Cloud Security Architecture

This two day course provides an introduction to Cloud Security Architecture. The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures.

Difficulty
Rating
2days
Duration
1450,00 
+ VAT
Dates:
Location:
Register before
Spoken language: English

We are sorry, but the course is already full, please try with another date or location.

Agenda

Overview

This two day course provides an introduction to Cloud Security Architecture.

The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures.

We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. The course is delivered through presentations, discussions, and practical demonstrations.

You will gain practical hands-on experience of implementing and using technical security controls in labs based on services from leading cloud service providers, and consolidate learning in a group workshop to develop a cloud security architecture, based on a realistic scenario.

Objectives

  • Cloud Security Frameworks, Principles, Patterns and Certifications
  • AWS Security Technologies
  • AWS Security Labs
  • Microsoft Azure and Office 365 Security Architecture
  • Microsoft Azure Security Lab
  • Google Apps for Work
  • Automation in the Cloud
  • Assurance in the Cloud
  • Data Protection and Compliance in the Cloud
  • Cloud Security Architectures

Outline

DAY ONE

Cloud Concepts

  • What is Cloud Computing?
  • Why is everyone moving to the Cloud?
  • Cloud computing model
  • Infrastructure, Platform and Software as a Service
  • Boundaries and responsibilities
  • Cloud reference architecture

Cloud Security Frameworks, Principles, Patterns and Certifications

  • Security Principles
  • Separation and layers as security controls
  • Cloud Security Alliance (CSA) Cloud Control Matrix
  • GOV.UK Cabinet Office and NCSC Cloud Security Principles
  • Security Architecture Frameworks
  • Security Architecture Patterns
  • Cloud Security Architecture Patterns
  • Trusted Cloud Initiative Reference Architecture
  • Cloud Security Certifications

AWS Security Technologies

  • EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
  • Availability zones and regions
  • Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
  • Security Implications of Elastic Load Balancing (ELB) and auto-scaling
  • Security Groups, Flow Logs, S3, ACLs and subnet routing
  • AWS Config, CloudTrail, CloudWatch, Trusted Advisor
  • IPSec VPN options: AWS VPNs, third party solutions
  • AWS CloudFront, Web Application Firewall and Certificate Manager
  • Vulnerability management using AWS Inspector
  • AWS Key Management Service (KMS) and CloudHSM
  • AWS Identity and Access Management (IAM)

AWS Security Lab

  • Hands on lab providing practical experience of implementing and using AWS security technologies

Microsoft Azure and Office 365

  • Azure platform security architecture
  • Azure Virtual Networks
  • Azure network security best practices
  • Azure data security and encryption best practices
  • Azure Active Directory
  • Federated identity and Single Sign On
  • Azure Multi-factor authentication
  • Azure Key Vault
  • Azure Virtual Machine encryption
  • Microsoft Antimalware for Azure Cloud Services and Virtual Machines
  • Azure Security Center
  • Office 365 Service Architectures
  • Office 365 security across physical, logical and data layers
  • Office 365 email encryption options
  • Exchange Online Protection
  • GOV.UK Microsoft Office Security Guidance

DAY TWO

Microsoft Azure Security Lab

  • Hands on lab providing practical experience of implementing and using
  • Microsoft Azure security technologies

Google Apps for Work

  • Google Apps for Work applications and architectures
  • Integration with corporate directories
  • Single sign-on to enforce use of corporate devices and threat prevention
  • GOV.UK Google Apps for Work Security Guidance
  • Google Admin Console
  • Google Authenticator
  • Organisational Units
  • Administrative roles
  • Data privacy opt-in

Automation

  • Cloud service provider automation tools
  • Terraform by Hashicorp
  • Hardened build images
  • Vault by Hashicorp
  • Patching and update strategies
  • DevSecOp
  • Assurance
  • Centre for Internet Security (CIS) Foundation Benchmarks
  • Penetration tests of cloud environments
  • External audit and configuration review

Data Protection and Compliance

  • Personally Identifiable Information (PII) and Personal Data
  • UK Data Protection Act and Information Commissioner’s Office (ICO)
  • European Union (EU) Data Protection Directive
  • EU General Data Protection Regulation (GDPR)
  • Cyber Essentials Plus
  • Cloud Security Alliance STAR
  • PCI DSS
  • AICPA SOC3 (formerly SAS70)
  • ISO 27001

Cloud Security Architectures

  • Cloud security architecture patterns and templates
  • Scenario requirement
  • Develop security architecture in groups
  • Present back to wider group, review and discuss

Prerequisites

This course is aimed at Security Architects working in sectors such as Government and Finance where data protection and cyber-security are particular concerns, who are looking to develop secure architectures for the implementation of applications and systems in commodity cloud environments.

An understanding of security architecture, risk management and a basic technical knowledge of computers and networks is assumed. Experience of using cloud services is helpful but not essentials.

Agenda

Places left:
No participant limit
-
1450,00  + VAT