1. Choose a fictional organization. Describe the mission of the organization and the business need to move to a cloud environment.
2. Identify the scope of the security architecture and include a topology. To narrow your scope, focus on issues that application security engineers can control. Avoid discussing resilience and business continuity issues, physical security issues, traditional best practices for software development, or underlying infrastructure security. Examples of topology include Amazon Web Services, Generic Hadoop, Map-r, Cloudera, or Microsoft Azure.
3. Address confidentiality, integrity, and availability requirements for data at rest and data in transit.
1. Think like an attacker exploiting software vulnerabilities and the likelihood of those vulnerabilities being exploited.
2. Think about data in use in the memory of the processing systems. Where in the system are the data most vulnerable?
4. Describe the concepts and products you chose and explain why these were chosen.
5. Include in your descriptions possible software and hardware components as well as an operating system and the security protections needed for those components.
6. Include a discussion of interoperability among the solutions you choose.
Provide your rationale for your strategy.
The more in text citations the better.