2_DGN1 Task 1 Cloud Security Implementation Plan and Presentation
.docx
keyboard_arrow_up
School
Western Governors University *
*We aren’t endorsed by this school
Course
D485
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
3
Uploaded by HighnessSparrow4047
A. Executive Summary: SWBTL LLC's Present Security Status in Azure Cloud
Synopsis
SWBTL LLC, a national firm heavily reliant on IT, is transitioning to Microsoft Azure's cloud platform. This move is critical for regulatory compliance, supporting government contracts, and driving business expansion.
Resource Group Configuration Issues
Misplaced Resources: Separate groups for Marketing, Accounting, and IT are in place, but there's a mismanagement of resources with many department-specific assets incorrectly located in the IT group.
Consequences: This misallocation may cause resource management inefficiencies and potential issues in access control.
Key Vault Configuration Shortcomings
Mismanaged Key Vaults: Vaults are incorrectly allocated among departments, raising risks in sensitive data management and violating the least privilege principle.
Absence of Access Policies: Key Vaults lack defined access policies, posing a serious security threat due to unregulated access permissions.
Backup and Recovery Non-Compliance
Missing SWBTL Backup Policy: The lack of a specific SWBTL backup policy fails to meet recovery objectives, compromising data recovery.
Poor Policy Implementation: Present backup policies are not correctly applied, affecting data recovery effectiveness.
Role-Based Access Control Problems
Excessively Broad Roles: Existing roles in resource groups are too inclusive, opposing the least privilege principle and heightening the risk of unauthorized data access.
Data Encryption Deficiencies
Missing Encryption: The lack of encryption for data at rest and in transit is a major non-
compliance issue, exposing the company to potential data breaches and regulatory penalties.
Conclusion and Actionable Recommendations
The existing setup in SWBTL LLC's Azure environment shows serious non-compliance with both internal and external standards. Immediate
action is needed to reorganize resource groups, properly assign and configure Key Vaults, enforce strict access controls, implement required backup policies, and uphold data encryption standards. Addressing these issues is essential to strengthen security and align with SWBTL LLC's strategic business goals.
B. Strategic Plan for a Secure Azure Cloud Solution
Choosing the Service Model
Selected Model: Opt for a blend of Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). This model best suits SWBTL LLC, offering flexibility in managing servers, storage, and networking, along with Azure services for databases and backup solutions.
Reasoning: IaaS gives SWBTL LLC control over virtual servers and storage, fitting their need for Active Directory support and legacy applications. PaaS will be used for databases and other managed services for efficiency.
Compliance with Regulatory Directives
Adhering to FISMA and PCI DSS:
o
Data Protection: Enforce stringent data security measures, including encryption, to meet PCI DSS.
o
Access Management: Establish strong identity and access management policies for FISMA compliance.
o
Audits and Reporting: Perform regular security audits and maintain logs for FISMA's continuous monitoring and PCI DSS's reporting requirements.
o
NIST SP 800-53 Alignment: Prepare for assessments by aligning security controls
with NIST SP 800-53 standards.
Security Advantages and Challenges
Benefits:
o
Improved Data Security: Utilizing Azure's security features like Azure Security Center and Key Vault will boost data security and compliance management.
o
Scalable Security: Resource scaling will not compromise security or operational efficiency.
o
Enhanced Disaster Recovery: Azure's disaster recovery capabilities will improve business continuity.
Challenges:
o
Skill Development: The shift to cloud infrastructure may necessitate additional training or hiring of cloud security professionals.
o
Legacy Integration: Merging legacy systems with cloud infrastructure could pose compatibility issues.
o
Setup Complexity: A secure and compliant initial setup requires meticulous planning.
o
Ongoing Management: Continuous security monitoring and management are vital.
This proposed strategy presents a thorough approach for SWBTL LLC to secure their Azure cloud environment, considering the appropriate service model, compliance needs, and balancing the security advantages and challenges.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help