Cloud Security Implementation Plan Company Overview and Requirements PAGE $1$Company Overview and RequirementsSWBTL LLC began as a local document and delivery service in $1977.$ The smallbusiness initially provided $24-7$ on$-$demand local shipping services via van, flatbed, and boxtruck. Over time, the company has grown due to innovative strategies and successfulacquisitions. SWBTL LLC now supports nationwide services and employs over $2,000$professionals.The organization leverages information technology to enable growth by supportingoperations with internally developed and vendor$-$provided software. All servers andapplications have been hosted in four leased data centers in the United States. SWBTL LLCdoes not own the data centers, and these leased data centers are beginning to constrainlogistics activities due to increasing fees, service interruptions, and cybersecurity concerns.Additionally, the company maintains contracts with the U$.$S$.$ government and processes cardtransactions daily, so it must comply with regulations such as the Federal InformationSecurity Modernization Act $($FISMA$)$ and the Payment Card Industry Data Security Standard$($PCI DSS$).$These factors, along with growing cybersecurity concerns related to regulatorycompliance and an upcoming NIST SP $800-53$ assessment, have rapidly forced SWBTL LLCto embrace the Microsoft Azure cloud environment. This provider was selected to supportlegacy authentication requirements, easily integrate with the existing Active Directorystructure, and ensure compatibility for internally developed software as the cloud transitiontakes place over the next several years. The organization requires a service model that willallow the deployment and control of multiple operating systems, virtual machines, andcustom applications that can be supported by compute, storage, and network resources ondemand. The initial roles migrating to the cloud environment include the marketing,accounting, and IT resource groups.The consultant responsible for the migrations became disgruntled and unexpectedlydeparted for another position. Since the departure, users have reported being able to viewdata and assets belonging to other teams throughout the company. IT administrators havebeen unable to verify file and system backups as required since the beginning of the cloudtransition. Also, vulnerability scanning boundaries have not been validated in more than twoyears and may not encompass the Azure instance.Senior leadership is concerned that the cloud instance may not comply withregulatory requirements, leaving systems vulnerable to exploitation by advanced persistentthreats or malicious actors. The chief information officer has created a list of prioritizedbusiness requirements and seeks to minimize risk and avoid cyberattacks that have plaguedsupply chain and logistics operations in recent months. All findings and mitigation actionsshould be presented to leadership upon completion.Business Requirements$1.$ Maintain compliance with applicable regulations and standards to support the successof federal contracts$\mathrm{.}2.$ The company should maintain the ability to provision, configure, and operate cloudvirtual servers as needed$\mathrm{.}3.$ The cloud instance should support the encryption of data$-$at$-$rest and data$-$in$-$transit inaccordance with industry standards and regulatory requirements.Cloud Security Implementation Plan Company Overview and RequirementsPAGE $24.$ Each migrating department $($Accounting$,$ Marketing, and IT$)$ should have its own AzureResource Group. Each group should only contain resources associated with therespective department$\mathrm{.}5.$ Each migrating department should have its own Azure Key Vault to help embrace theprinciple of least privilege$\mathrm{.}6.$ Access policies for all Microsoft Azure Key Vaults should be configured to allow KeyVault Contributor access for departmental users only. For example, the three userinstances for accounting should be the only users assigned to this role for theAccounting Key Vault$\mathrm{.}7.$ The IT department is responsible for performing and verifying backups$\mathrm{.}8.$ All cloud servers have a recovery point objective $($RPO$)$ of $1$ day. Standard backupsshould be conducted daily at $7$p$.$m$.$ Eastern Time $($ET$)$ on all servers to meet thecompanys recovery time objective $($RTO$)$ of $36$ hours$\mathrm{.}9.$ Instant recovery snapshots should be maintained for $3$ days, and the daily backup pointsmust be maintained for $45$ days$\mathrm{.}10.$ All virtual machines may be backed up using a single Recovery Vault, but a new backuppolicy named SWBTL should be created to ensure proper configurations$\mathrm{.}11.$ Tags can be used throughout the environment to identify resources belonging to each department.Your submission must be your original work. No more than a combined total of $30\%$ of the submission and no more than a $10\%$ match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.$$You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.$$Tasks may$$not$$be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments $($e$.$g$.,.$docx, $.$pdf$,.$ppt$).$A$.$Provide an executive summary of the companys current security environment based on the business requirements given in the Company Overview and Requirements document. $($An executive summary of the companys current security environment is provided and is in alignment with the business requirements given in the Company Overview and Requirements document.$)$B$.$Describe a proposed course of action for a secure Azure cloud solution for the company, based on the given scenario, and include the following in your description: $$ identification of the service model $$ applicable regulatory compliance directives $$ security benefits and challenges of transitioning to this service model$($The submission describes a proposed course of action for a secure Azure cloud solution for the company. The description includes$$all$3$ requirements and is in alignment with the given scenario.