ITC561 Cloud Basics and Technology - Assessment item 4 - Risk, Security and Management

Task

Read the DTGOV Case Study before you attempt this assignment

A chief strategic objective of the standardisation of DTGOV’s service portfolio is to achieve increased levels of cost-effectiveness and operational optimisation.

DTGOV is considering the following strategic proposal:

  • They plan to retain one (1) of their three (3) data centres solely for data storage. This would entail updating their Active Directory and data storage infrastructure, and moving all other infrastructure into the Cloud.
  • They plan to initially move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees. This would entail changing their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and Cloud Edge capability and monitoring).
  • They also plan to migrate their LoB (Line of Business) applications to Public Cloud infrastructure to increase their flexibility and availability.

The DTGOV Board is contemplating this strategy as a way to increase the company’s flexibility and responsiveness. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by eventually closing the other two (2) existing data centres. They appreciate that this would entail retraining for their existing ICT staff so that they can manage the new Cloud based infrastructure.

DTGOV has again approached you to advise them on this strategy. You have previously advised DTGOV that this strategic approach will mean that they will need to ultimately design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud.

DTGOV also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. You will be required to organise, run and facilitate this workshop.

The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.

Tasks

Your team has been engaged to provide a report for DTGOV in their planned move to a Hybrid Cloud strategy.

Team Setup

This assignment is a team assignment. The rationale for using a team approach is that most IT risk management assessments are normally done by teams of between 2-5 Architects, Information Security experts, Operations and Business leaders for each problem. You will be assigned to a team and the team, as a whole, will be responsible for the development of the risk assessment.

Team Member Responsibilities

Each team member will be assessed on:

  • The final risk assessment presented by the team;
  • The individual contributions that they have made to the risk assessment. This will be shown by the entries that they have made in the Team forum;
  • Team members should note that:

A total of 20% of the total marks for this assignment are for individual contributions to the team task;

A team member without any individual contributions in the Team Forum will be regarded as having not contributed to the risk assessment. This will result in either reduced marks or no marks being awarded to that team member for this assignment.

The tasks:

The team’s task is to prepare a report for DTGOV that discusses the following:

  1. Describe which Cloud architectures you would employ to assist DTGOV to meet the Board’s strategy?
    1. Describe each of the architectures that you would use, along with your reasons for deploying it. (10 marks)
    2. Describe the benefits and issues that would be the result of your deployment of these architectures. (10 marks)
  2. Describe the risks that you see associated with this new Hybrid Cloud and Microservices strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This should be presented in a tabular form. (20 marks)
  3. Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud. You will need to explain to the Board your reasons for recommending these particular security steps. (20 marks)
  4. Discuss briefly what you would recommend should be included in DTGOV's BCP as a result of their adoption of a Hybrid Cloud and Microservices approach. You will need to consider, as a minimum, the issues of application resilience, backup and disaster recovery in a Hybrid Cloud environment. This section should be no more than 2 pages. (10 marks)
  5. Discuss the requirements that DTGOV will need to consider in order to conduct remote server administration, resource management and SLA management for its proposed IaaS and PaaS instances (it may be useful to consider Morad and Dalbhanjan’s operational checklists for this section). This section should be no more than two to three pages in length. (10 marks)

Rationale

Subject learning outcomes

This assessment task will assess the following learning outcome/s:

  • be able to compare and evaluate the ability of different cloud computing architectures to meet a set of given business requirements.
  • be able to evaluate a set of business requirements to determine suitability for a cloud computing delivery model.
  • be able to identify and design an ICT Risk Management strategy for a cloud computing delivery plan to meet business requirements.
  • be able to critically analyse business requirements to plan a migration to a cloud model.
  • be able to compare and critique Service Level Agreements (SLA) that meet the business requirements for a cloud computing plan
Order Now