Training Course: SEC545: Cloud Security Architecture and Operations

IT234727 2 - 6 Feb 2025 Cost : 2275 € Euro
Register Inquiry Choose Date

Introduction

As more organizations move data and infrastructure to the cloud, security is becoming a major priority. Operations and development teams are finding new uses for cloud services, and executives are eager to save money and gain new capabilities and operational efficiency by using these services. But will information security prove to be an Achilles’ heel? Many cloud providers do not provide detailed control information about their internal environments, and quite a few common security controls used internally may not translate directly to the public cloud.

SEC545: Cloud Security Architecture and Operations will tackle these issues one by one. We’ll start with a brief introduction to cloud security fundamentals, then cover the critical concepts of cloud policy and governance for security professionals. For the rest of day one and all of day two, we’ll move into technical security principles and controls for all major cloud types (SaaS, PaaS, and IaaS). We’ll learn about the Cloud Security Alliance framework for cloud control areas, then into assessing risk for cloud services, looking specifically at technical areas that need to be addressed.

Course Objective of Cloud Security Architecture and Operations

You Will Be Able To

  • Revise and build internal policies to ensure cloud security is properly addressed

  • Understand all major facets of cloud risk, including threats, vulnerabilities, and impact

  • Articulate the key security topics and risks associated with SaaS, PaaS, and IaaS cloud deployment models

  • Evaluate Cloud Access Security Brokers (CASBs) to better protect and monitor SaaS deployments

  • Build security for all layers of a hybrid cloud environment, starting with hypervisors and working to application layer controls

  • Evaluate basic virtualization hypervisor security controls

  • Design and implement network security access controls and monitoring capabilities in a public cloud environment

  • Design a hybrid cloud network architecture that includes IPSec tunnels

  • Integrate cloud identity and access management (IAM) into security architecture

  • Evaluate and implement various cloud encryption types and formats

  • Develop multi-tier cloud architectures in a Virtual Private Cloud (VPC), using subnets, availability zones, gateways, and NAT

  • Integrate security into DevOps teams, effectively creating a DevSecOps team structure

  • Build automated deployment workflows using Amazon Web Services and native tools

  • Incorporate vulnerability management, scanning, and penetration testing into cloud environment

Target Audience of Cloud Security Architecture and Operations

Who Should Attend

  • Security architects

  • Senior security engineers

  • Technical security managers

  • Security Operations Center (SOC) analysts, engineers, and managers

  • CND analysts

  • Individuals working to implement Continuous Diagnostics and Mitigation (CDM), Continuous Security Monitoring (CSM), or Network Security Monitoring (NSM)

Course Outlines for Cloud Security Architecture and Operations

Day 1

Cloud Security Foundations

  • Introduction to the Cloud and Cloud Security Basics

  • Cloud Security Alliance Guidance

  • Cloud Policy and Planning

  • SaaS Security

  • Cloud Access Security

Day 2

Core Security Controls for Cloud Computing

  • Cloud Security: In-House versus Cloud

  • A Virtualization Security Primer

  • Cloud Network Security

  • Instance and Image Security

  • Identity and Access Management

  • Data Security for the Cloud

  • Application Security for the Cloud

  • Provider Security: Cloud Risk Assessment

Day 3

Cloud Security Architecture and Design

  • Cloud Security Architecture Overview

  • Cloud Architecture and Security Principles

  • Infrastructure and Core Component Security

  • Access Controls and Compartmentalization

  • Confidentiality and Data Protection

  • Availability

Day 4

Cloud Security Automation and Orchestration

  • Scripting and Automation in the Cloud

  • SecDevOps Principles

  • Creating Secure Cloud Workflows

  • Building Automated Event Management

  • Building Automated Defensive Strategies

  • Tools and Tactics

  • Real-World Use Cases

Day 5

Cloud Security – Offense and Defense

  • Threats to Cloud Computing

  • Vulnerability Management in the Cloud

  • Cloud Pen Testing

  • Intrusion Detection in the Cloud

  • Cloud IR and Event Management

  • Cloud Forensics

 22 Portman Square, Marylebone, London W1H 7BG, UK
 3 Oudai street, Aldouki, Giza, Giza Governorate, Egypt
 0020233379764
 00201095004484
 00201102960555
 00201102960666
 19 Mayıs Mahallesi, 19 Mayis Street No 2 Sisli, 34360 Istanbul/Turkey
 00905357839460
 Australia Street, Raouche Beirut, Lebanon .، Beirut, Lebanon
 0096181746278
 811 Massachusetts Avenue, Boston, Massachusetts, 02118, USA
 6 Beirut Street - Fifth Circle Abdoun, P.O. Box 831370, 11183 Amman, Jordan
Copyright Global Horizon Training Center © 2019