WEBVTT

00:11.040 --> 00:13.600
Welcome to the DOW ESI video series.

00:14.280 --> 00:18.830
In this tutorial we will provide a high
level overview of cloud computing and

00:18.830 --> 00:21.280
software as a service, also known as SaaS.

00:22.040 --> 00:22.880
Let&#39;s take a look.

00:25.200 --> 00:28.221
Although SaaS and cloud computing are
closely related,

00:28.221 --> 00:29.760
they are not the same thing.

00:31.120 --> 00:34.872
Think of cloud computing as the
technology that hosts software,

00:34.872 --> 00:39.328
while SaaS is how software companies
deliver that software to users via the

00:39.328 --> 00:39.680
cloud.

00:40.920 --> 00:44.827
In the government,
the authoritative document for

00:44.827 --> 00:49.360
understanding cloud and SaaS is NIST
Publication 800-145.

00:49.880 --> 00:53.753
NIST stands for the National Institute of
Standards and Technology,

00:53.753 --> 00:58.025
while other NIST publications provide
guidance on topics like security and

00:58.025 --> 00:58.880
access control.

00:59.280 --> 01:05.501
800-145 defines the core characteristics
of a cloud, which are on demand,

01:05.501 --> 01:11.554
self-service, broad network access,
resource pooling, rapid elasticity,

01:11.554 --> 01:13.320
and measured service.

01:14.520 --> 01:18.691
Some cloud characteristics describe the
infrastructure behind the scenes,

01:18.691 --> 01:21.680
while others describe the benefits users
experience.

01:23.040 --> 01:25.779
SaaS is one way those benefits are
delivered,

01:25.779 --> 01:30.603
enabling consumers to access and use the
provider hosted applications as defined

01:30.603 --> 01:31.080
by NIST.

01:32.280 --> 01:35.160
Cloud and SaaS are not newly created
technologies.

01:35.480 --> 01:37.520
They evolved from three separate tracks.

01:38.840 --> 01:43.410
One track describes the evolution of
software license models from perpetual to

01:43.410 --> 01:45.320
term licenses with subscriptions.

01:46.400 --> 01:49.228
The second track shows the evolution of
connectivity,

01:49.228 --> 01:50.800
culminating with the Internet.

01:52.040 --> 01:55.403
The third track details the evolution of
hosting models,

01:55.403 --> 01:59.828
which began with servers and networks,
then expanded to include additional

01:59.828 --> 02:01.480
services and infrastructure.

02:02.680 --> 02:07.800
These 3 tracks then converged in the late
1990s, resulting in cloud and SaaS.

02:09.000 --> 02:12.119
Since then,
DOW guidance and strategy have continued

02:12.119 --> 02:16.357
to evolve, establishing governance,
standardized security requirements,

02:16.357 --> 02:20.006
modernization initiatives to support
artificial intelligence,

02:20.006 --> 02:24.480
and enterprise wide approaches to cloud
adoption and migration initiatives.

02:25.800 --> 02:29.920
The NIST document also describes 4 basic
types of cloud deployment models.

02:30.200 --> 02:33.200
They are Public, Private, Hybrid,
and Community.

02:33.800 --> 02:36.040
Public Clouds are open to the general
public.

02:36.640 --> 02:39.760
They can be shared by any number of
unrelated entities.

02:40.360 --> 02:44.906
Private Clouds are created for the
exclusive use of a single organization or

02:44.906 --> 02:45.320
entity.

02:45.960 --> 02:50.210
A Hybrid Cloud consists of a combination
of Private Cloud and Public Cloud

02:50.210 --> 02:50.720
elements.

02:51.520 --> 02:55.240
Community Clouds are shared by multiple
entities with shared concerns.

02:55.480 --> 02:58.560
The cloud itself might be Public, Private,
or Hybrid.

02:59.840 --> 03:03.269
In November 2010,
the Office of Management and Budget or

03:03.269 --> 03:05.917
OMB,
issued guidance encouraging the use of

03:05.917 --> 03:06.880
cloud resources.

