attachment_4.docx

Project 1, completing Steps 1-3 and proceeding with Steps 4-6. Regarding growth analysis in Step 2, remember about those extra 10% requested for new projects! This is on top of the business growth you predict. So, if you predict the growth of say 20% in a given year, the total budget should grow by 30%. In Step 4, you research and submit recommendations on security- and compliance polices to be applied when moving to the cloud. Remember these from CCA 610?

Step 4: Address Information Security and Compliance Issues

In this comic book panel, the student is at home, at breakfast table/drinking coffee, tv on in the background, newscaster reads: “Is your personal information at risk? Auditing firm finds major security flaws in popular cloud data storage system that could expose millions of customer accounts. More on this after the break…”. The student receives a text message on phone from Sophia that reads, “I need a list of the major security and compliance issues that the new policy is going to address.”

Information security and privacy are critical to the success of any IT deployment for the growth and viability of the business through a framework such as the confidentiality, availability, and integrity, known as the CIA triad.

Review

To review information on security and compliance issues:

· Network Security Design https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/network-security-design.html?ou=546565

· Application and Data Security https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/application-and-data-security.html?ou=546565

· Cloud and Network Security Issues https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/cloud-and-network-security-issues.html?ou=546565

· Data Compliance https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/data-compliance.html?ou=546565

· Cloud-Specific Compliance Issueshttps://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/cloud-specific-compliance-issues.html?ou=546565

· Frameworks for Analyzing Compliance Issues https://lti.umuc.edu/contentadaptor/page/topic?keyword=Frameworks%20for%20Analyzing%20Compliance%20Issues

BallotOnline must also keep its data compliant with regulatory policies and procedures.

In this step, consider the relevant information security and compliance issues related to the "cloud ready" application/workloads you have designated and define how they will be addressed in the policy addendum.

To make sure you are on the right track, Sophia has asked you for a list of the top information security and compliance-related issues related to the applications/workloads designated for migration and a note on how the policy addendum will address them. Security and Compliance-Related Policy Recommendations

In Step 5, you will come up with recommendations for cloud vendor selection and governance strategy, as per the template provided.

Step 5: Create Cloud Vendor Governance Strategy

This comic book panel shows an email from the student to Sophia. The subject of the email is “Quick update on cloud policy project. The body of the email reads, “I've finished going over the information security and compliance issues. I'm going to work on the cloud vendor governance strategy this week. I'm planning on making it vendor-neutral to give us the most flexibility to choose any existing or future cloud vendors.”

Review

There are numerous options available in the marketplace for cloud vendors, each with a unique set of offerings and services, including market leaders such as:

· Amazon AWS

· Microsoft Azure

· Google Cloud Platform

Since you considered information security and compliance issues in the previous step, it's time to create a  cloud vendor governance strategy 

https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/cloud-vendor-governance-strategy0.html?ou=546565 document using the  cloud vendor governance strategy template . https://digitalprinciples.org/wp-content/uploads/PDD_HowTo_SecureCloudData-v2.pdf

Your one- to two-page policy should include your strategy for evaluating cloud vendors, creating a cloud governance strategy, and detailing how to incorporate this strategy into BallotOnline's overall IT policies. Cloud Vendor Governance Strategy

Step 6 is about considering the impact all these recommended policies and strategies would have on the ways BallotOnline conducts its business and everyday IT operations (no submission, but save your thoughts for final Project 1 report).

Step 6: Perform an Impact Analysis

This Comic book panel shows three coworkers standing in the hallway. The student says to them, “Hey guys, I want to get your input. What are your top concerns about how moving to the cloud will affect your line of business?”

Cloud computing has an enormous impact on the way organizations conduct their business. Working in the cloud can bring business as well as IT operational efficiencies to an organization. While cloud promises these efficiencies, there can be hidden trade-offs associated as well. For example, some of those trade-offs could be control over the underlying infrastructure components (servers, switches, storage, etc.) or dependencies on the services offered by a specific cloud provider. Performing an impact analysis helps ensure that the requirements are completely understood.

A logical follow-up to consideration of your cloud vendor governance in the previous step will be to examine how the adoption of cloud may affect the existing business and technical practices of BallotOnline with a business and technical impact analysis. https://lti.umuc.edu/contentadaptor/page/topic?keyword=Business%20and%20Technical%20Impact%20Analysis

You will use this impact analysis in your final Cloud Adoption Policy Addendum, but you also need to consider a potential exit strategy should things not work out with the vendor. You'll look at that in the next step.

Step 7: Develop an Exit Strategy

In this comic book panel, Sophia says “The CIO mentioned that she is concerned about committing to a specific vendor without knowing if that vendor will be able to meet our needs over time.” The student responds with “I understand that concern. I'm working on the exit strategy for the policy document now.”

It also makes sense to consider what might happen to the organization if the cloud provider doesn't work out. This is covered in the policies and SLAs via the cloud exit strategy. https://lti.umuc.edu/contentadaptor/page/topic?keyword=Cloud%20Exit%20Strategy

The exit strategy should list possible business circumstances that may necessitate ending the relationship with the cloud service provider or vendor. Those circumstances could include the failure of the cloud service provider to meet performance requirements, possible security breaches, and matters concerning the cloud service provider's business viability. Geographic-specific compliance issues https://lti.umuc.edu/contentadaptor/page/topic?keyword=Geographic-Specific%20Compliance%20Issues should also be considered, especially since BallotOnline is an international organization.

Document your impact analysis and overall exit strategy, which should be between two and three pages. This impact analysis will be used for your final Cloud Adoption Addendum in the next step.

Step 8: Write the Final Policy Document Addendum

It is time to put everything together for the Cloud Adoption Policy Addendum. The addendum is designed to provide BallotOnline with a comprehensive IT policy that encompasses existing IT systems as well as their growth in the cloud infrastructure. The final document should be between eight and 10 pages.

At this point, you should have a better understanding of the cloud adoption strategy and how cloud adoption strategy differs from traditional IT adoption strategy. This knowledge differentiates you from a traditional IT professional and solidifies your standing in the ranks of cloud computing professionals. The accompanying Cloud Adoption Policy Addendum Template ( attachment CCA 630 Cloud Adoption Addendum Policy Template) can serve as a guide to make sure you have included all the elements. Complete your Cloud Adoption Policy Addendum and submit it via the dropbox below.

The Cloud Adoption Policy Addendum will enable you to consolidate the work that you have completed in the steps along with some additional elements (scope, executive summary, etc.) to create a comprehensive policy addendum. Sophia will present your work for approval at the executive meeting.

BallotOnline's updated IT policy, which includes your cloud addendum, is important. You will reuse it in subsequent CCA courses, so save it where you can find it.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

· 5.1: Evaluate the business IT needs of an organization.

· 5.2: Propose strategies the organization can employ using cloud solutions to enhance organizational effectiveness.

· 5.3: Evaluate cloud adoption as a viable solution based on cost benefits and desired outcomes.

· 5.4: Articulate insights to leadership on the appropriate course of direction on the identified IT business needs.

· 8.1: Assess liability issues associated with cloud adoption.

· 8.3: Assess management and operational risks associated with cloud.

· 9.1: Develop a plan for cloud implementation / migration.

· 9.3: Develop documentation (plans, policies, and procedures) to support a cloud operation.

· 11.7: Develop disaster recovery/business continuity plans.

· 11.8: Prepare contingency plans when changing cloud providers or closing down a cloud architecture.