leveraging commercial developments to provide modern capabilities
Security at multiple levels
o As cloud use expands, logging tools are ever vigilant, especially AWS native tools like AWS
CloudTrail
o Native tools and third-party tools combined to monitor traffic, detect threats, and take quick
action where authorized, without manual intervention

S U M M I T
Thank you!
S U M M I T
Matt Jordan
mjordan@jhctechnology.com

S U M M I T
S U M M I T

S U M M I T
Click to add slide title (size 48)
Lorem ipsum dolor sit amet, error
possim abhorreant vix ne, ne mel
debitis iudicabit voluptatibus. Affert
timeam debitis no nam. Sint
democritum complectitur his an.
Ex mei admodum inciderint, cum cu
nihil commune atomorum. Vix ea
possit similique elaboraret.

S U M M I T
Click to add slide title
(size 48)

S U M M I T
Click to add slide title (size 48)

S U M M I T
Screenshot
Place a screenshot
behind the image of a
laptop or smartphone
to show it on a device.
1. Place the screenshot on
the slide.
2. Use the Alignment tools or
Selection Pane to place the
screenshot behind the
device. For more information
on how to use the alignment
tools and Selection Pane,
refer to slides 58 and 59.
3. Resize and/or crop the
screenshot to fit the device.

S U M M I T
Using videos
To keep the file size small enough to upload to
the SRC, please wait until you get onsite to
embed videos in the speaker-ready room
To embed a video, you can use the Embed_Video
slide layout. You can also add a video to a slide
by doing the following:
1. On the Insert tab, select Video.
2. Choose either an online video or a video you have
saved to your machine.
3. On the Video Tools menu, go to the Playback options to
make the video play full screen, automatically or on-click,
loop, hide when not playing, or rewind after playing.

S U M M I T
How to apply
the template
Apply the template to an existing
PowerPoint presentation
1. Save this template to your Desktop.
2. Open an existing PowerPoint file
that you want to update.
3. Select Design, scroll down, and select
Browse for Themes.
4. Browse to the template file (.potx) you saved
to your Desktop, and select Open.
5. Under Layout, right-click on the slide thumbnail,
and select the layout you want to use
(Title_#Speaker and Title_and_Content will
be the most common).
6. Some things will shift when you do this. Adjust
accordingly to get the slide how you want it.

S U M M I T
Theme colors
The PowerPoint palette for this template has
been built for you and is shown below.
Limit color usage to two colors per slide.
Choose one main color and one accent color
from the first four colors of the template
(limit use of yellow and green).
Do not use different shades of a color.
R: 255
G: 255
B: 255
R: 0
G: 0
B: 0
R: 40
G: 40
B: 40

S U M M I T
Text
Accessibility
Do not use dark colored
text on dark backgrounds or
light colored text on light
backgrounds.
Large text (above 24pt) and
icons must have a contrast
ratio of 3 or above.
Text Text
TextText Text

S U M M I T
Typography
Amazon Ember Light should be used for titles
Titles should be sentence case.
Hyperlink example Hyperlink example

S U M M I T
Typography continued
Select the appropriate font weight from the list of fonts.
These are all the usable fonts in the Amazon Ember family:
Amazon Ember
Amazon Ember Heavy
Amazon Ember Light
Amazon Ember Medium
Amazon Ember Thin
Amazon Ember Italic

S U M M I T
Grid/guidelines
To view the grid, in the View
tab, select Guides.
Or press Alt+F9. To turn it off,
press Alt+F9 again.

S U M M I T
Quick Access Toolbar
PowerPoint has a toolbar populated with icons
that perform common tasks. This can be a great
way to save time, removing the need to repeatedly
navigate through menus.
You can customize your Quick Access Toolbar to add
buttons for alignment, formatting, and other adjustments
you’ll be making frequently. To do this, on the far right of
the Quick Access Toolbar, select the down arrow, and select
More Commands.
Here, you can browse dozens of different commands, add
and remove commands, and even export a Quick Access
Toolbar to open it on another machine.

S U M M I T
Easy to use alignment tools

S U M M I T
Selection and formatting panes
To view an itemized list of objects on the slide
and their order of appearance, under the File
tab, in the Editing section, click Select,
and then click Selection Pane.
To view the formatting options pane for
objects on the slide, right-click the object,
and select Format Shape.

S U M M I T
Animation options
The four options of animation are:
Entrance animations (green) which
describe the animations that bring
an object onto the slide.
Exit animations (red) which describe
the animations that take an object
off the slide.
Emphasis animations (yellow) which
affect objects but don’t bring them in
or move them off the slide.
Motion paths (line) move the object
around the slide. In addition to speed,
motion paths also have “easing,” which defines
how quickly the object begins or ends moving.
The following animations are acceptable to use:
Fade in/Fade out
Grow/shrink
Lines

S U M M I T
Animation pane
The Animation Pane
provides a detailed
view of all the
animations happening
within your slide.
This includes the slide element's
name, the duration of its
animation, and when the
animation will start.
To access the Animation Pane,
select the Animations tab, and
click Animation Pane.

S U M M I T
Photography
1. The point of view should be top down, ground up,
or human sight line.
2. Color aligns with the overall AWS palette. Black and white
is not approved.
3. Don’t add gradients over photography.
4. Conceptual/abstract/pattern photos can be used but need
to reference characteristics of a product or service that
doesn’t have a specific physical metaphor (i.e., speed,
security, AR/VR).
5. We do not show servers, databases, racks, or
infrastructure hardware.
6. Licensing images is often not as expensive as you may think
for a single use in a PowerPoint presentation. If you are
looking for unique images or photographs for your slides,
try some of these options to legally license use of the image:
Getty Images
Shutterstock
Creative Commons

S U M M I T
Table 1
Placeholder Placeholder
Placeholder Placeholder Placeholder

S U M M I T
Table 2
Placeholder Placeholder

S U M M I T
Table 3
Placeholder Placeholder Placeholder Placeholder

S U M M I T
Charts
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
Category 1 Category 2
Chart Title
Series 1 Series 2 Series 3

S U M M I T
AWS product and resource icons
Download icons to use in
your presentation here:
https://aws.amazon.com/
architecture/icons/

Public Sector Summit Cloud Smart Zero-Trust TIC

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Public Sector Summit Cloud Smart Zero-Trust TIC

Similar to Public Sector Summit Cloud Smart Zero-Trust TIC (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Public Sector Summit Cloud Smart Zero-Trust TIC