The Cloud
Project 1, completing Steps 1-3 and proceeding with Steps 4-6. Regarding growth analysis in Step 2, remember about those extra 10% requested for new projects! This is on top of the business growth you predict. So, if you predict the growth of say 20% in a given year, the total budget should grow by 30%. In Step 4, you research and submit recommendations on security- and compliance polices to be applied when moving to the cloud. Remember these from CCA 610?
Step 4: Address Information Security and Compliance Issues
Information security and privacy are critical to the success of any IT deployment for the growth and viability of the business through a framework such as the confidentiality, availability, and integrity, known as the CIA triad.
Review
To review information on security and compliance issues:
· Network Security Design https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/network-security-design.html?ou=546565
· Application and Data Security https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/application-and-data-security.html?ou=546565
· Cloud and Network Security Issues https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/cloud-and-network-security-issues.html?ou=546565
· Data Compliance https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/data-compliance.html?ou=546565
· Cloud-Specific Compliance Issueshttps://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/cloud-specific-compliance-issues.html?ou=546565
· Frameworks for Analyzing Compliance Issues https://lti.umuc.edu/contentadaptor/page/topic?keyword=Frameworks%20for%20Analyzing%20Compliance%20Issues
BallotOnline must also keep its data compliant with regulatory policies and procedures.
In this step, consider the relevant information security and compliance issues related to the "cloud ready" application/workloads you have designated and define how they will be addressed in the policy addendum.
To make sure you are on the right track, Sophia has asked you for a list of the top information security and compliance-related issues related to the applications/workloads designated for migration and a note on how the policy addendum will address them. Security and Compliance-Related Policy Recommendations
In Step 5, you will come up with recommendations for cloud vendor selection and governance strategy, as per the template provided.
Step 5: Create Cloud Vendor Governance Strategy
Review
There are numerous options available in the marketplace for cloud vendors, each with a unique set of offerings and services, including market leaders such as:
Since you considered information security and compliance issues in the previous step, it's time to create a cloud vendor governance strategy
https://leocontent.umgc.edu/content/umuc/tgs/cca/cca630/2212/learning-topic-list/cloud-vendor-governance-strategy0.html?ou=546565 document using the cloud vendor governance strategy template . https://digitalprinciples.org/wp-content/uploads/PDD_HowTo_SecureCloudData-v2.pdf
Your one- to two-page policy should include your strategy for evaluating cloud vendors, creating a cloud governance strategy, and detailing how to incorporate this strategy into BallotOnline's overall IT policies. Cloud Vendor Governance Strategy
Step 6 is about considering the impact all these recommended policies and strategies would have on the ways BallotOnline conducts its business and everyday IT operations (no submission, but save your thoughts for final Project 1 report).
Step 6: Perform an Impact Analysis
Cloud computing has an enormous impact on the way organizations conduct their business. Working in the cloud can bring business as well as IT operational efficiencies to an organization. While cloud promises these efficiencies, there can be hidden trade-offs associated as well. For example, some of those trade-offs could be control over the underlying infrastructure components (servers, switches, storage, etc.) or dependencies on the services offered by a specific cloud provider. Performing an impact analysis helps ensure that the requirements are completely understood.
A logical follow-up to consideration of your cloud vendor governance in the previous step will be to examine how the adoption of cloud may affect the existing business and technical practices of BallotOnline with a business and technical impact analysis. https://lti.umuc.edu/contentadaptor/page/topic?keyword=Business%20and%20Technical%20Impact%20Analysis
You will use this impact analysis in your final Cloud Adoption Policy Addendum, but you also need to consider a potential exit strategy should things not work out with the vendor. You'll look at that in the next step.
Step 7: Develop an Exit Strategy
It also makes sense to consider what might happen to the organization if the cloud provider doesn't work out. This is covered in the policies and SLAs via the cloud exit strategy. https://lti.umuc.edu/contentadaptor/page/topic?keyword=Cloud%20Exit%20Strategy
The exit strategy should list possible business circumstances that may necessitate ending the relationship with the cloud service provider or vendor. Those circumstances could include the failure of the cloud service provider to meet performance requirements, possible security breaches, and matters concerning the cloud service provider's business viability. Geographic-specific compliance issues https://lti.umuc.edu/contentadaptor/page/topic?keyword=Geographic-Specific%20Compliance%20Issues should also be considered, especially since BallotOnline is an international organization.
Document your impact analysis and overall exit strategy, which should be between two and three pages. This impact analysis will be used for your final Cloud Adoption Addendum in the next step.
Step 8: Write the Final Policy Document Addendum
It is time to put everything together for the Cloud Adoption Policy Addendum. The addendum is designed to provide BallotOnline with a comprehensive IT policy that encompasses existing IT systems as well as their growth in the cloud infrastructure. The final document should be between eight and 10 pages.
At this point, you should have a better understanding of the cloud adoption strategy and how cloud adoption strategy differs from traditional IT adoption strategy. This knowledge differentiates you from a traditional IT professional and solidifies your standing in the ranks of cloud computing professionals. The accompanying Cloud Adoption Policy Addendum Template ( attachment CCA 630 Cloud Adoption Addendum Policy Template) can serve as a guide to make sure you have included all the elements. Complete your Cloud Adoption Policy Addendum and submit it via the dropbox below.
The Cloud Adoption Policy Addendum will enable you to consolidate the work that you have completed in the steps along with some additional elements (scope, executive summary, etc.) to create a comprehensive policy addendum. Sophia will present your work for approval at the executive meeting.
BallotOnline's updated IT policy, which includes your cloud addendum, is important. You will reuse it in subsequent CCA courses, so save it where you can find it.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
· 5.1: Evaluate the business IT needs of an organization.
· 5.2: Propose strategies the organization can employ using cloud solutions to enhance organizational effectiveness.
· 5.3: Evaluate cloud adoption as a viable solution based on cost benefits and desired outcomes.
· 5.4: Articulate insights to leadership on the appropriate course of direction on the identified IT business needs.
· 8.1: Assess liability issues associated with cloud adoption.
· 8.3: Assess management and operational risks associated with cloud.
· 9.1: Develop a plan for cloud implementation / migration.
· 9.3: Develop documentation (plans, policies, and procedures) to support a cloud operation.
· 11.7: Develop disaster recovery/business continuity plans.
· 11.8: Prepare contingency plans when changing cloud providers or closing down a cloud architecture.