Software Development Life Cycle Cloud Service Project 4 Need 2.5 pages and APA citations and references.Attachment Project 4 Information gives you all the details. Project 4 Scenario
Company: A Human Resources (HR) company. You should name it.
Industry:, HR for Business
The Situation:
The company wants to move its HR applications and HR data into a community cloud, sharing
tenancy with other clients. It has not used the cloud before.
The company will be pushing sensitive employee information, such as personally identifiable
information, PII, to and from the cloud.
You:
Member of a team within a cloud service provider.
One of several security software architects
Assigned to a project to provide the HR company with a plan for migrating and providing the HR
company Software as a Service (SaaS) on the cloud.
Your Company: Cloud service provider offering software as a service (SAS) services to its client base.
Name your company.
The Specific Assignment:
1. Deliver a Software Development Life Cycle driven report for securing data and applications in a
cloud environment.
2. Conduct lab testing and use the specific results to reinforce your concepts in the report.
Step 3 cover
software development life cycle SDLC Subteam Research Report
You should assess (compare and contrast) security issues in the life cycle of system solutions
created by software system environments. The lifecycle consists of the concept phase, design
phase, requirements phase, development implementation phase, initial operational capability (IOC)
phase, IOC test phase, final operational capability (FOC) phase, deployment phase, user
acceptance test (UAT) phase, and operational/maintenance/enhancements phase.
You should cover the following software system environments in your comparison (you can do a
comparison table):
stand-alone computing
client-server model computing
distributed computing model
cloud computing model (the focus should be primarily on this model currently used in
industry).
In your discussions of security issues in the software system life cycle, you should also address the
use of different development environments. Which environment is easier in considering
security issues, and which are more problematic? (provide citations and rationale in your
discussions). The development paradigms of interest include:
traditional waterfall model
spiral model
agile/extreme programming model
cloud-based model
In this portion of your report, address several key security-related questions. Use tables or
spreadsheets to summarize your data, but also discuss the information and findings in your
analysis of the results. Answer the following questions in your report:
Cloud provider assurances:
1. How could a cloud-based solution maintain a proper authentication system for its
clients?
2. How might a cloud-based solution ensure that one client’s data is kept confidential
and protected from other clients who also have access to the same data center?
3. What type of assurances would a client expect that the security of the
software components and utilities provided by the cloud-based solution provider will
be consistently maintained, if the distributed systems are owned and leased from
other organizations?
Cloud provider confidentiality:
4. If we had a company that processed and kept medical imaging data, how might a corporation
called Medical Imaging (MI) keep other cloud subscribers from accessing MI’s data?
5. How could the Medical Imaging corporation manage the images split across multiple thirdparty ISPs?
Cloud provider security policy:
6. How might another corporation ensure a similar level of security to the cloud-based ISP
provider for the Medical Imaging company? What are some common assurances and
features? What are some suggestions on cloud-based solutions from the NIST Special
Series 800 and 1800 guidance? http://csrc.nist.gov/publications/PubsSPs.html
7. How could the security policy defined by the cloud-based ISP provider be maintained and
ensured at the application level? What types of agreements would be needed? What types of
software, systems, and security testing would you require?
Your objective for the report is to compare and contrast the development environments for
traditional waterfall approach, spiral approach, agile/extreme programming approach, and
cloud-based environment approaches for data processing implementations. Of particular
interest will be your identification of computing security and access control security concerns
to protect systems, data and users. Consider at what stages of system planning, design,
implementation, testing, deployment, and use that you would want cybersecurity persons involved in
system creation.
What would be the focus of the cybersecurity persons in each stage of the acquisition and creation
of the system (in each of the development environment approaches)?
How might you do security testing in a distributed computing system, especially for cloud-based
systems where the distributed resources might be more uncertain as to where they are located (and
who owns them)?
Step 4: Provide Analysis and Planning for Evaluating Technologies
Once the team members have understood various ways to secure data in the cloud, the team will
analyze and develop a plan to use technologies and/or techniques to meet the functional requirements
developed earlier for protecting client data protection in transit.
To prepare, click the following links and learn more about virtualization and cloud computing:
Server Virtualization
Benefits and Features of Cloud Computing
Mobile Cloud Computing
Compare different technologies and techniques, including encryption, access control, and other
techniques.
Consider their efficiency, effectiveness, and other factors that may affect the security of the data
in the cloud.
Include your reasoning and conclusions in your evaluation. Conclude which is generally a better,
stronger technique and why.
Definition but I do not have reference
.Access control is the process by which permissions are
granted for given resources. Access control can be physical (e.g., locked doors accessed using various
control methods) or logical (e.g., electronic keys or credentials). There are several access control
models, to include:
Role-based access control: Access is granted based on individual roles.
Mandatory access control: Access is granted by comparing data sensitivity levels with user
sensitivity access permissions.
Attribute-based access control: Access is granted based on assigned attributes.
Discretionary access control: Access is granted based on the identity and/or group membership
of the user.
The access control model used is determined based on the needs of the organization. To determine the
best model, a risk assessment should be performed to determine what threats might be applicable. This
information is then used to assess which model can best protect against the threats identified.
Purchase answer to see full
attachment
LDR 3302-21.01.01-1A24-S1, Organizational Theory and Behavior Unit III Essay Top of Form Bottom of Form…
Chapter 9 What are teratogens? Give 5 examples. Define each of these stages: Germinal, embryonic,…
You are a Financial Analyst that has been appointed to lead a team in the…
You are familiar with the ANA Code of Ethics and have a growing understanding of…
This week’s discussion will focus on management decision-making and control in two companies, American corporation…
Mary Rowlandson felt that the man who eventually came to own her, Quinnapin, was “the…