pleaseee helpppp
You work for a medium-sized insurance company. Your organization is undergoing a digital transformation and has decided to sunset the organization’s on-premise quoting and billing system and shift all development dollars toward a new application that will be cloud-based.
You are the organization’s Enterprise Architect and you have been given the project to evaluate cloud service providers and to validate if this direction can be achieved and ensure your organization’s data can be properly secured.
- Review the article “How to Evaluate Cloud Service Provider Security (Links to an external site.)†by navigating to the link and providing your Franklin e-mail address, address, and phone number.
- Write a formal document (3-6 pages) that includes specific details regarding the bulleted points noted in Action Item 3 below. Include an executive summary, introduction, and conclusion as part of this formal company document. Include any references that you may have used to develop your document. Before you can evaluate cloud service providers, be sure to develop standards for your organization to adopt the cloud securely and efficiently.
- To quickly determine security and control objectives and to evaluate various cloud service providers, including the following in your process:
- Define requirements around security control functionality. In other words, what security mechanisms will you require your cloud provider to support (Firewall, IPS, IDS, ATP, etc.)?
- Consider building a list of primarycontrols, recommendedcontrols, and optionalcontrols.
- Develop a process to assess the security posture of the service provider.
- What security requirements should your organization have?
- Define security requirements in a cloud-based environment that should be part of your standard.
- Consider utilizing a security framework to help with developing your standards such as ISO27001, NIST, or CIS. Some examples of cloud-related CIS controls are below.
- Center for Internet Security control #9: Limitation and control of network ports, protocols, and services
- Center for Internet Security Control #12: Boundary defense
- Center for Internet Security Control # 16: Access monitoring and control
- Center for Internet Security Control #18: Application Software Security
- Consider utilizing a security framework to help with developing your standards such as ISO27001, NIST, or CIS. Some examples of cloud-related CIS controls are below.
- Detail the third-party evaluations will you require of your prospective service providers and why.
- Third-party evaluations support a risk assessment process. This can be used to verify a cloud service party undertook an independent third-party risk evaluation.
- This may include ISO27001 certification, SOC1, SOC2, SOC3.
- What claims of compliance does your business require and why?
- Some examples of claims of compliance are: HIPPA, FERPA, FISMA, ITAR, FISMA
- Optimize your use of provider security information.
- Review the summary of CSP transparency information, table on page 6.
- Detail what methods you will use to consistently and efficiently analyze service providers.
- Choose at least three criteria from the table and detail the importance of each evaluation criteria.
- Define requirements around security control functionality. In other words, what security mechanisms will you require your cloud provider to support (Firewall, IPS, IDS, ATP, etc.)?
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
