You are a security architect consultant. Your client is a medical practice that has four small offices in West Virginia. Currently, each office has its own physical network that includes the following:

4 – workstations (three doctors and one administrative assistant)

1 – Database server for patient records.

1 – Windows server used for active directory.

1 - Windows server used for Microsoft Exchange.

1 - Firewall at the edge.

1 - Physical VPN endpoint for external access to.

The clinic also has their corporate website hosted at GoDaddy with a patient login area that queries the databases depending on which office the patient sees.

The offices currently do not have dedicated connections to each other, exchange patient records, etc. Staff is becoming frustrated and the upkeep on all these physical systems is too much work, too expensive, and overkill for the size medical practice they are.

This design and its frustrations are duplicated in each of the practice's small offices. Management wants to consolidate their network and "move to the cloud" to simplify things and increase efficiency and is very worried about the security of their client records.

You have been hired as a consultant to develop the security architecture for a cloud deployment using AWS that decommissions many of the physical systems being used at each location. The client wants the following:

Website hosting moved to AWS.

Back-end centralized patient database that is shared among all the offices and secured.

Migration to O365 for the clinic's productivity suite (Email, OneDrive, SharePoint etc. etc.)

Cloud-based MS active directory

Secure remote access to clinic workstations and the AWS environment

Security considerations tackled such as security monitoring, alerting, logging etc. along with security best-practices put in place.

Develop a security architecture that addresses the above components.

Some things to think about when approaching this:

Access control and authentication:

Public facing area

Authenticated access for registered patients using MFA

Multi-Factor authentication for employees and administrators

Cloud-based active directory using Azure AD.

Being able to securely connect remotely to clinic workstations and the AWS environment.

Network Security

Monitoring and testing

Logging as many things as you can in a centralized place

Encrypted communications both at rest and in transit

Protection of customer records and HIPAA requirements.

Efficiency

Absolute minimization of physical hardware at offices

Approach with a "cloud-first" frame of mind meaning that migration to the cloud is the most important thing for the client

No hosted applications to worry about

Don't discount the use of managed service providers where you think it's necessary

Deliverables:

A network diagram of your design that is detailed (stressing detailed here!). Lucidchart has a free tier account. A helpful blog post is here - https://www.lucidchart.com/blog/how-to-build-aws-architecture-diagrams but there are other services for this also and plenty of examples and ideas online via research. I also highly recommend draw.io and you can download AWS icons here - https://aws.amazon.com/architecture/icons/. Cloudcraft.co is also a neat website.

A security technical implementation guide (STIG) on how to deploy this. Remember, you're not actually doing the work, you're just designing and providing guidance/recommendations.

You can design this any way you would like. This is meant to concisely describe your design and how to achieve it. Think of this as a playbook for the IT team to take and do implementation with.

There is no right or wrong way to produce a STIG document, and many you see online will be very concise checklists (as seen here) while others have more "meat" in them (as seen here). Choose the method that has more meat and detail in it, rather than a checklist.

Title Page - containing the following at a minimum: Title, Authors, Institution Name, Class number, Date

APA format

I will leave the length up to you, but please keep in mind that this should be detailed and well thought out. What you design in your diagram should be fully explained in your STIG.

An oral presentation by you that walks me through your design and thought process. SnagIt (https://www.techsmith.com/screen-capture.html) has a free trial and is easy to use but use whatever you want.

Click on the "Final Project Assignment" link above to submit your assignment, as well as to get more information regarding the due date and grading rubric.

Format requirements:

1. APA 7th edition format on all submissions

2. Title page with your name, class, and assignment

3. Minimum of three pages of content double-spaced using Microsoft Word. This is NOT including your title page or references pages.

4. References page.

5. Be advised, DO NOT plagiarize. Plagiarism will result in a zero grade and no re-do option.