Write the Final Policy Document Addendum

List of Cloud Ready Items

The proposed ready items for cloud implementation include the applications as well as the workloads defined. The applications include Software as Service (SaaS) such as Atlassian, Zoom, Salesforce and Infrastructure as a Service (IaaS). The workloads for this implementation take the agile software development lifecycle steps for the implementation of the cloud services (Yazdanmehr et al., 2020). These are discussed in more details under ‘Identification and Analysis of Application’ section.

Updated Service-Level Agreement (SLA)

The updated SLA details is as shown below;

SLA Introduction:

This is a Service Level Agreement (SLA) between BallotOnline organization and Amazon Web Services (AWS). This document identifies the services required and the expected level of services between 20/06/2021 to 05/08/2021.

Subject to review and renewal scheduled by 10/08/2021.

Signatories:

Peter Wells Patrick Riton

P.W P.R

C.EO C.E.O

BallotOnline AWS.

Definitions, Conventions, Acronyms and Abbreviations:

Purpose:

· Requirements for SaaS service that will be provisioned to BallotOnline

· Agreed service targets

· Criteria for target fulfilment evaluation

· Roles and responsibilities of AWS

· Duration, Scope and Renewal of this SLA contract

· Supporting processes, limitations, exclusions and deviations.

Contractual Parameters

· BallotOnline must seek contract renewal at least 30 days before the agreement's expiration date.

· Both signing parties must agree to any changes, revisions, extension, or early termination of this SLA.

· For early termination of this SLA, BallotOnline needs a minimum of 60 days' notice.

Service Agreement

Include the following components;

KPIs and Metrics

While key performance indicators (KPIs) as well as other associated measures may and should be used to enforce your SLA, they do not always result in the preferred result for the client.

Service Levels, Rankings and Priority

Service Response

Service Management

Focuses on service availability to ensure that the cloud services are always accessible when required by the legit system systems.

The AWS's coverage as defined in this agreement follows the timetable below:

i. On-site assistance is available Monday through Friday, 9:00 a.m. to 6:00 p.m., between March 1, 2021 and December 25, 2021.

ii. As stated in service level section of this agreement, phone support is available 24 hours a day, seven days a week.

iii. As stated in Section 3.2 of this agreement, email support is available 24 hours a day, seven days a week.

Identification and Analysis of Application

It is also important to identify and analyze the applications, the workload tiering as well as classification with an aim of implementing cloud suitability based on the performance, capacity and availability requirements of the proposed applications and workloads.

Some of the useful applications in this project include

i. Software as Service (SaaS). A good example of SaaS application is Atlassian. It creates software as a service (SaaS) that helps organizations of all sizes, from tiny enterprises to large corporations, improve workflow across departments and better coordinate colleagues to achieve common goals (Koohang et al., 2020).

ii. Zoom. It is used for communication between departments and outside the organization.

iii. Salesforce. Salesforce is a customer relationship management (CRM) software that assists organizations in managing client relationships and generating sales leads.

iv. Infrastructure as a Service (IaaS). Infrastructure-as-a-Service (IaaS) is a virtualized computer infrastructure that is completely controlled through the Internet. IaaS is commonly used for a variety of purposes, including as a testing environment for app development, a website host, and even a platform for big data analytics.

The workload tiering involves the following steps;

i. Planning

ii. Requirements

iii. Designing

iv. Development and implementation

v. Deployment

vi. Maintenance

Information Security and Compliance Issues

Cloud technology implementation is faced with a number of security concerns as well as compliance related issues. Some of the key concerns include; acceptable latency range, required data storage capacity, Ethernet-based protocols, architecture of the application among many others.

Some of the IT security issues that are likely to face the organization include the following;

i. Ransomware. This type of malware infiltrates an organization's system, encrypts vital data, and afterwards demands payment for the decryption key.

ii. Phishing. It usually takes the form of a fraudulent email. The sender begs for something while posing as a coworker, a business partner, a friend, or an acquittance (Sommestad et al., 2017). Because the sender appears to be someone you know, you are unlikely to suspect anything and would gladly hand them anything they need.

iii. Brute force attacks. This attack relies on the culprit guessing several password combinations till they find the correct one. The more permutations a hacker must test, the longer your password is.

iv. Social engineering. People in your business are psychologically manipulated into revealing private information or executing certain activities as a result of social engineering assaults.

Compliance issues include;

i. Poor Data Loss Prevention (DLP)

ii. Inadequate implementation

iii. Lack of adequate encryption

Cloud Items Classification and Implementation

Whenever migrating to the cloud, an enterprise must analyze its present workloads and applications and workloads to identify what would be transferred to the cloud, which applications will be redesigned, and which workloads and applications and will be kept in the code base (Kim et al., 2019). The applications and tasks to be implemented in this project are labelled to identify which ones are ready or not ready for implementation. If an application or task is labeled "cloud ready," it indicates that it is suitable for cloud deployment.

The following are some of the categorization criteria considered in this implementation:

i. Security. The proposed applications and workloads need to be protected from unauthorized third parties.

ii. Cost. The cost of managing the proposed applications and workloads need to be affordable to the organization.

iii. Performance. The proposed applications and workload need to perform optimally for increased output.

iv. Availability Requirements. The requested data need to be available always to the legit users any time.

v. Legal compliance. The proposed applications and workloads need to comply to the organization as well as well regional rules and regulations. It should also follow the industry standard such as HIPPA, IEEE among other regulations.

References

Kim, H. L., Choi, H. S., & Han, J. (2019). Leader power and employees’ information security policy compliance. Security Journal, 32(4), 391-409.

Koohang, A., Nowak, A., Paliszkiewicz, J., & Nord, J. H. (2020). Information security policy compliance: leadership, trust, role values, and awareness. Journal of Computer Information Systems, 60(1), 1-8.

Sommestad, T., Karlzén, H., & Hallberg, J. (2017). The theory of planned behavior and information security policy compliance. Journal of Computer Information Systems.

Yazdanmehr, A., Wang, J., & Yang, Z. (2020). Peers matter: The moderating role of social influence on information security policy compliance. Information Systems Journal, 30(5), 791-844.

Christopher Weaver 1

10