1
WGU D485 DGN2 TASK 1 Cloud Security
Implementation Plan Latest Update with Complete
Assignment! ALREADY RATED A+
DGN1 TASK 1: Cloud Security Implementation Plan
James Nicholson
College of Information Technology, Western Governors University
November 9th, 2023
, 2
DGN1: Cloud Security Implementation Plan
A. Executive Summary
SWBTL LLC is a document and delivery service that has provided local shipping via
van, flatbed, and box truck since 1977. As the business has grown, it now supports nationwide
services. SWBTL LLC has had issues with the previous cybersecurity consultant leaving and not
providing proper documentation. These issues range from increased fees, service interruptions,
and various other cybersecurity concerns that are causing regulation issues with FISMA and PCI
DSS. SWBTL LLC’s cloud implementation must be updated and secured to meet business needs
and regulatory requirements. Leadership has several concerns about the current state of the cloud
configuration that’s implemented.
The current state of the cloud implementation has several issues that I hope to address
and resolve. Currently, users can view data and assets belonging to other teams within the
company. Administrators have been unable to verify file and system backups since the cloud was
first implemented. Finally, vulnerability boundaries have not been validated in a couple of years
and likely don’t encompass the Azure instance. These concerns can spell disaster for SWBTL if
not addressed appropriately.
SWBTL has requirements that must be addressed to conform to regulatory and business
requirements. These requirements have been created by leadership to assist the team with
meeting these requirements. Maintaining compliance with regulations and standards is a high
priority. The ability to provision, configure, and operate servers is something that needs to be
implemented as well as encrypting data at rest and in transit. Each department must have its own
Azure Key Vault with the principle of least privilege enabled. Furthermore, access policies
should be configured that allow Key Contributor Access for users in the department only in the
, 3
Azure Key Vault. Performing and verifying backups will be done by the IT department with the
recovery point objective (RPO) being 1 day and backups being performed daily at 7 pm ET on
all servers to meet the recovery time objective (RTO) of 36 hours. Instant recovery snapshots
must be maintained for at least 3 days and daily backup points must be maintained for 45 days. A
single recovery vault will be used to back up all VMs with a new backup policy being created
called SWBTL to ensure proper configurations. Finally, Tags must be used to help in identifying
resources belonging to each department.
B. Proposed Course Of Action
Based on the scenario I would choose the infrastructure-as-a-service model. The reasons
for choosing IaaS over PaaS or SaaS are based on the Company Overview. SWBTL needs to be
able to support operations with internally developed and vendor-provided software. These
custom applications must be supported by computing, storage, and network resources on
demand. Transitioning to an infrastructure-as-a-service model has many security benefits. One
benefit of using IaaS is the increase in performance. When using an IaaS technology, the
infrastructure will be provided and supported by the IaaS CSP. The IaaS provider will have an
SLA (Service Level Agreement) that both parties must agree to, to ensure that you are getting
what you are promised consistently. This will hold the CSP accountable and force them to give
the best performance possible. IaaS also is scalable which will also give SWBTL the ability to
scale to meet the demand of the business (Dataprise, 2023). There are also challenges of
transitioning to the cloud. Compatibility of existing infrastructure is one of them. Some
difficulties can arise when some systems come into contact so it's critical that an understanding
of possible compatibility problems are understood before. Another challenge is security and
WGU D485 DGN2 TASK 1 Cloud Security
Implementation Plan Latest Update with Complete
Assignment! ALREADY RATED A+
DGN1 TASK 1: Cloud Security Implementation Plan
James Nicholson
College of Information Technology, Western Governors University
November 9th, 2023
, 2
DGN1: Cloud Security Implementation Plan
A. Executive Summary
SWBTL LLC is a document and delivery service that has provided local shipping via
van, flatbed, and box truck since 1977. As the business has grown, it now supports nationwide
services. SWBTL LLC has had issues with the previous cybersecurity consultant leaving and not
providing proper documentation. These issues range from increased fees, service interruptions,
and various other cybersecurity concerns that are causing regulation issues with FISMA and PCI
DSS. SWBTL LLC’s cloud implementation must be updated and secured to meet business needs
and regulatory requirements. Leadership has several concerns about the current state of the cloud
configuration that’s implemented.
The current state of the cloud implementation has several issues that I hope to address
and resolve. Currently, users can view data and assets belonging to other teams within the
company. Administrators have been unable to verify file and system backups since the cloud was
first implemented. Finally, vulnerability boundaries have not been validated in a couple of years
and likely don’t encompass the Azure instance. These concerns can spell disaster for SWBTL if
not addressed appropriately.
SWBTL has requirements that must be addressed to conform to regulatory and business
requirements. These requirements have been created by leadership to assist the team with
meeting these requirements. Maintaining compliance with regulations and standards is a high
priority. The ability to provision, configure, and operate servers is something that needs to be
implemented as well as encrypting data at rest and in transit. Each department must have its own
Azure Key Vault with the principle of least privilege enabled. Furthermore, access policies
should be configured that allow Key Contributor Access for users in the department only in the
, 3
Azure Key Vault. Performing and verifying backups will be done by the IT department with the
recovery point objective (RPO) being 1 day and backups being performed daily at 7 pm ET on
all servers to meet the recovery time objective (RTO) of 36 hours. Instant recovery snapshots
must be maintained for at least 3 days and daily backup points must be maintained for 45 days. A
single recovery vault will be used to back up all VMs with a new backup policy being created
called SWBTL to ensure proper configurations. Finally, Tags must be used to help in identifying
resources belonging to each department.
B. Proposed Course Of Action
Based on the scenario I would choose the infrastructure-as-a-service model. The reasons
for choosing IaaS over PaaS or SaaS are based on the Company Overview. SWBTL needs to be
able to support operations with internally developed and vendor-provided software. These
custom applications must be supported by computing, storage, and network resources on
demand. Transitioning to an infrastructure-as-a-service model has many security benefits. One
benefit of using IaaS is the increase in performance. When using an IaaS technology, the
infrastructure will be provided and supported by the IaaS CSP. The IaaS provider will have an
SLA (Service Level Agreement) that both parties must agree to, to ensure that you are getting
what you are promised consistently. This will hold the CSP accountable and force them to give
the best performance possible. IaaS also is scalable which will also give SWBTL the ability to
scale to meet the demand of the business (Dataprise, 2023). There are also challenges of
transitioning to the cloud. Compatibility of existing infrastructure is one of them. Some
difficulties can arise when some systems come into contact so it's critical that an understanding
of possible compatibility problems are understood before. Another challenge is security and
