member is a security software architect in a cloud service provider company, assigned to a project to provide the client with data integrity and confidentiality protections for data in transit that will be using applications in the cloud. Your client is an HR company that is moving HR applications and HR data into a community cloud, sharing tenancy with other clients. Your company has set up a software as a service, SAS, offering for its client base.

The data that the HR company will be pushing to and from the cloud will contain sensitive employee information, such as personally identifiable information, PII. You will have to address sensitive data and transit issues of the client data using the HR applications stored in the cloud, and provide a life cycle management report that includes solutions to the cloud computing architect of your company.

Software Development Life Cycle

Technology development and implementation usually follow a software development life cycle (SDLC) methodology. This approach ensures accuracy of information for analysis and decision making, as well as appropriate resources for effective technology management.

You and your team members will use components of the SDLC methodology to develop a life cycle management report for the cloud computing architect of a company. This is a group exercise, representing the kind of collaboration often required in the cybersecurity technology community.

There are 11 steps to lead you through this project. Similar steps are typically used in organizational SDLC projects. Most steps should take no more than two hours to complete, and the entire project should take no more than three weeks to complete. Begin with the workplace scenario, and then continue with Step 1: “Initiating the Project.”

Life Cycle Management Report: A 10- to 15-page double-spaced Word document on data protection techniques for a cloud-based service with citations in APA format. The page count does not include figures or tables. There is no penalty for using additional pages if you need them. Include a minimum of six references. Include a reference list with the report.

As the cloud security architect, you must understand the security development life cycle process. Review the following resources to learn about the security development life cycle process:

Click the following links to learn more about critical infrastructure sectors:

To be completed by a designated team member:

You will begin your Life Cycle Management Report now.

1. Choose a fictional or actual organization. Describe the mission of the organization and the business need to move to a cloud environment.
2. Identify the scope of the security architecture and include a topology. To narrow your scope, focus on issues that application security engineers can control. Avoid discussing resilience and business continuity issues, physical security issues, traditional best practices for software development, or underlying infrastructure security. Examples of topology include Amazon Web Services, Generic Hadoop, Map-r, Cloudera, or Microsoft Azure.
3. In your report, you will combine security development life cycle and software development life cycle methodologies. When you are considering the software development life cycle approach, consider what model you are following. SDLC examples include Waterfall, Spiral, Agile, and Extreme Programming.
4. Address confidentiality, integrity, and availability requirements for data at rest and data in transit. 
   1. Think like an attacker exploiting software vulnerabilities and the likelihood of those vulnerabilities being exploited. 
   2. Think about data in use in the memory of the processing systems. Where in the system are the data most vulnerable?
5. Describe the concepts and products you chose and explain why these were chosen.
6. Include in your descriptions possible software and hardware components as well as an operating system and the security protections needed for those components.
7. Include a discussion of interoperability among the solutions you choose.

Provide your rationale for your strat nctional Analysis and Design—Use SQUARE for Requirements Information Gathering

In the previous step, the team initiated the project. In this step, team members will focus on the functional design of the project.

To be completed by a designated team member:

Click the following link to learn more about software quality requirements engineering (SQUARE). Then, identify the SQUARE process and provide an overview of how to collect requirements for the security technology and/or techniques that are being proposed.

This information will be added to the group report.

Step 4: Provide Analysis and Planning for Evaluating Technologies

Once the team members have understood various ways to secure data in the cloud, the team will analyze and develop a plan to use technologies and/or techniques to meet the functional requirements developed earlier for protecting client data protection in transit.

To prepare, click the following links and learn more about virtualization and cloud computing:

To be completed by a designated team member:

Compare different technologies and techniques, including encryption, access control, and other techniques. Consider their efficiency, effectiveness, and other factors that may affect the security of the data in the cloud. Include your reasoning and conclusions in your evaluation. Conclude which is generally a better, stronger technique and why.

You will include this summary in your report.

Step 5: Create System Design Specifications

In the last step, the team completed an analysis of technologies and techniques. In this step, the team will provide system design specifications for a data-in-transit protection model.

To be completed by a designated team member:

Conduct independent research on system design specifications and propose a set of design specifications that meet the design requirements.

You will include these system design specifications in your report.

For the next step, the team will explain the software development plan.

Step 6: Explain the Software Development Plan

Now that the team has identified system specifications, provide an explanation of the software development need and the plan for software development, if any.

To be completed by a designated team member:

Identify different design and development considerations for the system.

Include this explanation in the final report.

In the next step, the team will outline plans for testing and integration.

Step 7: Provide a Plan for Testing and Integration

In the previous step, the team explained the software development plan. In this step, the team will develop a plan for testing and integration.

To be completed by a designated team member:

Include test plans for the various devices that will be used to access the system. The following should be included in the plan:

1. Include testing for software functions as well as compatibility with other software that may exist on those devices.
2. Include cloud data transactions as well as data transactions outside the cloud.
3. Provide research and justification for applying data confidentiality and data integrity protections.
4. Consider examples of technologies and/or techniques that can be used to protect the data in transit. 
5. Provide the expected results from implementing these technologies and/or techniques.

Include the plan in the final report.

In the next step, the team will discuss how to adapt and deploy the technology appropriate for software as a service (SaaS) in the cloud.

Step 8: Adapt and Deploy Software as a Service

Once the team has successfully developed a testing and integration plan, it is time to adapt and deploy software as a service (SaaS) in the cloud model.

To be completed by a designated team member:

Provide a description of the SaaS adaptation and deployment strategy in the final report. Include a deployment strategy for the SaaS cloud infrastructure.

Include the following in the deployment strategy:

1. Cloud topology where these techniques are employed.
2. Various techniques used by various components. 

Include this description in the final report.

Step 9: Provide a Plan for Operations and Maintenance

In the previous step, the team adapted SaaS. In this step, the team will plan for operations and maintenance.

To be completed by a designated team member:

Prepare a plan for operations and maintenance of the system. The plan should also include:

• An auditing plan to assess the strength of the security controls for the data in transit.
• A process for continuous monitoring of the data in transit.

Include this plan in the final report.

In the next step, the team will create a disposal plan.

Step 10: Create a Disposal Plan

In the previous step, the team developed a plan for operations and maintenance. In this step, the team will create a disposal plan.

To be completed by a designated team member:

Prepare a disposal plan for the system including tools and techniques used for disposal.

Include this disposal plan in the final report.