“Cloud is a style of computing where scalable and elastic IT-related capabilities are provided as a service to customers using Internet technologies. Intense hype surrounds cloud computing, making it difficult to understand vendor options and strategies.” – Gartner
WHAT IS THE CLOUD
Cloud Essential Characteristics
Self-service- service consumers directly provision computing resources Broad access- computing resources available over the network on a variety of devices (PC, mobile, other services) Resource pooling- multi-tenancy and location independence Elasticity- computing resources can be elastically provisioned (and returned) Measured service- usage can be monitored, controlled and reported.
Source: NIST SP 800-145 The NIST Definition of Cloud Computing
Cloud Service Models
Infrastructure as a Service (IaaS)- Raw access to resources (e.g., data storage, virtualization) “Ops without hardware”
Platform as a Service (PaaS)- Access to preconfigured applications and systems. “Dev without ops”
Software as a Service (SaaS)- Access to a complete service or program (e.g., customer relationship management) “Business without devs”
Source: NIST SP 800-145 The NIST Definition of Cloud Computing; “Cloud Architecture at Netflix” / @CodingFabian
Cloud Deployment Models
Private E.g., Healthcare System
Community E.g., Laboratory Orders and Results using the APHL Cloud
Public E.g., BioSense 2.0 on the Internet GovCloud
Hybrid Mix of the above Surge capacity Load balancing
Source on the different models: NIST SP 800-145 The NIST Definition of Cloud Computing
WHY THE CLOUD
Benefits and Mandates
Reduce costs Increase agility Better auditing, monitoring through virtualization For government agencies, it’s an executive mandate Federal Cloud Computing Strategy, 2/8/2011 “Cloud First” “Shared Services First”
Source: Federal Cloud Computing Strategy
IMPORTANT CONSIDERATIONS
System Security and Information Privacy
Integrity – Data is not improperly modified Confidentiality – Data is not improperly disclosed Availability – Data access is not disrupted System rating – high water mark Low Moderate High
System Security and Information Privacy
CDC / HHS Certification & Accreditation / Security Assessment and Authorization NIST SP 800-37 All CDC Information Systems (Cloud and non-Cloud) Federal Information Security Management Act (FISMA)
Data is protected based on Federal Information Processing Standard (FIPS) 199-impact level: Low, Moderate, High
Confidentiality, Integrity, Availability
EXAMPLES
BioSense 2.0
Deployment Model: Public Cloud Service Model: PaaS Hosted by Amazon AWS GovCloud Collaboration, Analysis, Surveillance Platform
CDC Other jurisdictions Other Federal Agencies Private (e.g., healthcare providers, pharmacies, national labs, etc.) Public Access via Data.gov and Google Public Data Explorer
“Moderate” C&A Developed by Division of Informatics Solutions & Operations (DISO)
BioSense 2.0
Distributed, Safe and Secure Environment Internet GovCloud hosted on Amazon infrastructure under cooperative agreement with the ASTHO Received Authorization to Operate (ATO) from CDC subsequent to completing the Certification and Accreditation (C&A) process. Accredited at a FISMA-MODERATE level which incorporates the use of National Institute of Standards and Technology (NIST) Special Publications (computer security guidance) in its Certification and Accreditation (C&A) processes, ex: • NIST SP 800-18: Guide for Developing Security Plans for Federal Information Systems • NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach • NIST SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations
Annual Uptime Percentage of at least 99.95%.
Public Health Surveillance Platform (PHSP) and Shared Services
Deployment Model: Public Cloud Service Model: SaaS Hosted by Amazon AWS GovCloud Collaboration, Reporting, Analysis, Surveillance Service governmental access and contribution (e.g., local, state, federal, international, etc.) private access and contribution (e.g., healthcare providers, vendors, etc.) public access (Data.gov, Google Public Data Explorer, CDC Wonder, etc.) and contribution (e.g., Open Source community, hackathons, etc.)
“Moderate” and “High” C&A
OPPORTUNITIES
Public Health Surveillance Platform (PHSP) and Shared Services • PHSP is a multi-tiered architecture for the public health surveillance – Supports data submissions in multiple formats through many channels – Language-neutral data services – Data analysis and human curation – Analytical tools and services – Integration with other programs and software platforms, including: • • • • •
National notifiable diseases, Syndromic surveillance, Electronic laboratory reporting, Immunization, Social media and unstructured news reports.
• Collaborative and iterative approach that involves incremental improvements over time
Public Health Surveillance Platform (PHSP) and Shared Services
Initial release on March 22nd, 2012 Platform Bazaar :: an open and free online directory of technologies for posting, browsing and evaluating existing or new options Allow Free (Open Source or Open Access) and Commercial offerings to describe themselves Recommend funders to use this to evaluate the landscape Recommend jurisdictions to use and evaluate technology investments
Summary
Cloud Configuration depends on System or Platform Needs & Requirements Security Controls and Procedures Dependent on System, Platform, Information privacy and Cloud Provider Multiple provider options for Low or Moderate Data and Systems Emerging market options for High Data and Systems
BACK SLIDES
BioSense 2.0 Environment BioSense 2.0 Environment
Shared Spaces Jurisdiction Hospital Public-Access http://biosense2.org |
[email protected]
Linux virtual machine
data.biosen.se Apache PHINMS VPN Mirth
secure FTP NwHIN (Direct Project, Connect, etc.
credentials, metadata
Email
Direct
Payload* Data Elements
Response Data Extractor /
Loader
* Payload
Admin Dist
CONNECT
Response
*Payload consists of xml, csv, HL7 2.x and CDA
Response
data.biosen.se
(mirth)
Linux virtual machine
www.biosen.se
BioSense 2.0
Example of Use: Sporting Events Feature: Ad-hoc sharing among multiple jurisdictions during a sporting event (e.g., Super Bowl 2012). Utility: Prepare and maintain situation awareness by monitoring specific events of concern using informal sources in addition to healthcare utilization.
Example of Use: Sporting Events Feature: Ad-hoc sharing among multiple jurisdictions during a sporting event (e.g., Super Bowl 2012). Utility: Prepare and maintain situation awareness by monitoring specific events of concern using informal sources in addition to healthcare utilization.
Example of Use: Sporting Events Feature: Ad-hoc sharing among multiple jurisdictions during a sporting event (e.g., Super Bowl 2012). Utility: Prepare and maintain situation awareness by monitoring specific events of concern using informal sources in addition to healthcare utilization.
PHSP Example – Case Notification Summary NETSS Flat Files NBS Master Message (XML)
Receive
Acknowledge
Event Report from State
Data Analysis
HL7 Messages
Receiving: 1) Parse 2) Validate 3) Store
NEDSS Database and Message Archive
Access Interface (API) Simplifying and unifying how NEDSS data is accessed
MMWR Reporting
Message Monitoring & Error Analysis
PHSP Example – Case Notification Summary