03:07.320 --> 03:11.448
In December 2010,
the DOW issued guidance that became known

03:11.448 --> 03:12.480
as Cloud First.

03:13.720 --> 03:17.228
In December 2011,
GSA issued a set of government standards

03:17.228 --> 03:20.440
for authorizing and approving use of
cloud offerings.

03:21.120 --> 03:24.913
The program is called FedRAMP,
which stands for Federal Risk and

03:24.913 --> 03:26.840
Authorization Management Program.

03:27.160 --> 03:31.243
Note while FedRAMP is a necessary
approval step for cloud agreements,

03:31.243 --> 03:34.160
it may not be sufficient approval in your
agency.

03:35.360 --> 03:39.076
In September 2018,
the Federal CIO released the Cloud Smart

03:39.076 --> 03:41.740
Strategy,
shifting the mandate from moving

03:41.740 --> 03:46.447
everything to the cloud to a needs-based
approach that focuses on security,

03:46.447 --> 03:48.120
procurement, and workforce.

03:49.320 --> 03:52.455
In April 2025,
the DOW released its Fiscal year

03:52.455 --> 03:57.223
2025-2026 Software Modernization
Implementation Plan with the three main

03:57.223 --> 04:00.096
goals of accelerating the enterprise
cloud,

04:00.096 --> 04:03.950
establishing a department wide software
factory ecosystem,

04:03.950 --> 04:08.000
and transforming internal processes for
speed and resilience.

04:08.720 --> 04:12.880
The DOW is continually evolving its AI
strategy to support these goals.

04:14.000 --> 04:19.524
The five main benefits of using cloud
infrastructure and SaaS licenses are cost

04:19.524 --> 04:24.289
reduction, speed and flexibility,
greater connectivity and mobility,

04:24.289 --> 04:28.640
heightened security,
and easier collaboration and integration.

04:29.800 --> 04:34.542
ESI encourages you to adopt an analytical
approach when evaluating cloud and SaaS

04:34.542 --> 04:38.880
proposals to identify the provider that
best meets your user requirements.

04:39.960 --> 04:42.000
Here are a few sample questions to
consider.

04:42.600 --> 04:45.240
Which subscription term best meets your
requirements?

04:46.120 --> 04:49.720
Do you have any control over the timing
of updates or enhancements?

04:50.640 --> 04:53.000
Can you access the necessary
customizations?

04:53.720 --> 04:56.920
How does the vendor meet government
security standards?

04:58.040 --> 05:02.189
These and other questions can help you
validate whether you will receive the

05:02.189 --> 05:03.160
expected benefits.

05:04.320 --> 05:07.840
The following are especially important in
cloud and SaaS agreements.

05:08.400 --> 05:13.198
Data rights and responsibilities,
ownership of customizations or

05:13.198 --> 05:18.809
enhancements, security covenants,
termination and Service Level Agreements,

05:18.809 --> 05:19.400
or SLAs.

05:20.760 --> 05:25.224
SLAs become even more important in cloud
and SaaS agreements because you don&#39;t

05:25.224 --> 05:28.106
have custody or direct control over the
resources,

05:28.106 --> 05:30.480
you&#39;re completely dependent on the vendor.

05:31.200 --> 05:35.345
SLAs should be written to define response
times for reported defects,

05:35.345 --> 05:38.840
the time to fix reported defects,
and system availability.

05:39.520 --> 05:44.004
Please keep in mind that this tutorial
serves as a high level overview of cloud

05:44.004 --> 05:47.142
and SaaS offerings and that these
services are dynamic,

05:47.142 --> 05:48.320
ever changing topics.

05:49.440 --> 05:52.702
For the latest information on cloud
computing and SaaS,

05:52.702 --> 05:56.954
please visit the ESI website for white
papers, articles, policy updates,

05:56.954 --> 05:58.120
and other resources.

06:00.240 --> 06:01.800
Thank you for viewing this tutorial.

06:02.000 --> 06:07.696
Please visit the DOW ESI website For more
information and to watch other videos in

06:07.696 --> 06:08.520
this series.