Analysing Cloud Risks and Regulatory Requirements

Cloud Security (42035)
Assessment Task 1 Description:
Analysing Cloud Risks and Regulatory Requirements
Intent: To build competency in the legal and regulatory compliance requirements and the analysis of
security risks and threats for cloud computing.
Weight: 40% of the overall total of subject
Length: Minimum 2000 words – Maximum 3000 words
Deadline: August 28, 2020
Task. This is an individual assignment.
You have just been hired to lead the security team for a major cooperation. Your company is just
beginning the evaluation of public cloud platforms to determine the feasibility of moving its
traditional data centre to a cloud environment. You have been asked to evaluate these platforms
from a security perspective.
You are to investigate all relevant aspects associated with the move to a cloud environment with an
emphasis on analysing and assessing security risks and threats of cloud environment, investigating
how these risks are related to legal, policy and regulatory requirements associated with the cloud
environment.
You are to present a comprehensive report that includes adequate analysis to the management of
your company for its final decision on the move with a clear understanding of the costs and the
benefits. Your report should cover at least the following main points based on all the materials you
have covered from week 1 to week 5 as well as your own additional research:
• How do you plan to drive and articulate concerns that must be considered with any cloud
solution?
• What are your main concerns with moving to a cloud environment?
• What are the initial steps you will take in this evaluation?
• What aspects does the management need to consider and analyse?
• What aspects does the operation team need to consider and analyse?
• What issues from a legal and regulatory standpoint will this move incur?
• What privacy acts and regulatory requirements are you subjected to? Include awareness of
local and international differences in legal requirements on cloud data security, privacy and
storage.
• What technical concerns and issues will likely come into play with this scenario?
• Investigate critical cloud security threats and risks associated with relevant aspects of the
possible move from a traditional data centre to a cloud environment.
• How do you formulate a plan to consider a cloud for Business Continuity/Disaster Recovery
(BCDR) solution, and what impacts might this have on the current hosting model being
employed?
• Articulate your understanding of contractual security service level agreement (Sec SLA)
between a cloud customer and its cloud provider in establishing their respective roles and
responsibilities in relation to the regulatory and legal requirements in searching, identifying,
collecting and securing electronic data and records.
Please note that your report is about addressing the issues raised in the questions above in a
coherent manner and presenting the findings and recommendations in the manner that assists the
management to make the right decision. The report is not about answering these questions directly
point by point.
Marking scheme: (out of 100%)
Executive Summary (of your analysis) and overall report presentation. 20%
Clear understanding of relevant aspects of a cloud environment relative to a traditional
data centre.
20%
Comprehensive cloud threats and cloud risks analysis associated with the cloud
environment.
20%
Comprehensive coverage of relevant legal, policy, and regulatory requirements of the
cloud environment.
20%
Articulate understanding of security service level agreement (Sec SLA) between a cloud
customer and its cloud provider in establishing their respective roles and responsibilities
in relation to the regulatory and legal requirements in searching, identifying, collecting
and securing electronic data and records.
20%