Cloud Security and Privacy

This course is divided into three modules

Module 1: Fundamental Cloud Security

This foundational course provides a well-rounded, end-to-end presentation of essential techniques, patterns and industry technologies for establishing cloud-based security controls and security architectures. The cloud security fundamentals covered in Module 2 are continued by introducing threat categorizations and new cloud security mechanisms. The course then delves into a series of cloud security patterns that explore a variety of topics, including cloud network security, identity and access management, and trust assurance. The following primary topics are covered:

  • Cloud Security Basics and Common Cloud Security Mechanisms
  • Cloud Security Threats and Threat Categorization Methodology
  • Identification and Treatment of Common Threats
  • Cloud Network Security Patterns and Supporting Mechanisms
  • Securing Network Connections and Cloud Authentication Gateways
  • Collaborative Monitoring and Logging, Independent Cloud Auditing
  • Cloud Identity and Access Management Patterns and Supporting Mechanisms
  • Federating and Enabling Secure Interoperability among Cloud Consumers
  • Trust Assurance Patterns and Supporting Mechanisms
  • Trust Attestation and Establishing Trustworthiness

Module 2: Advanced Cloud Security

This advanced course covers cloud security mechanisms and architectural design patterns that address data and access control security for virtual machines, as well as trust boundaries, geotagging and BIOS security. The course also explains common methods used by attackers to breach organizational resources and provides a methodology for countering such attacks. The course concludes by demonstrating the relationship between threats, attacks, and risks via threat modeling. The following primary topics are covered:

  • Cloud Service Security Patterns and Supporting Mechanisms
  • Virtual Machine Platform Protection Patterns
  • Considerations for Setting Up Secure Ephemeral Perimeters
  • Trusted Cloud Resource Pools and Cloud Resource Access Control
  • Permanent Data Access Loss Protection and Cloud Data Breach Protection
  • Isolated Trust Boundaries
  • The Attack Life cycle and the Security Life cycle
  • Proactive Mitigation vs. Incidence Response
  • Threats, Vulnerabilities, Impacts from Exploitation
  • Threat Modeling, Threats and Mitigation
  • Module 3: Cloud Security Lab

As a continuation of Modules 1 and 2, this lab-style course provides a series of hands-on exercises that enable participants to apply their knowledge. Participants will apply different combinations of cloud security patterns and mechanisms in order to complete a series of exercises pertaining to solving cloud security, risk, compliance and asset protection-related scenarios and problems.