Search


Cloud Usage Profiles

(Back)

A summary of the different types of cloud usage is outlined in the description of the profile in the table below:

Ref # Profile Characteristics Applicable Service Model Connection Type
1 Experimentation/Sandbox <ul><li>Cloud-based services used for experimentation/sandbox</li><li>No direct system to system network interconnections required with GC data centers </li></ul> IaaS, PaaS, SaaS Type 1 - EIS/IIS
2 Non-sensitive cloud-based services <ul><li>Cloud-based services hosting non-sensitive GC content</li><li>No direct system to system network interconnections required with GC data centers </li></ul> IaaS, PaaS, SaaS Type 1 - EIS/IIS
3 Sensitive (up to PB) cloud-based services <ul><li>Cloud-based services hosting sensitive (up to Protected B) information</li><li>No direct system to system network interconnections required with GC data centers</i></ul> IaaS, PaaS, SaaS Type 1 - EIS/IIS
4 Sensitive (up to PB) cloud-based services for GC-wide SaaS Solutions <ul><li>Cloud-based services hosting sensitive (up to Protected B) information for GC-wide enterprise applications (SaaS)</li><li>No direct system to system network interconnections required with GC data centers </li></ul> SaaS Type 2 - IXP
5 GC to GC only (Hybrid IT - extension of GC Data Centers) <ul><li>Hybrid IT environment with an extension of GC network to cloud-based virtual private cloud (up to Protected B) information</li><li>GC cloud-based systems required to interact with systems in GC data centers</li><li>Restricted environment to GC users only</li><li>No external user connections to/from GC cloud-based virtual private cloud and no publicly accessible services</li></ul> IaaS, PaaS Type 3 - CXP
6 Cloud-based services with External user access and interconnection to GC data centers <ul><li>Cloud-based services hosting sensitive (up to Protected B) information</li><li>GC cloud-based systems required to interact with systems in GC data centers</li><li>Environment accessible for both GC users and External users and services</li><li>Solution implemented, managed and operated by a GC department/agency</li></ul> IaaS, PaaS Type 3 - CXP

Applicability of Guardrails to Cloud Usage Profiles

The following table outlines the applicability of the guardrails to the cloud usage profiles.

ID Cloud Guardrails Applicable Service Model Profile 1 - Experimentation/Sandbox Profile 2 - Non-sensitive cloud-based services Profile 3 - Sensitive (up to PB) cloud-based services Profile 4-Sensitive (up to PB) cloud-based services for GC-wide SaaS solutions Profile 5 - GC to GC only (Hybrid IT- Extension of GC Data Centers) Profile 6 - Cloud-based Service Accessible to External users (Connections to GC Data centers required)
01 Protect root / global admins account IaaS, PaaS, SaaS Required Required Required Required Required Required
02 Management of administrative privileges IaaS, PaaS, SaaS Required Required Required Required Required Required
03 Cloud console access IaaS, PaaS, SaaS Recommended Required Required Required Required Required
04 Enterprise monitoring accounts IaaS, PaaS, SaaS Required (for billing) Required Required Required Required Required
05 Data location IaaS, PaaS, SaaS Recommended Recommended Required (in Canada for GC storage of PB and above) Required (in Canada for GC storage of PB and above) Required (in Canada for GC storage of PB and above) Required (in Canada for GC storage of PB and above)
06 Protection of data-at-rest IaaS, PaaS, SaaS Not Required Recommended Required Required Required Required
07 Protection of data-in-transit IaaS, PaaS, SaaS Recommended Required Required Required Required Required
08 Segment and separate IaaS, PaaS Required (network filtering at a minimum) Required Required Required Required Required
09 Network security services IaaS, PaaS, SaaS Recommended Required Required Required (Restrict to GC only) Required (Deny External Access policy - GC only) Required
10 Cyber defense services IaaS, PaaS, SaaS Not Required Required Required Required Required Required
11 Logging and monitoring IaaS, PaaS, SaaS Recommended Required Required Required Required Required
12 Configuration of cloud marketplaces IaaS, PaaS, SaaS Required Required Required Required Required Required