1
WGU D486 DGN2 TASK 1: Cloud Security Implementation Plan| Performance
Assessment 2025 Update with complete solution
DGN2 TASK 1: Cloud Security Implementation Plan
Mike Turner
College of Information Technology, Western Governors University
December 10, 2024
, 2
Cloud Security Implementation Plan
A. Executive Summary
SWBTL LLC started as a local delivery service that has grown to support nationwide delivery
services with over 2,000 professionals in its company; due to the growth in business and the
increasing cost of data centers, the company is migrating to Microsoft Azure Cloud services.
Based on SWBTL's current security posture and risk profile, significant compliance and
regulatory requirements are needed to resume business operations. They are as follows:
• Compliance with regulation (FISMA, PCI-DSS, NIST SP 800-53)
• Role-Based Access Controls (RBAC)
• Encryption of Data-at-Rest and Data-in-Transit
• Backup and Recovery Plan
• Vulnerability Scans
SWBTL Senior leadership has significant concerns with the cloud regarding compliance
requirements, and the CIO composing the list above to avoid cyberattacks displays essential risk
factors and vulnerabilities the company may suffer from if an attack happens.
B. Proposed Course Of Action
• Service Model. Microsoft Azure's Infrastructure as a Service (IaaS) is the
recommended service model for the organization based on its business requirements. The
first requirement is the organization's need for complete control over its infrastructure,
including OS and virtual machines, storage, network resources, and custom applications.
Another requirement was the ability of their legacy authentication system to integrate
with the existing Active Directory. SWBTL's partnership with the government allows
them to utilize Microsoft Azure Government IaaS. Azure IaaS ensures compliance with
essential regulatory standards for their business operations, including FedRAMP (Federal
Risk and Authorization Management Program).
• Regulatory Compliance Directives. The regulatory and compliance
requirements that SWBTL must comply with due to their contracts with the U.S.
Government, handling of customer credit card information, and migration to Azure
Government IaaS include strict adherence to relevant government and industry standards
is;
• Federal Risk and Authorization Management Program (FedRAMP).
Government business operations in cloud services.
• Department of Defense (DoD) Impact Level 5 (IL5). A security requirement for
cloud services that process and store sensation but unclassified information.
• Defense Information Security Agency (DISA). Secure communication services for
government agencies within cloud computing.
, 3
• Security Requirements Guide (SRG). Guidelines and security controls created by
DISA to make sure cloud services used by DoD are compliant and meet security and
performance needs.
• Payment Card Industry Data Security Standard (PCI-DSS). Security standards
for businesses that use credit card information.
• Federal Information Security Modernization Act (FISMA). Ensure
Confidentiality, Integrity, and Availability of federal data.
• Benefits and Challenges of Transitioning to Azure IaaS
• Benefits of transitioning to Azure IaaS
▪ Scalability. SWBTL will be able to adjust on-demand to the needs of their
business, considering how rapidly it has grown.
▪ Compliance. Transiting to Azure's Government IaaS will ensure the business
complies with industry regulations.
▪ Flexibility. Deploy and manage OS, VMs, and applications without
underlying hardware.
▪ Cost Efficient. Cost management: pay for what you use.
▪ Encryption Services. Managing encryption such as key vault for data-at-rest
and data-in-transit.
▪ RBAC. Ability to manage roles and access management to resources.
• Challenges of transiting to Azure IaaS
▪ Compatibility Issues. Migrating legacy applications that may need to be
replaced or discontinued.
▪ Business Continuity. Transferring large amounts of data may lead to
downtime, which may lead to downtime in business operations.
▪ Security Controls. A misconfiguration of access controls may be an issue if
not preplanned.
▪ Lack of training. Existing users may need more training for the required task,
which can affect the CIA's business operations.
C. Role-Based Access Control Recommendations
1. RBAC for Business Requirements
• Resource Groups. Resource groups allow each department to have allotted resources
only assigned and accessed by the users of that department. Implementing this will allow
other departments to access resources that don't pertain to them.
• Scope. When defining the scope, it sets a specific access area for users within their
RBAC, limiting the access more. For example if a user is tasked with password policies
then the admin privileges will be set for that specific task and no other.
• Roles. Assigning users roles will grant them permission to manage, create, and delete
tasks. Implementing these roles is important because you want to limit who has what
roles within the resource groups and the business.
