1
WGU D485 DGN2 TASK 1: Cloud Security
Implementation Plan Latest Update with
complete solution
DGN2 TASK 1: Cloud Security Implementation Plan
College of Information Technology, Western Governors University
August 22, 2024
, 2
Cloud Security implementation Plan
A. Executive Summary
With their rapid growth, and mounting cybersecurity concerns, SWBTL LLC has begun a
migration to the Microsoft Azure cloud environment. The consultant who was heading up the
migration has unexpectedly left the project to work for another company, and in doing so has left
the Microsoft Azure environment in need of serious repair. After viewing the company overview
and business requirements, I have identified several areas in which the business requirements are
not in sync with the current security infrastructure.
1. Role Based Access Control (RBAC): SWBTL LLC’s business requirements
document mentions that each department should have its own resource group, and
these resource groups should apply the principal of least privilege. That is where role-
based access controls come in. The current cloud environment does not utilize role-
based access controls, so it is difficult to apply the principal of least privilege within
the environment. This causes serious security concerns.
2. Compliance: Due to the frequent payment card transactions that the company
processes daily, and the contracts that they have with the United States Government,
SWBTL LLC must remain in compliance with multiple regulations. The Payment
Card Industry Data Security Standard DSS, or PCI DSS, and the Federal Information
Security Modernization Act, better known as FISMA. The current Cloud environment
does not appear to be in compliance with these regulations.
3. Azure Key Vaults and Encryption: The business requirements document states that
the cloud should incorporate data at rest and data in transit encryption. This not only
, 3
helps keep the data secure, but it helps keep SWBTL LLC compliant with the
relevant standards and regulations. Currently, the Company’s Cloud infrastructure
does not appear to be taking advantage of the Azure Key Vaults tool.
4. Vulnerability Scans: The scope of vulnerability scans and vulnerability management
in general should be better defined in the Microsoft Azure environment.
5. Backups: The business requirements document has specific requirements regarding
backup frequency, location, times and for how long the backups should be kept.
There are no configurations present in the current environment that support these
requirements.
SWBTL LLC’s Azure environment in its current form is seriously lacking the necessary
configurations and policies to not only be compliant with regulations, but also to keep data
secure. There are several critical actions that need to be taken in order to strengthen the
company’s cloud environment and bring it up to industry security standards.
B. Proposed Course Of Action
Service Model –
SWBTL LLC should take immediate action to bring its Microsoft Azure environment into line
with the business overview and requirements document. The service model should have the
capability to be incompliance with all applicable regulations and standards set out in the
, 4
document. I am recommending that SWBTL LLC transitions into the Azure Government
Infrastructure as a Service (IaaS) model. This model would fulfil compliance requirements and
SWBTL LLC should qualify as a government contractor.
Applicable Regulatory Directives -
Payment Card Industry Data Security Standard (PCI DSS): The Payment Card Industry Data
Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that
process, store, or transmit credit card information maintain a secure environment (de Groot,
2024). Because SWBTL LLC processes a large amount of payment card transactions daily, it is
imperative that they adhere to the standards set out in PCI DSS. These standards include 12
points that involve a variety of protections including requirements on: firewalls, passwords,
encryption, antivirus protection, physical access and vulnerability scanning.
Federal Information Security Modernization Act (FISMA): Because SWBTL LLC maintains a
number of contracts with the United States government, the company overview and business
requirements document states that SWBTL LLC must maintain compliance with the Federal
Information Security Modernization Act, which essentially outlines how to secure federal data.
FISMA has requirements regarding monitoring, conducting risk assessments, security controls,
maintain a security plan, data categorization and maintaining an IT inventory (Solarwinds,
2023). Again, a transition to Azure Government Infrastructure as a service (IaaS) should be a
perfect fit given the business requirements.
WGU D485 DGN2 TASK 1: Cloud Security
Implementation Plan Latest Update with
complete solution
DGN2 TASK 1: Cloud Security Implementation Plan
College of Information Technology, Western Governors University
August 22, 2024
, 2
Cloud Security implementation Plan
A. Executive Summary
With their rapid growth, and mounting cybersecurity concerns, SWBTL LLC has begun a
migration to the Microsoft Azure cloud environment. The consultant who was heading up the
migration has unexpectedly left the project to work for another company, and in doing so has left
the Microsoft Azure environment in need of serious repair. After viewing the company overview
and business requirements, I have identified several areas in which the business requirements are
not in sync with the current security infrastructure.
1. Role Based Access Control (RBAC): SWBTL LLC’s business requirements
document mentions that each department should have its own resource group, and
these resource groups should apply the principal of least privilege. That is where role-
based access controls come in. The current cloud environment does not utilize role-
based access controls, so it is difficult to apply the principal of least privilege within
the environment. This causes serious security concerns.
2. Compliance: Due to the frequent payment card transactions that the company
processes daily, and the contracts that they have with the United States Government,
SWBTL LLC must remain in compliance with multiple regulations. The Payment
Card Industry Data Security Standard DSS, or PCI DSS, and the Federal Information
Security Modernization Act, better known as FISMA. The current Cloud environment
does not appear to be in compliance with these regulations.
3. Azure Key Vaults and Encryption: The business requirements document states that
the cloud should incorporate data at rest and data in transit encryption. This not only
, 3
helps keep the data secure, but it helps keep SWBTL LLC compliant with the
relevant standards and regulations. Currently, the Company’s Cloud infrastructure
does not appear to be taking advantage of the Azure Key Vaults tool.
4. Vulnerability Scans: The scope of vulnerability scans and vulnerability management
in general should be better defined in the Microsoft Azure environment.
5. Backups: The business requirements document has specific requirements regarding
backup frequency, location, times and for how long the backups should be kept.
There are no configurations present in the current environment that support these
requirements.
SWBTL LLC’s Azure environment in its current form is seriously lacking the necessary
configurations and policies to not only be compliant with regulations, but also to keep data
secure. There are several critical actions that need to be taken in order to strengthen the
company’s cloud environment and bring it up to industry security standards.
B. Proposed Course Of Action
Service Model –
SWBTL LLC should take immediate action to bring its Microsoft Azure environment into line
with the business overview and requirements document. The service model should have the
capability to be incompliance with all applicable regulations and standards set out in the
, 4
document. I am recommending that SWBTL LLC transitions into the Azure Government
Infrastructure as a Service (IaaS) model. This model would fulfil compliance requirements and
SWBTL LLC should qualify as a government contractor.
Applicable Regulatory Directives -
Payment Card Industry Data Security Standard (PCI DSS): The Payment Card Industry Data
Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that
process, store, or transmit credit card information maintain a secure environment (de Groot,
2024). Because SWBTL LLC processes a large amount of payment card transactions daily, it is
imperative that they adhere to the standards set out in PCI DSS. These standards include 12
points that involve a variety of protections including requirements on: firewalls, passwords,
encryption, antivirus protection, physical access and vulnerability scanning.
Federal Information Security Modernization Act (FISMA): Because SWBTL LLC maintains a
number of contracts with the United States government, the company overview and business
requirements document states that SWBTL LLC must maintain compliance with the Federal
Information Security Modernization Act, which essentially outlines how to secure federal data.
FISMA has requirements regarding monitoring, conducting risk assessments, security controls,
maintain a security plan, data categorization and maintaining an IT inventory (Solarwinds,
2023). Again, a transition to Azure Government Infrastructure as a service (IaaS) should be a
perfect fit given the business requirements.
