Enhancing Cloud Security For Inshore Insurance Limited (IIL)

A Statement of Work is a proposal document that a consultant seeking work might submit to a potential client.

This is an individual assignment. Built on the Preliminary Statement of Work, the Final Statement of Work will be a detailed document containing material acquired through simulated stakeholder interviews and other information gathering techniques.

The Final Statement of Work should comprise;

• A comprehensive Problem Statement and Requirements Specification (including formal Stakeholder Assent),
• a summary of Test Criteria necessary to ensure compliance with relevant standards,
• An overview of technologies required for infrastructure, telecommunications, applications, and data,
• A Project Management Plan and description of development Tools and Methodology.
• A table reflecting each member’s contribution to the project. The stated contributions should be backed up references to contributions in the group’s discussion forum on LEO. A template will be provided for the table, to highlight each member’s contribution in the project.

Problem Identification

IIL (Inshore Insurance Limited) has been one of the profitable financial institution in the Australia whose branches are spread all over the state and head quarter is located at Sydney. The IT infrastructure and cloud services are applicable in boosting the production and output of the organization and managing the data and information as per the needs of the daily operational activities/. Utilizing cloud services is helpful in being a step ahead from the competitors however; there are certain security issues related to the application of cloud services and this is the biggest problem that had threatened the IIL organization. The purpose of this statement of work is to put emphasis on the problem and solution to the identified problem encountered in the functioning of the IIL. The organization needs high-level security for the protection against the security attacks and data breaches as the organization collects very personal and sensitive information whose expose cannot be accepted by the organization. The purpose of the statement of work is to highlight on the aspects related to the proposed solution.  

The scope of the project is to utilize the security solutions available in the market that can be helpful in securing the data and information saved on the cloud and practices them in the existing system of the IIL. Implementation of the RAP (Risk Analysis Product) as a Service can be a better approach for the enhancement in the security and securing the network on which the data and information being shared on the internet. This implementation will not impact the existing operational activities however will be helpful in enhancing the output through securing the data and information being exchanged on the network.

The IIL has transformed the existing systems over the cloud and all the daily operational activities are being accomplished through exchanging and storing the data and information through the cloud. Cloud has provided any services those could be utilized for accomplishing the operational activities in an efficient and effective manner and allowing data access and ease of handling the data and information related to the operational activities. Since the organization is sharing very personal and sensitive information over the cloud, security has been the most crucial objective for the successful and efficient application of the cloud services. It has been identified that the security level of the IIL has been not up to the capability of assuring security for the existing IT infrastructure. IT solutions available in the market such as RAP as a Service that will be helpful in defining the problems and identification of the solutions those are capable of eliminating the identified problems and securing the network. Security breaches and intrusion have become for the data and information exchanged on the cloud and has been the biggest concern for the IIL.

Scope of the Project

The overall period of the project for the establishment of RAAP as a Service will be developed successfully within three months of the life span. This will include all the necessary activities including the identification of the existing functions, API (Application Programming Interfaces) of the existing infrastructure, software being utilized, web addresses being accessed, interchange of the data and information and many more. Thereafter the possibilities of the solution will be involved in this phase of the project considering the successful and effective implementation of the security. This system will be capable of providing security for a decade and ensuring that proper maintenance is being provided within the AWS service and assuring that the functionality of the security has been restored to the extent level.

Analyzing the existing system: the IIL has been already using the cloud services and it is necessary to identify all the functionalities and operations being delivered within the working environment of the IIL. This step will be helpful in identifying the elements those are necessary for the deployment of the security program for the organization. Following are the activities those will be necessary for delivering the complete project:

Project Initiation: The identification of all the necessary elements will be proceeded in this phase that will be helpful in deeply understanding the problem and feasibility of the solution being proposed in the existing system. It will be also specifying whether the proposed solution is complying with the existing policies and regulations of the IIL or not. This will include the schedule, work breakdown and other planning methods.  Training, implementation, and transition plans of the activities will also be determined in this phase. The approval will be needed to get from the senior executives and after the approval only, the project will be executed.

Design phase:  Gathering the requirements will be another phase for the execution of the proposed solution. The available requirements and needed requirements will be incorporated in a single design, that will be specifying the elimination of the problem and securing the data or information being transferred through the Cloud platform or being stored at that platform. Tis will also include the communication between the stakeholders for emphasizing on the needs, requirements, and deployment of the project for the enhancement in the cloud security.

Execution phase: It will include the elements necessary to be accomplished for the successful delivery of the project such as identification of the vendor, investigation on the vendor, and assigning the project in the hand of the vendor. The vendor will be responsible for establishing the network and deploy restrictions for enhancing the security. Restrictions are the only way to secure the network and blocking unauthorized users to enter the network through injecting malicious program or coding. It will also include the establishment of the IT infrastructure necessary for the deployment of the project. The vendor will be accessing the data and information and implementing necessary technologies such as encryption and others for the deployment of the enhanced security.

Existing IT Infrastructure and Cloud Services

Monitoring and Controlling: monitoring and controlling then growth and development of the project will be necessary for the deployment of the project. This will monitor whether the growth and development of the project is being processed accordingly or not and all the objectives are being accomplished or not.

Training and education: The employees and staffs of the IIL will need proper training and education on how to use the proposed technology and implementation of the RAP service that will be contributing in the enhancement of the security. This will be helpful in enhancing the efficiency and output of the project through ensuring that every individual is well aware and introduced with the functioning of the technology.