WGU D486 DGN2 TASK 1: Cloud Security Implementation Plan| Performance
Assessment 2025 Update with complete solution
DGN2 TASK 1: Cloud Security Implementation Plan
Mike Turner
College of Information Technology, Western Governors University
December 10, 2024
, 2
Cloud Security Implementation Plan
A. Executive Summary
SWBTL LLC started as a local delivery service that has grown to support nationwide delivery
services with over 2,000 professionals in its company; due to the growth in business and the
increasing cost of data centers, the company is migrating to Microsoft Azure Cloud services.
Based on SWBTL's current security posture and risk profile, significant compliance and
regulatory requirements are needed to resume business operations. They are as follows:
• Compliance with regulation (FISMA, PCI-DSS, NIST SP 800-53)
• Role-Based Access Controls (RBAC)
• Encryption of Data-at-Rest and Data-in-Transit
• Backup and Recovery Plan
• Vulnerability Scans
SWBTL Senior leadership has significant concerns with the cloud regarding compliance
requirements, and the CIO composing the list above to avoid cyberattacks displays essential risk
factors and vulnerabilities the company may suffer from if an attack happens.
B. Proposed Course Of Action
• Service Model. Microsoft Azure's Infrastructure as a Service (IaaS) is the
recommended service model for the organization based on its business requirements. The
first requirement is the organization's need for complete control over its infrastructure,
including OS and virtual machines, storage, network resources, and custom applications.
Another requirement was the ability of their legacy authentication system to integrate
with the existing Active Directory. SWBTL's partnership with the government allows
them to utilize Microsoft Azure Government IaaS. Azure IaaS ensures compliance with
essential regulatory standards for their business operations, including FedRAMP (Federal
Risk and Authorization Management Program).
• Regulatory Compliance Directives. The regulatory and compliance
requirements that SWBTL must comply with due to their contracts with the U.S.
Government, handling of customer credit card information, and migration to Azure
Government IaaS include strict adherence to relevant government and industry standards
is;
• Federal Risk and Authorization Management Program (FedRAMP).
Government business operations in cloud services.
• Department of Defense (DoD) Impact Level 5 (IL5). A security requirement for
cloud services that process and store sensation but unclassified information.
• Defense Information Security Agency (DISA). Secure communication services for
government agencies within cloud computing.
, 3
• Security Requirements Guide (SRG). Guidelines and security controls created by
DISA to make sure cloud services used by DoD are compliant and meet security and
performance needs.
• Payment Card Industry Data Security Standard (PCI-DSS). Security standards
for businesses that use credit card information.
• Federal Information Security Modernization Act (FISMA). Ensure
Confidentiality, Integrity, and Availability of federal data.
• Benefits and Challenges of Transitioning to Azure IaaS
• Benefits of transitioning to Azure IaaS
▪ Scalability. SWBTL will be able to adjust on-demand to the needs of their
business, considering how rapidly it has grown.
▪ Compliance. Transiting to Azure's Government IaaS will ensure the business
complies with industry regulations.
▪ Flexibility. Deploy and manage OS, VMs, and applications without
underlying hardware.
▪ Cost Efficient. Cost management: pay for what you use.
▪ Encryption Services. Managing encryption such as key vault for data-at-rest
and data-in-transit.
▪ RBAC. Ability to manage roles and access management to resources.
• Challenges of transiting to Azure IaaS
▪ Compatibility Issues. Migrating legacy applications that may need to be
replaced or discontinued.
▪ Business Continuity. Transferring large amounts of data may lead to
downtime, which may lead to downtime in business operations.
▪ Security Controls. A misconfiguration of access controls may be an issue if
not preplanned.
▪ Lack of training. Existing users may need more training for the required task,
which can affect the CIA's business operations.
C. Role-Based Access Control Recommendations
1. RBAC for Business Requirements
• Resource Groups. Resource groups allow each department to have allotted resources
only assigned and accessed by the users of that department. Implementing this will allow
other departments to access resources that don't pertain to them.
• Scope. When defining the scope, it sets a specific access area for users within their
RBAC, limiting the access more. For example if a user is tasked with password policies
then the admin privileges will be set for that specific task and no other.
• Roles. Assigning users roles will grant them permission to manage, create, and delete
tasks. Implementing these roles is important because you want to limit who has what
roles within the resource groups and the business.
