What iaas CloudBC Thought Leadership?
CloudBC provides thought leadership to support participating organizations in their change efforts to adopt cloud.
Thought Leadership objectives include:
Common artifacts – Develop standard templates such as best practice contract terms & conditions, Privacy Impact Assessments (PIAs) and Security, and Threat Risk Assessments (STRAs), cloud readiness and strategic planning assessments that can be shared across the broader public sector.
|Networking – Support the creation of a self-sustaining community of practice of IT and business professionals across the broader public sector to share lessons learned about cloud.|
|Global experts – Establish a network of experts from BC, Canada and other jurisdictions to inform CloudBC activities and help educate the participating organizations on cloud adoption.|
|Recommended knowledge ware – Establish a shared knowledge base of recommended best practices and guidelines based on priority topics.|
We facilitate a standing working group on cloud to explore key topics of interest. Agendas are driven by common issues, challenges and opportunities faced by our member organizations.
Participants include representatives from all participating organizations and other interested parties within the BC public sector including municipalities, the education sector, not-for-profit organizations, and utilities.
This forum serves as an excellent networking opportunity for IT professionals in the BC public sector to share their experiences and lessons learned as they relate to cloud.
If you interested in participating in this working group, please contact us at us firstname.lastname@example.org for more information.
An online Knowledge Centre is under construction to facilitate online collaboration, networking and knowledge sharing among participating BC public sector organizations.
In the meantime, CloudBC recommends the following organizations and example publications as demonstrating excellence in best practice and vendor-neutrality:
- Cloud Customers Standards Council (CCSC) – practical guides to cloud computing
- Cloud Security Alliance (CSA) – Cloud Controls Matrix that maps security controls to leading cloud standards
- International Organization for Standardization (ISO) – cloud-specific standards include ISO/IEC 17788/17789, 19086, 27017/18
- National Institute of Standards and Technology (NIST) – key definitional publications on cloud
- Open Data Center Alliance (ODCA) – Cloud Maturity Model to help organizations build their hybrid IT plans
Readiness & Cloud Planning
CloudBC recommends the ODCA’s Cloud Maturity Model (CMM) to help guide the development of a customer’s cloud-enabled digital strategy.
|The Open Data Center Alliance (ODCA) is a consortium of leading global IT organizations dedicated to accelerating adoption of interoperable solutions and services for cloud computing.
ODCA’s body of work is focused on cloud adoption and considers business and technical aspects of cloud readiness and maturity, unified by a set of usage models.
Learn more about Version 3.1 of the CMM by downloading the package here, including an Executive Overview and Analysis Questionnaire..
Security & Privacy
CloudBC plays an important role in supporting a common approach to security and privacy in the cloud across the BC broader public sector.
The Invitation to Establish Eligibility to Submit IaaS and PaaS Offers (ITSO) and associated CloudBC Contract Framework template on BC Bid (issued by the Province Ministry of Technology, Innovation and Citizens’ Services under number ON-002797) outlines recommended minimum acceptable security requirements as well as privacy requirements for cloud services that store personally identifiable data.
The privacy requirements align to the Office of the Information & Privacy Commissioner for British Columbia’s Cloud Computing Guidelines for Public Bodies which provide guidance on how BC’s Freedom of Information and Protection of Privacy Act (FOIPPA) applies to the use of cloud computing services.
PIA and STRA Templates
CloudBC will facilitate the creation and sharing of common Privacy Impact Assessment (PIA) and Security Threat Risk Assessment (STRA) templates. These may focus on specific cloud-based hosting (Infrastructure as a Service, or IaaS), platform & middleware (Platform as a Service, or Paps), and end user software (Software as a Service, or SaaS) technologies and use cases. These can be leveraged and adapted, as required, by participating organizations as they prepare their project-specific PIAs & STRAs.
CloudBC, the Cloud Security Alliance (CSA) and NASPO ValuePoint collaborated on a webinar on how public sector organizations can use the CSA tools due diligence on their cloud service awards.
Watch the webinar video to learn how to:
- Assess your data and workload security classifications and risks
- Identify standards and controls in an awarded cloud application
- Assure the cloud application you select meets your data and security needs
Other Priority Topics
Based on input from the participating organizations, additional priority topics include:
- Cloud procurement
- Dev/Ops in a Hybrid IT environment
- Integration in a Hybrid IT environment
- Organizational change management
How to get involved
Do you have expertise on cloud? On digital strategy? Are you passionate about enabling public sector innovation through IT? We would welcome the opportunity to connect with you. Please contact us at email@example.com.