Introduction to Cloud Security Architecture

Provided by

About the course

 Cloud Security Architecture

*Terms and conditions apply. Only valid for those attending certain events across the above courses in March and April 2019, for new bookings confirmed and attended before the 30th April 2019. Pricing has been amended to reflect this discount and courses included in the offer. Not applicable with any other offer, discount structure or bundle purchase. Offer can only be used once. Existing bookings cannot be cancelled and re-booked using the offer. Bookings transferred to dates outside the promotional terms will be charged at RRP. QA's General Terms & Conditions of Business apply.

This two day course provides an introduction to Cloud Security Architecture.

The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures.

We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. The course is delivered through presentations, discussions, and practical demonstrations.

You will gain practical hands-on experience of implementing and using technical security controls in labs based on services from leading cloud service providers, and consolidate learning in a group workshop to develop a cloud security architecture, based on a realistic scenario.


Prerequisites

This course is aimed at Security Architects working in sectors such as Government and Finance where data protection and cyber-security are particular concerns, who are looking to develop secure architectures for the implementation of applications and systems in commodity cloud environments. For those delegates looking for a more complete Cloud Security course, take a look at our Practitioner Certificate in Cloud Security course QAPCCS.

An understanding of security architecture, risk management and a basic technical knowledge of computers and networks is assumed. Experience of using cloud services is helpful but not essentials.


Delegates will learn how to

    Cloud Security Frameworks, Principles, Patterns and Certifications
    AWS Security Technologies
    AWS Security Labs
    Microsoft Azure and Office 365 Security Architecture
    Microsoft Azure Security Lab
    Google Apps for Work
    Automation in the Cloud
    Assurance in the Cloud
    Data Protection and Compliance in the Cloud
    Cloud Security Architectures


Outline

DAY ONE

Cloud Concepts

    What is Cloud Computing?
    Why is everyone moving to the Cloud?
    Cloud computing model
    Infrastructure, Platform and Software as a Service
    Boundaries and responsibilities
    Cloud reference architecture

Cloud Security Frameworks, Principles, Patterns and Certifications

    Security Principles
    Separation and layers as security controls
    Cloud Security Alliance (CSA) Cloud Control Matrix
    GOV.UK Cabinet Office and NCSC Cloud Security Principles
    Security Architecture Frameworks
    Security Architecture Patterns
    Cloud Security Architecture Patterns
    Trusted Cloud Initiative Reference Architecture
    Cloud Security Certifications

AWS Security Technologies

    EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
    Availability zones and regions
    Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
    Security Implications of Elastic Load Balancing (ELB) and auto-scaling
    Security Groups, Flow Logs, S3, ACLs and subnet routing
    AWS Config, CloudTrail, CloudWatch, Trusted Advisor
    IPSec VPN options: AWS VPNs, third party solutions
    AWS CloudFront, Web Application Firewall and Certificate Manager
    Vulnerability management using AWS Inspector
    AWS Key Management Service (KMS) and CloudHSM
    AWS Identity and Access Management (IAM)

AWS Security Lab

    Hands on lab providing practical experience of implementing and using AWS security technologies

Microsoft Azure and Office 365

    Azure platform security architecture
    Azure Virtual Networks
    Azure network security best practices
    Azure data security and encryption best practices
    Azure Active Directory
    Federated identity and Single Sign On
    Azure Multi-factor authentication
    Azure Key Vault
    Azure Virtual Machine encryption
    Microsoft Antimalware for Azure Cloud Services and Virtual Machines
    Azure Security Center
    Office 365 Service Architectures
    Office 365 security across physical, logical and data layers
    Office 365 email encryption options
    Exchange Online Protection
    GOV.UK Microsoft Office Security Guidance

DAY TWO

Microsoft Azure Security Lab

    Hands on lab providing practical experience of implementing and using
    Microsoft Azure security technologies

Google Apps for Work

    Google Apps for Work applications and architectures
    Integration with corporate directories
    Single sign-on to enforce use of corporate devices and threat prevention
    GOV.UK Google Apps for Work Security Guidance
    Google Admin Console
    Google Authenticator
    Organisational Units
    Administrative roles
    Data privacy opt-in

Automation

    Cloud service provider automation tools
    Terraform by Hashicorp
    Hardened build images
    Vault by Hashicorp
    Patching and update strategies
    DevSecOp
    Assurance
    Centre for Internet Security (CIS) Foundation Benchmarks
    Penetration tests of cloud environments
    External audit and configuration review

Data Protection and Compliance

    Personally Identifiable Information (PII) and Personal Data
    UK Data Protection Act and Information Commissioner’s Office (ICO)
    European Union (EU) Data Protection Directive
    EU General Data Protection Regulation (GDPR)
    Cyber Essentials Plus
    Cloud Security Alliance STAR
    PCI DSS
    AICPA SOC3 (formerly SAS70)
    ISO 27001

Cloud Security Architectures

    Cloud security architecture patterns and templates
    Scenario requirement
    Develop security architecture in groups

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,