Task 1
DTGOV uses Microsoft Office 2010 as its office productivity suite and Microsoft Exchange 2010 for email. The DTGOV Exchange instance is running on a cluster of physical servers operating in one of the DTGOV data centres. The DTGOV Information Management Board (IMB), headed by the CIO, has decided to move its office productivity and email suites to a service based model and want to investigate the use of an SaaS office productivity and email suite.
The IMB want to study the use of either Google Docs and Gmail or Microsoft’s Office 365 as a possible SaaS offering for DTGOV and its clients. This will be intended to replace the existing Exchange 2010 data centre infrastructure as well as the Office 2010 installation on all desktop computers.
You have been assigned the task of providing the IMB with both a Risk Management assessment and a Security assessment for this proposed migration. You are to:
1. Select either Google Docs/Gmail or Office 365 as the SaaS provider.
2. Provide an Information Security assessment on your chosen provider using the techniques proposed by Ramgovind etal, and the ASD Cloud Computing Security Considerations as your primary references. This assessment should be no more than 2 pages.
3. Provide a Risk Management assessment for your chosen provider using the Threat and Risk Assessment Questionnaire (White, P. 2015), as a template. You are to complete only the following sections of the template:
a. Section 6 Data, A. Data Classification
b. Section 6 Data, C. Backup
c. Section 7. Identity Management
d. Section 10 B. VPN
e. Section 10. C. Cryptography
f. Section 11. Cloud Services
Each section is to be completed with only the following detail:
a. Is the question applicable: yes, no or NA
b. What do you think are the likely consequences of the risk? (see Appendix B, Consequences for the term to use)
c. What do you think is the likelihood of the risk occurring? (see Appendix B, Likelihood for the term to use)
d. What is the risk rating for this question? (see Appendix B, Risk Rating for the risk rating)
4. Provide a covering one page executive summary to the IMB for these two documents and summarize the risk management and security benefits and drawbacks of the proposed migration of office productivity services to an SaaS model.
Task 2
The DTGOV IMB has considered your assessment of the risk management and security issues for the migration of DTGOV’s office productivity and email tools to an SaaS provider. They have decided that they need an additional assessment on the management and the SLA of the chosen provider.
You have been assigned the task of providing the IMB with an assessment of the management requirements and the provisions of the SLA for the proposed provider. You are to:
1. Using the SaaS provider that you chose for assignment 2 (either Google or Office 365):
a. Discuss the requirements for remote administration, resource management, SLA management and billing management of your chosen provider. It may be useful to consider Morad and Dalbhanjan’s operational checklists here. This section should be no more than two to three pages in length.
b. Discuss briefly how you will consider application resilience, backup and disaster recovery for your chosen provider. This section should be no more than two to three pages in length.
c. Use Erl’s SLA guidelines to assess the SLA for your chosen provider. This section should be no more than two to three pages in length.
d. Provide a covering one to two page executive summary of these three assessments to the IMB and summarise the major opportunities and risks that have beesn identified in your assessments.
Rationale
This assignment covers the following objectives:
– Be able to compare and evaluate the ability of different Cloud Computing Architectures to meet a set of given business requirements;
– Be able to evaluate a set of business requirements to determine suitability for a Cloud Computing delivery model;
– Be able to evaluate and design an ICT Risk Management strategy for a Cloud Computing Delivery plan to meet business requirements;
– Be able to interpret, evaluate and plan the Governance and Security requirements for a Cloud Computing delivery plan;
– Be able to analyse and evaluate business requirements to plan a migration to a Cloud model;
