PowerPoint Presentation

[Audio] Welcome to the introduction of the cloud maturity model from the cloud office of the department of Air Force DEF cloud works. The purpose of the cloud, maturity model is to assess a company's readiness for cloud services. The model outlines the people, process, and the technological aspects needed to develop organizations cloud computing infrastructure. There are four stages to the cloud maturity model. Level one - the word of the cloud contract. Level two - the cloud environment is deployed. Level three - common or enterprise services and Level four - the cloud is fully deployed and managed..

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

Cloud Contract Awarded. Fully Deployed & Managed Cloud.

[Audio] Journey To Cloud Maturity (the DAF CLOUDworks Perspective – from experience…) The starting line: You get/have a cloud contract with one or many cloud service providers or a reseller getting you access (i.e. through DAF Cw) Build Your Team ( Business team needed to help on-board, set up the accounts. Work through the task order, cost estimates, the available optional cloud services and their security plan then get an IATT to start in development): A project manager A contracting officer (that understands the nuances of and uniqueness of cloud contracting-Fair Opportunity-justifications, thresholds, warrant limits) A resource/finance manager (people to pay the bills well as people to monitor usage/ burn rates) A Security manager (that has the means to control access to the requestor for various types of accounts) Technical Lead - someone to manage the tech aspects ( cloud engineers/ architects/etc) Initial cloud environment deployed - You now have access to a blank virtual data center full of empty virtual approved hardware and high speed interconnectivity that is blank. What else do you need? Do you have a security team to work with the accrediting officials to document what you are trying to do and how Do you have a cloud savvy accreditation team for them to work with? Blank virtual data center that needs a security team to work with accrediting officials. Do you have an AO/ DAO that is familiar with cloud Do you have an AO/DAO that is familiar with cloud, broadly for the shared responsibilities and specific knowledge in some common services and their related vulnerabilities? They need to decide what cloud provider native services which are accredited to use and what will they build themselves? As a program you need to be able to estimate how much you will use and send a lump sum MIPR ( FORM 9) to use up over the year, while your expenditure rates are going to be an issue. You need your business team that will help on-board, setup the accounts, work through the task order, the cost estimating, the available optional cloud services, their security plan and get an IATT to start in development. The program is now going to wonder where they are going to get the Common/Enterprise Services required. There are subsets here of what all is needed which complicates the cloud deployment and continued maintenance/management ( Emphasis: Access to Intelligence Data and Cloud based applications. Enterprise Services): Security Build, manage, and operate Identity Management Services or IAM Patching and vulnerability scanning ( log storage and dedication to active defense/continuous monitoring) DNS requirements (determine need for DNS and building if it is required) Security tools ( running, maintenance, and VPC integration) Inspection/Compliance Audit configuration drift Code savvy auditors for continuous authorizations Cloud Environment Development & Services (build low and deploy high OR build high deploy high) Getting code into production and maintaining Cross domain (available or build) Access to outside data sources or systems for test Security for outside data connection (who will check this to allow) Engineering support (especially if program has guardrails) Need for professional services directly from provider Determine need for Instances Procedures for COTS and Government created software usage and solutions Need for Kubernetes? Big Bang copy? Code repositories available Service mesh or cloud native access point ( zero trust requirements) Cloud at the Edge How: Access to high-speed connections ( anywhere, any time, any place through edge devices) Which data centers will be used for classified workload at the Edge (determine need to own) Training (access to free or paid training via the contract) Collaboration Tools ( chat, knowledge management, code repository, compiler, automate function) Helpdesk/ Customer Support Service requests for infrastructure not owned or managed Process for commercial apps or software in need of approval Fully deployed and managed cloud environment (i.e. SUCCESS).