$)$C$.$Analyze the current state of role$-$based access controls in the cloud lab environment for the marketing, accounting, and IT resource groups$\mathrm{.}1.$Discuss$$three$$recommendations for role$-$based access controls that can be configured in alignment with the principle of least privilege based on the business requirements in the given scenario. $($The submission discusses $3$ recommendations for role$-$based access controls that can be configured in alignment with the principle of least privilege. The recommendations are in alignment with the business requirements in the given scenario and are accurate for$$each$$resource group listed.$)2.$Configure the role$-$based access controls in alignment with your given recommendations in part C$1$ and provide a screenshot for$$each$$of the updated configurations. The screenshots must be clear and show the full view of your screen, including the date and time. $($The configurations of role$-$based access controls are correctly completed in the cloud lab environment and are in alignment with the recommendations given in part C$1.$ Screenshots are provided for$$each$$updated configuration and are clear and show the full view of the screen, including the date and time.$)$D$.$Analyze the existing Azure Key Vaults in the cloud lab environment focusing on encrypting data in transit and data at rest for the marketing, accounting, and IT resource groups$\mathrm{.}1.$Implement$$two$$best practices for Azure Key Vaults applicable to the resource groups listed and in alignment with the given scenario, providing screenshots of your updated access policies for$$each$$group$.$ The screenshots must be clear and show the full view of your screen, including the date and time. $(2$ best practices for Azure Key Vaults are implemented in the lab environment. The practices implemented are applicable to the resource groups listed and are in alignment with the given scenario. Screenshots are provided of the updated access policies for$$each$$group and are clear and show the full view of the screen, including the date and time.$)2.$Explain$$two$$recommendations for how the key vaults can be used to encrypt$$both$$data at rest and data in transit. $($The submission accurately explains $2$ recommendations for how the key vaults can be used to encrypt$$both$$data at rest and data in transit.$)$E$.$Analyze the current state of file backups in the cloud lab environment for the company$\mathrm{.}1.$Configure$$two$$settings for file backups that are in alignment with the given scenario, providing screenshots of your updated configurations. The screenshots must be clear and show the full view of your screen, including the date and time. $($The configurations of $2$ settings for file backups are correctly completed in the cloud lab environment and are in alignment with the given scenario. Screenshots are provided for$$each$$updated configuration and are clear and show the full view of the screen, including the date and time.$)2.$Explain how the updated configurations from part E$1$ support the business requirements. $($The submission accurately explains how the updated configurations from part E$1$ support the business requirements.$)$F$.$Describe the division of security responsibilities between the company and the cloud service provider $($Azure$),$ including shared responsibilities if any, for the cloud service model you selected in part B$.($The submission accurately describes the division of security responsibilities between the company and the cloud service provider, including shared responsibilities if any, for the cloud service model selected in part B$.$ The description is in alignment with the given scenario and the cloud service model.$)1.$Discuss$$three$$risks assumed by the company for the cloud service model based on the shared responsibilities identified in part F and the level of impact$$each$$of the$$three$$risks may have on the companys use of cloud computing resources. $($The submission discusses $3$ risks assumed by the company for the cloud service model based on the shared responsibilities identified in part F and includes the level of impact$$each$$of the $3$ risks may have on the companys use of cloud computing resources.$)2.$Explain$$three$$recommendations to ensure compliance with the companys cloud security posture, and include a justification based on industry best practices for$$each$$recommendation$.($The submission explains $3$ relevant recommendations to ensure compliance with the companys cloud security posture and includes a justification based on industry best practices for$$each$$recommendation$.)$G$.$Explain$$three$$threats that have the potential to impact the companys updated cloud solution, and include in the explanation the threat mitigation countermeasures that could be used to minimize the impact of$$each$$threat$.($The submission accurately explains $3$ threats that have the potential to impact the companys updated cloud solution. The explanation includes relevant threat mitigation countermeasures that could be used to minimize the impact of$$each$$threat$.)$H$.$Acknowledge sources, using in$-$text citations and references, for content that is quoted, paraphrased, or summarized. $($The submission includes in$-$text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available.$)$I$.$Demonstrate professional communication in the content and presentation of your submission. $($Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.$)$File RestrictionsFile name may contain only letters, numbers, spaces, and these symbols: $!-\_.*\text{'}()$File size limit: $200$ MB$$