Assessment item 3
Security Management and Migration
Due date: 25-Sep-2017
Return date: 18-Oct-2017
Submission method options
Alternative submission method
Webb’s Stores is a successful regional retailer that operates stores in Australia and also in New Zealand. Webb’s sell a range of food stuffs as well as some speciality items. The company has two main data centres, one located in Sydney and the other in Melbourne. It also has a number of regional data centres located in Wagga, Bathurst, Port Macquarie, Brisbane and Auckland in New Zealand.
Webb’s Stores has engaged you as a consultant to advise them on the use of Cloud Computing in their daily operations. They have some 600 sales staff that work in their stores and 200 staff that work in their two main warehouses in Sydney and Melbourne. Webb’s have been facing increasing issues with application and operational complexity and the management of their data. They have been advised that a move to using a Cloud based infrastructure would be an advantage to them.
Webb’s are considering the following:
- They are considering a plan to close their Auckland data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Cloud. If this migration is successful, then this could be a first step in the eventual migration of all Webb’s services to the cloud.
- They are concerned at the increasing costs of LTO 6 tapes that are being used for their backup of mission critical data. They are also concerned at the cost of off-site storage of these tapes, but they are really concerned at the time it is taking to complete a full backup of their databases and other critical data.
Webb’s Board is contemplating this strategy as a way to increase the company’s flexibility and responsiveness. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing their Auckland data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.
Webb’s has again approached you to advise them on this strategy. You have already advised Webb’s that this strategic approach will mean that they will need to design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud.
Webb’s also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. You will be required to organise, run and facilitate this workshop.
The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.
Your task is to prepare a report for Webb’s Board that discusses the following:
- Webb’s have decided to migrate their MS SQL Server 2012 R2 database to an IaaS instance in the cloud.
- Describe the type of security that you would deploy to protect this mission critical database once it is moved to an IaaS instance in a public cloud.
- Describe the benefits and issues that would be the result of your deployment of these security measures.
- What are the risks associated with migrating this mission critical database to the cloud? You should name and describe each risk that you identify that applies to:
- The database
- The IaaS infrastructure
- The communications between Webb’s and their IaaS database in the cloud
- Webb’s is considering the use of the Cloud for backup and possibly also for archival of records.
- What are the risks and issues associated with backing up data to the cloud? You should name and describe each risk that you identify that applies to:
- Backing up data to the Cloud
- Storage of data in the Cloud
iii. Retrieval of data from the cloud.
- How does Webb’s use of a Cloud backup affect their DR plans? Describe how you see that their backup and restore strategy will change as a result of this service.
- How should Webb’s protect access to these services that they are now moving to the Cloud? Describe what you would recommend to Webb’s Board to protect access to:
- Their IaaS infrastructure,
- Their Ms SQL Server 2012 R2 cloud instance,
- Their Cloud network infrastructure
- Their Cloud backup and restore infrastructure
This assessment will cover the following objectives:
- Be able to compare and evaluate the ability of different Cloud Computing Architectures to meet a set of given business requirements;
- Be able to evaluate a set of business requirements to determine suitability for a Cloud Computing delivery model;
- Be able to evaluate and design an ICT Risk Management strategy for a Cloud Computing Delivery plan to meet business requirements;
- Be able to interpret, evaluate and plan the Governance and Security requirements for a Cloud Computing delivery plan;
- Be able to analyse and evaluate business requirements to plan a migration to a Cloud model;
|Information security||Clear comprehensive assessment of InfoSec issues, critical points identified and discussed.||Detailed assessment of InfoSec issues, most critical points identified and discussed.||Good assessment of InfoSec issues, many critical points identified and discussed.||Adequate assessment of InfoSec issues, some critical points identified and discussed.||Inadequate assessment of InfoSec issues, few or no critical points identified and discussed.|
|Migration Risk Management||Clear, comprehensive description of Risk Management issues, critical points identified & discussed.||Detailed description of Risk Management issues, most critical points identified & discussed.||Good description of Risk Management issues, many critical points identified & discussed.||Adequate description of Risk Management issues, some critical points identified & discussed.||Inadequate description of Risk Management issues, few or no critical points identified & discussed.|
|Backup Risk Management||Clear, comprehensive description of backup and DR plan, all critical points identified & discussed.||Detailed description of backup and DR plan, most critical points identified & discussed.||Good description of backup and DR plan, many critical points identified & discussed.||Adequate description of backup and DR plan, some critical points identified & discussed.||Inadequate description of backup and DR plan, few or no critical points identified & discussed.|
|Access Management||Clear and comprehensive description of protecting IaaS infrastructure, server and backup and restore infrastructure, and all critical points identified & discussed.
|Detailed description of protecting IaaS infrastructure, server and backup and restore infrastructure, and most critical points identified & discussed.||Good description of protecting IaaS infrastructure, server and backup and restore infrastructure, and many critical points identified & discussed.||Adequate description of protecting IaaS infrastructure, server and backup and restore infrastructure, and some critical points identified & discussed.||Inadequate description of protecting IaaS infrastructure, server and backup and restore infrastructure, and some critical points identified & discussed.|
|Presentation (Communicate in a professional manner), Grammar & Referencing||Up to 5 marks may be deducted for poor grammar, presentation, spelling and not following the proper APA 6th edition style of referencing.
Your report MUST be presented in MS Word format. Your assessment must be submitted electronically and should:
- Have a cover page including:
- Assessment No & Assessment Title
b. Student Name, ID & Student Email
- The assessment should also include at least the following sections:
- Executive Summary – this section should contain a brief summary about the contents of the report. This section should be a maximum of one A4 size page.
b. Main Body of the report – Use this section to answer all the questions in Part I and Part II. All tasks should be clearly identified with headings.
c. References – must be in APA style both in-text and at the end of the assessment document.
- Use Calibri, or a similar font, in 11 or 12 point type.
4. All diagrams and images are to be embedded in the document. Diagrams and images that are supplied separately will not be marked. All text should be left-justified.
5. Each page must have a header or footer with your name and student number.
6. Page numbers must be shown in the footer of each page, except on the title page.
Reports are marked and feedback attached using a MS Word based tool. Reports that are submitted in PDF format will be re-formatted to Word format in order to be marked. Allowances will not be made for any loss of information, diagrams or images as a result of the re-formatting.
Please note: Assessment MUST be submitted as ONE word file on Turnitin. Please do not submit *.zip or *.rar or multiple files. All assessment submissions MUST contain a Turnitin originality report with them upon submission. Details about the use of Turnitin are available from the subject site.