WGU D485 DGN2 TASK 1 Cloud Security Implementation Plan Latest Update with Complete
Assignment Answers
WGU D485 DGN2 TASK 1 Cloud Security
Implementation Plan Latest Update with
Complete Assignment Answers
,WGU D485 DGN2 TASK 1 Cloud Security Implementation Plan Latest Update with Complete
Assignment Answers
D485 Cloud Security
DGN2 Task1: Cloud Security Implementation Plan
September 9, 2024
A. Executive Summary
SWBTL LLC, a nationwide logistics company, is transitioning to Microsoft’s Azure cloud
environment due to costs, poor server availability, and cybersecurity concerns with its leased
data centers. The consultant hired to start and finish the migration abruptly quit, leading to
serious concern about the migration process. SWBTL's main concerns are:
• Compliance.
• Encryption of data at rest and in transit.
• Proper role-based access controls.
• The integrity of the backup and recovery systems.
SWBTL is also concerned that the cloud instance may not comply with regulatory compliance,
leaving the company vulnerable to exploitation by nation-state actors or cybercriminals. The
company must comply with the Federal Information Security Modernization Act (FISMA) and
the Payment Card Industry Data Security Standard (PCI DSS) to continue servicing its contracts.
This includes contracts with the United States Government (USG). An immediate action plan is
needed to mitigate risks and ensure the company's security posture aligns with industry
regulations and laws.
B. Proposed Azure Cloud Solution
The recommended service model for SWBTL LLC consists of implementing Microsoft's Azure
Government Infrastructure as a Service (IaaS) solution. This solution provides the company with
a Federal Risk and Authorization Management Program (FedRAMP) authorized product that is
also Department of Defense (DoD) Impact Level (IL) 5 authorized, which was approved by the
Defense Information Systems Agency (DISA). This model allows for the deployment and
control of multiple operating systems, virtual machines, and custom applications supported by
computer storage and network resources on demand. IaaS also supports on-demand scalability
and integration with existing Active Directory infrastructure.
Regulatory Compliance:
SWBTL must comply with FISMA and PCI DSS. FISMA requires federal agencies and
contractors to maintain strong cybersecurity practices, including continuous monitoring and
secure information handling. PCI DSS focuses on securing payment card information, mandating
encryption, access control, and regular vulnerability assessments.
, WGU D485 DGN2 TASK 1 Cloud Security Implementation Plan Latest Update with Complete
Assignment Answers
Security Benefits and Challenges:
Benefits:
Transitioning to Azure's Government IaaS offers the following benefits.
• Enhanced scalability.
• Built-in encryption tools.
• Azure’s compliance features
• Azure security tools such as Security Center and Key Vault
• Encryption Management
Challenges:
The primary challenges include the following.
• Managing access control to prevent internal data breaches.
• Ensuring proper encryption policies are applied across departments.
• Ensuring daily backup and recovery policies align with business objectives.
• Misconfigured security controls.
C. Role-Based Access Controls (RBAC)
RBAC Configuration:
1. Separation of Resource Groups: Each department—Marketing, Accounting, and IT—
should have its own Azure Resource Group. Access should be restricted to departmental
resources only, preventing cross-department data visibility.
2. Principle of Least Privilege: RBAC should be aligned so only department users can
access their resources. For example, only accounting users should have "Key Vault
Contributor" access to the Accounting Key Vault.
3. Scoped Administrative Access: Administrative roles should be clearly defined and
scoped to prevent excessive permissions across departments. For instance, marketing
administrators should not have access to IT systems.
The following screenshots show the steps to configure RBAC for the IT, Accounting, and
Marketing departments. I have streamlined the last two departments, showing the completed
configuration to shorten this document.
Assignment Answers
WGU D485 DGN2 TASK 1 Cloud Security
Implementation Plan Latest Update with
Complete Assignment Answers
,WGU D485 DGN2 TASK 1 Cloud Security Implementation Plan Latest Update with Complete
Assignment Answers
D485 Cloud Security
DGN2 Task1: Cloud Security Implementation Plan
September 9, 2024
A. Executive Summary
SWBTL LLC, a nationwide logistics company, is transitioning to Microsoft’s Azure cloud
environment due to costs, poor server availability, and cybersecurity concerns with its leased
data centers. The consultant hired to start and finish the migration abruptly quit, leading to
serious concern about the migration process. SWBTL's main concerns are:
• Compliance.
• Encryption of data at rest and in transit.
• Proper role-based access controls.
• The integrity of the backup and recovery systems.
SWBTL is also concerned that the cloud instance may not comply with regulatory compliance,
leaving the company vulnerable to exploitation by nation-state actors or cybercriminals. The
company must comply with the Federal Information Security Modernization Act (FISMA) and
the Payment Card Industry Data Security Standard (PCI DSS) to continue servicing its contracts.
This includes contracts with the United States Government (USG). An immediate action plan is
needed to mitigate risks and ensure the company's security posture aligns with industry
regulations and laws.
B. Proposed Azure Cloud Solution
The recommended service model for SWBTL LLC consists of implementing Microsoft's Azure
Government Infrastructure as a Service (IaaS) solution. This solution provides the company with
a Federal Risk and Authorization Management Program (FedRAMP) authorized product that is
also Department of Defense (DoD) Impact Level (IL) 5 authorized, which was approved by the
Defense Information Systems Agency (DISA). This model allows for the deployment and
control of multiple operating systems, virtual machines, and custom applications supported by
computer storage and network resources on demand. IaaS also supports on-demand scalability
and integration with existing Active Directory infrastructure.
Regulatory Compliance:
SWBTL must comply with FISMA and PCI DSS. FISMA requires federal agencies and
contractors to maintain strong cybersecurity practices, including continuous monitoring and
secure information handling. PCI DSS focuses on securing payment card information, mandating
encryption, access control, and regular vulnerability assessments.
, WGU D485 DGN2 TASK 1 Cloud Security Implementation Plan Latest Update with Complete
Assignment Answers
Security Benefits and Challenges:
Benefits:
Transitioning to Azure's Government IaaS offers the following benefits.
• Enhanced scalability.
• Built-in encryption tools.
• Azure’s compliance features
• Azure security tools such as Security Center and Key Vault
• Encryption Management
Challenges:
The primary challenges include the following.
• Managing access control to prevent internal data breaches.
• Ensuring proper encryption policies are applied across departments.
• Ensuring daily backup and recovery policies align with business objectives.
• Misconfigured security controls.
C. Role-Based Access Controls (RBAC)
RBAC Configuration:
1. Separation of Resource Groups: Each department—Marketing, Accounting, and IT—
should have its own Azure Resource Group. Access should be restricted to departmental
resources only, preventing cross-department data visibility.
2. Principle of Least Privilege: RBAC should be aligned so only department users can
access their resources. For example, only accounting users should have "Key Vault
Contributor" access to the Accounting Key Vault.
3. Scoped Administrative Access: Administrative roles should be clearly defined and
scoped to prevent excessive permissions across departments. For instance, marketing
administrators should not have access to IT systems.
The following screenshots show the steps to configure RBAC for the IT, Accounting, and
Marketing departments. I have streamlined the last two departments, showing the completed
configuration to shorten this document.
