Introduction to Cloud Security Architecture
Provided by QA
About the course
Cloud Security Architecture
*Terms and conditions apply. Only valid for those attending certain events across the above courses in March and April 2019, for new bookings confirmed and attended before the 30th April 2019. Pricing has been amended to reflect this discount and courses included in the offer. Not applicable with any other offer, discount structure or bundle purchase. Offer can only be used once. Existing bookings cannot be cancelled and re-booked using the offer. Bookings transferred to dates outside the promotional terms will be charged at RRP. QA's General Terms & Conditions of Business apply.
This two day course provides an introduction to Cloud Security Architecture.
The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures.
We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. The course is delivered through presentations, discussions, and practical demonstrations.
You will gain practical hands-on experience of implementing and using technical security controls in labs based on services from leading cloud service providers, and consolidate learning in a group workshop to develop a cloud security architecture, based on a realistic scenario.
Prerequisites
This course is aimed at Security Architects working in sectors such as Government and Finance where data protection and cyber-security are particular concerns, who are looking to develop secure architectures for the implementation of applications and systems in commodity cloud environments. For those delegates looking for a more complete Cloud Security course, take a look at our Practitioner Certificate in Cloud Security course QAPCCS.
An understanding of security architecture, risk management and a basic technical knowledge of computers and networks is assumed. Experience of using cloud services is helpful but not essentials.
Delegates will learn how to
Cloud Security Frameworks, Principles, Patterns and Certifications
AWS Security Technologies
AWS Security Labs
Microsoft Azure and Office 365 Security Architecture
Microsoft Azure Security Lab
Google Apps for Work
Automation in the Cloud
Assurance in the Cloud
Data Protection and Compliance in the Cloud
Cloud Security Architectures
Outline
DAY ONE
Cloud Concepts
What is Cloud Computing?
Why is everyone moving to the Cloud?
Cloud computing model
Infrastructure, Platform and Software as a Service
Boundaries and responsibilities
Cloud reference architecture
Cloud Security Frameworks, Principles, Patterns and Certifications
Security Principles
Separation and layers as security controls
Cloud Security Alliance (CSA) Cloud Control Matrix
GOV.UK Cabinet Office and NCSC Cloud Security Principles
Security Architecture Frameworks
Security Architecture Patterns
Cloud Security Architecture Patterns
Trusted Cloud Initiative Reference Architecture
Cloud Security Certifications
AWS Security Technologies
EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
Availability zones and regions
Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
Security Implications of Elastic Load Balancing (ELB) and auto-scaling
Security Groups, Flow Logs, S3, ACLs and subnet routing
AWS Config, CloudTrail, CloudWatch, Trusted Advisor
IPSec VPN options: AWS VPNs, third party solutions
AWS CloudFront, Web Application Firewall and Certificate Manager
Vulnerability management using AWS Inspector
AWS Key Management Service (KMS) and CloudHSM
AWS Identity and Access Management (IAM)
AWS Security Lab
Hands on lab providing practical experience of implementing and using AWS security technologies
Microsoft Azure and Office 365
Azure platform security architecture
Azure Virtual Networks
Azure network security best practices
Azure data security and encryption best practices
Azure Active Directory
Federated identity and Single Sign On
Azure Multi-factor authentication
Azure Key Vault
Azure Virtual Machine encryption
Microsoft Antimalware for Azure Cloud Services and Virtual Machines
Azure Security Center
Office 365 Service Architectures
Office 365 security across physical, logical and data layers
Office 365 email encryption options
Exchange Online Protection
GOV.UK Microsoft Office Security Guidance
DAY TWO
Microsoft Azure Security Lab
Hands on lab providing practical experience of implementing and using
Microsoft Azure security technologies
Google Apps for Work
Google Apps for Work applications and architectures
Integration with corporate directories
Single sign-on to enforce use of corporate devices and threat prevention
GOV.UK Google Apps for Work Security Guidance
Google Admin Console
Google Authenticator
Organisational Units
Administrative roles
Data privacy opt-in
Automation
Cloud service provider automation tools
Terraform by Hashicorp
Hardened build images
Vault by Hashicorp
Patching and update strategies
DevSecOp
Assurance
Centre for Internet Security (CIS) Foundation Benchmarks
Penetration tests of cloud environments
External audit and configuration review
Data Protection and Compliance
Personally Identifiable Information (PII) and Personal Data
UK Data Protection Act and Information Commissioner’s Office (ICO)
European Union (EU) Data Protection Directive
EU General Data Protection Regulation (GDPR)
Cyber Essentials Plus
Cloud Security Alliance STAR
PCI DSS
AICPA SOC3 (formerly SAS70)
ISO 27001
Cloud Security Architectures
Cloud security architecture patterns and templates
Scenario requirement
Develop security architecture in groups