P&P April Issue 2018

A Disaster Recovery Solution for Origin Given the mission criticality of the child support business processes along with the sensitivity of hosted data, the DOJ was determined to set up and maintain a quality disaster recovery (DR) solution for the new system that could enable continuity of services for its customers while minimizing cost and improving maintainability of the infrastructure for the agency. Policy compliance was another key driver for the DOJ identifying a DR solution for Origin. The state- wide Department of Administrative Services policy on business conti- nuity planning 1 mandated DR for the DOJ, as well as for all agencies under direct authority of the Governor, to ensure that critical business functions

Table 1. Available DR Option

DR as an On-Premise Service

DR as a Cloud Service Government Cloud Hosting Provider ■„ Hosting services available from leading government cloud providers ■„ Hosting and managed services required to meet federal and state com- pliance requirements

State Data Center

DOJ’s Information Services

Third Party Vendor

■„ State data center responsible for pro- viding on-premise hosting and managed services in a virtual environment ■„ Secondary site maintained at Helena, MT for DR

■„ On-premise virtual hosting solution main- tained by DOJ ■„ Managed services provided internally by DOJ

■„ Government, private, and hybrid hosting services provider located in Beaverton, OR ■„ Secondary site maintained in AZ for DR

DOJ and Deloitte Take a Deep Dive The next step in the process was to identify key evaluation criteria for hosting and implementing the DR system. To do this, the DOJ collabo- rated with Deloitte. The teams used their extensive health and human services experience to perform business impact analysis and identify system recovery point objectives (RPO) and recovery time objectives (RTO) for DR require- ments for the child support system project. In addition, Deloitte provided in-depth understanding of various federal and state regulatory policies for DR (e.g., Authority to Connect

and public services continue under any conditions. This policy set forth guidelines requiring all state agencies to develop, implement, test, and maintain business continuity plans, thereby driving the need for DR systems. Weighing the DR Options There are two primary options available for hosting the DR system— on-premise and cloud. Table 1 contains the specific options that were evalu- ated: DR as an On-Premise Service (State Data Center, DOJ’s Information Services, or Third Party Vendor) and DR as a Cloud Service (Public Cloud Hosting Provider).

Lorrin King is the Chief Information Officer at the Oregon Department of Justice.

Table 2. Evaluation Criteria

James Wollenweber is the Technical Manager for the Child Support

Cost of Ownership

■ Solution must be cost effective in maintenance mode (i.e., during normal operations when DR is on standby) as well as in operational mode (i.e., during the event of a disaster) ■ Reasonably moderate RPO/RTO requirements do not warrant the need for a “hot site” in either on-premise or cloud model, which allow maximizing on cost savings offered by the cloud’s data replication and pay-as-you-use model ■ Solution must be able to handle man-made and natural disaster events by providing redundant capabilities at an alternative geographical location ■ Solution must be able to support the RPO/RTO requirements for the system ■ Internal Revenue Service (IRS) 1075 prescribes security and privacy controls to protect Federal Tax Information (FTI) data ■ IRS established the Safeguards Program to ensure that government agencies receiving FTI data apply these controls through periodic audits ■ Solution must meet FedRAMP/IRS 1075 requirements, based on NIST 800-53 ■ Statewide policy mandates the development, testing, maintenance, and annual update of a business continuity plan (State Policy #107-001-010) ■ Solution must be able to handle loss of power, network, equipment failure, and data loss, among other areas ■ The technology for the solution should align with the DOJ’s future-state IT roadmap

System Project (Origin System) at the Oregon Department of Justice.

Robustness of Solution

Federal and State Compliance

Vishal Prabhu is a Specialist Leader and Application Architecture Assessment Champion at Deloitte Consulting LLP.

Vision Alignment

14

Policy&Practice April 2018

Made with FlippingBook - Online magazine maker