Cloud Security Architecture and Operations Training

Cloud Security Architecture and Operations Training

Course Delivery

This Course is available in the following format:

Request this course in a different delivery format

GSA Schedule 70 Saving for Government Customers

Course Overview:

Cloud Security Architecture and Operations Training – Hands-on

The Cloud Security Architecture and Operations Training course, Cloud Security Architecture and Operations, will tackle these issues one by one. We’ll start with a brief introduction to cloud security fundamentals, and then cover the critical concepts of cloud policy and governance for security professionals. For the rest of day one and all of day two, we’ll move into technical security principles and controls for all major cloud types (SaaS, PaaS, and IaaS). We’ll learn about the Cloud Security Alliance framework for cloud control areas, then delve into assessing risk for cloud services, looking specifically at technical areas that need to be addressed.

As more organizations move data and infrastructure to the cloud, security is becoming a major priority. Operations and development teams are finding new uses for cloud services, and executives are eager to save money and gain new capabilities and operational efficiency by using these services. But, will information security prove to be an Achilles’ heel? Many cloud providers do not provide detailed control information about their internal environments, and quite a few common security controls used internally may not translate directly to the public cloud.

Customize It: Courses

• We can adapt this Assessing and Securing the Network Perimeter training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Assessing and Securing the Network Perimeter training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.

Audience / Target Group:

The target audience for this Cloud Security Architecture and Operations Training course:

• Security Analysts
• Security Architects
• Senior Security Engineers
• Technical Security Managers
• Security Monitoring Analysts
• Cloud Security Architects
• DevOps and DevSecOps Engineers
• System Administrators
• Cloud Administrators

Class Prerequisites:

The knowledge and skills that a learner must have before attending this Cloud Security Architecture and Operations Training course are:

• A basic understanding of TCP/IP, network security, and security architecture are helpful for this course. Comfort with the command line is a must, as many exercises are conducted there (Linux command line skills are useful). Comfort with VMware virtualization is a plus.

What You Will Learn:

Upon completing this Cloud Security Architecture and Operations Training course, learners will be able to meet these objectives:

• Revise and build internal policies to ensure cloud security is properly addressed
• Understand all major facets of cloud risk, including threats, vulnerabilities, and impact
• Articulate the key security topics and risks associated with SaaS, PaaS, and IaaS cloud deployment models
• Evaluate Cloud Access Security Brokers (CASBs) to better protect and monitor SaaS deployments
• Build security for all layers of a hybrid cloud environment, starting with hypervisors and working to application layer controls
• Evaluate basic virtualization hypervisor security controls
• Design and implement network security access controls and monitoring capabilities in a public cloud environment
• Design a hybrid cloud network architecture that includes IPSec tunnels
• Integrate cloud identity and access management (IAM) into security architecture
• Evaluate and implement various cloud encryption types and formats
• Develop multi-tier cloud architectures in a Virtual Private Cloud (VPC), using subnets, availability zones, gateways, and NAT
• Integrate security into DevOps teams, effectively creating a DevSecOps team structure
• Build automated deployment workflows using AWS and native tools
• Incorporate vulnerability management, scanning, and penetration testing into cloud environments
• Build automated and flexible detection and response programs using tools like AWS-IR, CloudWatch, CloudTrail, and AWS Lambda
• Leverage the AWS CLI to automate and easily execute operational tasks
• Set up and use an enterprise automation platform, Ansible, to automate configuration and orchestration tasks
• Use CloudWatch, CloudFormation, and other automation tools to integrate automated security controls into your cloud security program

Course Outline:

Cloud Security Foundations

Introduction to the Cloud and Cloud Security Basics
Cloud Security Alliance Guidance
Cloud Policy and Planning
SaaS Security
Cloud Access Security Brokers (CASBs)
Intro to PaaS and IaaS Security Controls

Core Security Controls for Cloud Computing

Cloud Security: In-House versus Cloud
A Virtualization Security Primer
Cloud Network Security
Instance and Image Security
Identity and Access Management
Data Security for the Cloud
Application Security for the Cloud
Provider Security: Cloud Risk Assessment

Cloud Security Architecture and Design

Cloud Security Architecture Overview
Cloud Architecture and Security Principles
Infrastructure and Core Component Security
Access Controls and Compartmentalization
Confidentiality and Data Protection
Availability

Cloud security – Offense and Defense

Threats to Cloud Computing
Vulnerability Management in the Cloud
Cloud Pen Testing
Intrusion Detection in the Cloud
Cloud IR and Event Management
Cloud Forensics

Cloud Security Automation and Orchestration

Scripting and Automation in the Cloud
SecDevOps Principles
Creating Secure Cloud Workflows
Building Automated Event Management
Building Automated Defensive Strategies
Tools and Tactics
Real-World Use Cases
Class Wrap-Up

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

Print Friendly, PDF & Email