Project Closure: The project needs to be handover to the IIL and thus, the final phase of the project will be project closure. All the stakeholders will be asked to sign-off the project and be released from the project ensuring that the roles and responsibilities have been accomplished properly and contributed in the growth and development of the project.

Following is the list of activities those need to be accomplished within the justified timeline and milestones as per the nature of the project for enhancing the security. The project will be started at seventh May 2018 and will end at thirteenth September 2018.

In manner to implement the RAP for the enhancement in the cloud security, it is necessary that the executives of the organization are accepting the project and all of them are agreed on the same point. The CEO will need to approve the proposed project plan and writing advised must be collected for future reference. The discussion and review will be executed for the scenarios when, the project deliverables has not been similar to the expectations and vendor has been refused the service that was promised during the position of the project sign-off. Following are the lists of activities and elements those could be provided in the context of this project:

• The proposed solution will be helpful in restricting the access level.
• It will be enhancing the security and privacy of the data and information
• It will completed within 94 days and within the budget of $ 86, 520
• The proposed solution will comply with the existing policies and regulations and data and information will be provided the same importance as that of the importance for the organization.

Service Legal Agreements (SLA), NDAs (Non-Disclosure Agreements), agreement of confidentiality, privacy, and security of the data being uploaded in the network are some of the vital requirements necessary for making the project much effective and efficient.

RAP as a Service will be solely capable of handling all the restrictions and firewalls to the website access and authority access to the individuals entering the network. It is a Microsoft service that will be helpful in analyzing and securing the current network of the IIL’s system. Strong and High Bandwidth internet connection will be necessary, as all the operations will be handled automatically or by the Microsoft itself.  Proper and effective API will be another requirement for the successful execution of this project. Access control is the other requirement for the access and control over the remote service being introduced by the remote service of the Microsoft. Authentication at different level and access restriction is another technology requirement for the deployment of the security assessment of the project.

Phase of the Project

The proposed solution is for enhancing the security of the data and information being stored or transferred on the Cloud being utilized by the IIL. The project will be initiated that will include all the considerable facts of the requirements and specifications necessary for the deployment of the RAP as a Service within the existing system. This will include all the type of information regarding the identification of every aspects. Thereafter installation of the RAP as a Service will be established, and the project will be completed. The schedule of the project has been explained in the above report and the stakeholders and budget can be explained a below:

Following Gantt chart will be describing the visual representation of the activities, schedule, and resources being utilized for the execution of the project

Tools those will be helpful in boosting the performance of the project can be listed as:

Dashboards: It would be helpful in the representation of the overall growth and development of the project and monitoring at them at a single instance will be accomplished. The manager and the leader would be able to read the graphs and charts and thus, taking necessary precautions those could assure the growth and development of the project.

Gantt chart: it has been used in this report for representing every activity along with the dates on which it should be completed. It will be paving a path for the project manager to accomplish the project in similar way.

Project scheduling and project reporting; These are some of the vital tools those will be contributing in the successful deployment of the project and developing a simple documentation describing all about this project.

PERT chart and critical path analysis: these are helpful in identifying the shortest path that could be utilized for the delivery of the project without affecting the quality and standard of the report. it will be helpful in managing the quality of the project and thus, assuring that the project will be capable of enhancing the security of the data and information in much better and efficient manner.

Agile scrum methodology will be utilized for the successful delivery of the project constraints as many experienced players have suggested it as a very appropriate and effective approach towards the delivery of the project. It is a very effective approach towards delivering the constraints of very high st5andard and of very high quality. This methodology is best suited for the software projects as it is change acceptable and reduces the time –to- market. This methodology emphasizes on the satisfaction of the stakeholders as the vital accomplishment and major goal for the project assuring that the project is capable of fulfilling all the necessary outputs. It will allow the managers and team leaders to execute the above mentioned phases in sequential manner and complying the new project within the existing environment of the IIL. It is very much effective than other methodologies as the changes in a single phase does not affect the overall phases of the project as that in the waterfall and other methodologies. This will also emphasize on the risk assessment and management and thus, the delivery of the project can be considered as risk free and reaching the efficiency to maximum of its value. It will be accomplishing all the objectives and goals of the project and motivating the internal stakeholders towards accomplishing all the objectives of the project.

Brooks, R., 2015. Financial management: core concepts. Pearson.

Crawford, J.K., 2014. Project management maturity model. CRC Press.

Fleming, Q.W. and Koppelman, J.M., 2016, December. Earned value project management. Project Management Institute.

Gido, J., Clements, J. and Clements, J., 2014. Successful project management. Nelson Education.

Harrison, F. and Lock, D., 2017. Advanced project management: a structured approach. Routledge.

Heagney, J., 2016. Fundamentals of project management. AMACOM Div American Mgmt Assn.

Heldman, K., 2018. PMP: project management professional exam study guide. John Wiley & Sons.

Kerzner, H. and Kerzner, H.R., 2017. Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons.

Kerzner, H., 2017. Project management metrics, KPIs, and dashboards: a guide to measuring and monitoring project performance. John Wiley & Sons.

Kerzner, H., 2018. Project management best practices: Achieving global excellence. John Wiley & Sons.

Martinelli, R.J. and Milosevic, D.Z., 2016. Project management toolbox: tools and techniques for the practicing project manager. John Wiley & Sons.

Olson, D., 2014. Information systems project management. Business Expert Press.

Portny, S.E., 2017. Project management for dummies. John Wiley & Sons.

Schwalbe, K., 2015. Information technology project management. Cengage Learning.

Turner, R., 2016. Gower handbook of project management. Routledge.