About the course
Cloud Security Architecture and Operations
Cyber Security Training in Zurich 2019
SANS is recognised around the world as the best place to develop the deep, hands-on cyber security skills most needed right now. Join us for SANS Zurich (February 18-23) for immersion training that will provide you with the skills to defend your organisation against security breaches and prevent future attacks.
All SANS courses are world-class cyber security courses, but every event we like to choose a course and ask the instructors to give a bit more insight into the course.
Take advantage of these opportunities to get the most of your training:
Distinguish yourself as an information security leader by preparing for your GIAC Certification.
Network with like-minded security professionals facing similar challenges.
Attend evening bonus sessions led by SANS instructors and gain insight into the latest cyber security topics.
Extend your SANS course by four months with an OnDemand Bundle.
Our mission at SANS is to deliver cutting-edge information security knowledge and skills to all students in order to protect people and assets. At the heart of everything we do is the SANS Promise: Students will be able to use the new skills they have learned as soon as they return to work. See that promise in action at SANS Zurich 2019.
As more organizations move data and infrastructure to the cloud, security is becoming a major priority. Operations and development teams are finding new uses for cloud services, and executives are eager to save money and gain new capabilities and operational efficiency by using these services. But, will information security prove to be an Achilles' heel? Many cloud providers do not provide detailed control information about their internal environments, and quite a few common security controls used internally may not translate directly to the public cloud.
Instructor: Dave Shackleford
The SEC545 course, Cloud Security Architecture and Operations, will tackle these issues one by one. We'll start with a brief introduction to cloud security fundamentals, and then cover the critical concepts of cloud policy and governance for security professionals. For the rest of day one and all of day two, we'll move into technical security principles and controls for all major cloud types (SaaS, PaaS, and IaaS). We'll learn about the Cloud Security Alliance framework for cloud control areas, then delve into assessing risk for cloud services, looking specifically at technical areas that need to be addressed.
The course then moves into cloud architecture and security design, both for building new architectures and for adapting tried-and-true security tools and processes to the cloud. This will be a comprehensive discussion that encompasses network security (firewalls and network access controls, intrusion detection, and more), as well as all the other layers of the cloud security stack. We'll visit each layer and the components therein, including building secure instances, data security, identity and account security, and much more. We'll devote an entire day to adapting our offense and defense focal areas to cloud. This will involve looking at vulnerability management and pen testing, as well as covering the latest and greatest cloud security research. On the defense side, we'll delve into incident handling, forensics, event management, and application security.
We wrap up the course by taking a deep dive into SecDevOps and automation, investigating methods of embedding security into orchestration and every facet of the cloud life cycle. We'll explore tools and tactics that work, and even walk through several cutting-edge use cases where security can be automated entirely in both deployment and incident detection-and-response scenarios using APIs and scripting.
SEC545.1: Cloud Security Foundations
SEC545.2: Core Security Controls for Cloud Computing
SEC545.3: Cloud Security Architecture and Design
SEC545.4: Cloud Security - Offense and Defense
SEC545.5: Cloud Security Automation and Orchestration