1
DGN2 TASK 1: Cloud Security Implementation Plan
Dorian Stanfield
D485
College of Information Technology, Western Governors University
Thursday, December 26, 2024
, 2
A. Executive Summary
SWBTL LLC is a national logistics company that is the process of migrating to Microsoft
Azure to improve server dependability, shrink costs, and address cybersecurity risks associated
with its physically leased data centers. Such sharp departure of this process adviser tasked with
overseeing this transition has interrupted the migration process. This interruption has exposed
significant flaws in the new cloud environment that ultimately fail to meet the company’s
regulatory and operational and regulatory requirements.
One area of initial concern pertains to compliance. For contract consistency with process
payment card transactions and the U.S. Government, SWBTL must comply and observe
guidelines of the Federal Information Security Modernization Act (FISMA) and the Payment
Card Industry Data Security Standard (PCI DSS). The present Azure implementation fails to
meet these standards. This compliance under sight leaves the company vulnerable to potential
breaches and regulatory penalties . Furthermore, the preset environment lacks proper role-based
access controls (RBAC). These controls are critical for limiting access to organizational
resources based on the principle of least privilege. This lapse in access control increases the risk
of unlawful access to sensitive data.
An additional area of concern is the non-existence of encryption for data in transit and
data at rest. The Azure instance omits utilization of encryption solutions such as Azure Disk
Encryption, Azure Key Vault, or transport-level encryption. These vacuums of these vital
security components leave the company’s data exposed to potential threats. Furthermore, there
are missing data availability configuration and defined backup policies in place to ensure data
availability in the event of a natural disaster or emergency. The absence of recovery objectives,
regular backups, and retention schedules poses a considerable risk to business continuity.
, 3
Lastly, vulnerability management within the cloud environment is insufficient. The
existing scans are dated, and the Azure infrastructure scope is vague. Without thorough and
recent vulnerability scans, the company is unable to identify and remediate potential threats
effectively.
SWBTL LLC must take immediate corrective action to correct these issues. These
remediations include deploying encryption for data at rest and in transit, updating vulnerability
scans to include the entirety of the Azure environment, implementation of a robust RBAC policy,
establishing compliance with FISMA and PCI DSS, and defining and enforcing backup and
recovery policies. Resolving these gaps are essential for the protection of the company’s
security posture, securing its data, and maintaining compliance with regulatory requirements.
B. Proposed Course of Action
The adoption of Microsoft’s Azure Government Infrastructure as a Service (IaaS) model.
recommended solution for SWBTL LLC. This FedRAMP and DoD Impact Level 5 (IL5)
authorized platform, approved by the Defense Information Systems Agency (DISA), provides
the necessary safeguards for security and compliance for the company’s operations. Azure
Government IaaS enables SWBTL to deploy and manage, custom application, virtual machines,
and multiple operating systems. All of this is buoyed by on-demand compute, storage, and
network resources. Furthermore, the model offers unified integration and scalability with the
company’s existing on-prem infrastructure, aligning with SWBTL’s compliance and operational
needs.
Compliance
DGN2 TASK 1: Cloud Security Implementation Plan
Dorian Stanfield
D485
College of Information Technology, Western Governors University
Thursday, December 26, 2024
, 2
A. Executive Summary
SWBTL LLC is a national logistics company that is the process of migrating to Microsoft
Azure to improve server dependability, shrink costs, and address cybersecurity risks associated
with its physically leased data centers. Such sharp departure of this process adviser tasked with
overseeing this transition has interrupted the migration process. This interruption has exposed
significant flaws in the new cloud environment that ultimately fail to meet the company’s
regulatory and operational and regulatory requirements.
One area of initial concern pertains to compliance. For contract consistency with process
payment card transactions and the U.S. Government, SWBTL must comply and observe
guidelines of the Federal Information Security Modernization Act (FISMA) and the Payment
Card Industry Data Security Standard (PCI DSS). The present Azure implementation fails to
meet these standards. This compliance under sight leaves the company vulnerable to potential
breaches and regulatory penalties . Furthermore, the preset environment lacks proper role-based
access controls (RBAC). These controls are critical for limiting access to organizational
resources based on the principle of least privilege. This lapse in access control increases the risk
of unlawful access to sensitive data.
An additional area of concern is the non-existence of encryption for data in transit and
data at rest. The Azure instance omits utilization of encryption solutions such as Azure Disk
Encryption, Azure Key Vault, or transport-level encryption. These vacuums of these vital
security components leave the company’s data exposed to potential threats. Furthermore, there
are missing data availability configuration and defined backup policies in place to ensure data
availability in the event of a natural disaster or emergency. The absence of recovery objectives,
regular backups, and retention schedules poses a considerable risk to business continuity.
, 3
Lastly, vulnerability management within the cloud environment is insufficient. The
existing scans are dated, and the Azure infrastructure scope is vague. Without thorough and
recent vulnerability scans, the company is unable to identify and remediate potential threats
effectively.
SWBTL LLC must take immediate corrective action to correct these issues. These
remediations include deploying encryption for data at rest and in transit, updating vulnerability
scans to include the entirety of the Azure environment, implementation of a robust RBAC policy,
establishing compliance with FISMA and PCI DSS, and defining and enforcing backup and
recovery policies. Resolving these gaps are essential for the protection of the company’s
security posture, securing its data, and maintaining compliance with regulatory requirements.
B. Proposed Course of Action
The adoption of Microsoft’s Azure Government Infrastructure as a Service (IaaS) model.
recommended solution for SWBTL LLC. This FedRAMP and DoD Impact Level 5 (IL5)
authorized platform, approved by the Defense Information Systems Agency (DISA), provides
the necessary safeguards for security and compliance for the company’s operations. Azure
Government IaaS enables SWBTL to deploy and manage, custom application, virtual machines,
and multiple operating systems. All of this is buoyed by on-demand compute, storage, and
network resources. Furthermore, the model offers unified integration and scalability with the
company’s existing on-prem infrastructure, aligning with SWBTL’s compliance and operational
needs.
Compliance
