Cloud Security

This course module provides end-to-end coverage of fundamental cloud computing topics as they pertain to both technology and business considerations. The module content is divided into a series of modular sections, each of which is accompanied by one or more hands-on exercises.

‍

Fundamental Cloud Computing Terminology and Concepts

‍

Basics of Virtualization

‍

Specific Characteristics that Define a Cloud

‍

Understanding Elasticity, Resiliency, On-Demand and Measured Usage

‍

Benefits, Challenges and Risks of Contemporary Cloud Computing Platforms and Cloud Services

‍

Cloud Resource Administrator and Cloud Service Owner Roles

‍

Cloud Service and Cloud Service Consumer Roles

‍

Understanding the IaaS, PaaS, SaaS Cloud Delivery Model

‍

Combining Cloud Delivery Models

‍

Public Cloud, Private Cloud, Hybrid Cloud and Community Cloud Deployment Models

‍

Business Cost Metrics and Formulas for Comparing and Calculating Cloud and On-Premise Solution Costs

‍

Formulas for Calculating and Rating SLA Quality of Service Characteristics

This course module explores a range of the most important and relevant technology-related topics that pertain to contemporary cloud computing platforms. The module content does not get into implementation or programming details, but instead keeps coverage at a conceptual level, focusing on topics that address cloud service architecture, cloud security threats and technologies, virtualization and containerization.

‍

Cloud Computing Mechanisms that Establish Architectural Building Blocks

‍

Virtual Servers, Containers, Ready-Made Environments, Failover Systems and Pay-Per-Use Monitors

‍

Automated Scaling Listeners, Multi-Device Brokers and Resource Replication

‍

Understanding How Individual Cloud Computing Mechanisms Support Cloud Characteristics

‍

An Introduction to Containerization, Container Hosting and Logical Pod Containers

‍

A Comparison of Containerization and Virtualization

‍

Cloud Balancing and Cloud Bursting Architectures

‍

Common Risks, Threats and Vulnerabilities of Cloud-based Services and Cloud-hosted Solutions

‍

Cloud Security Mechanisms used to Counter Threats and Attacks

‍

Understanding Cloud-Based Security Groups and Hardened Virtual Server Images
‍

Cloud Service Implementation Mediums (including Web Services and REST Services)

‍

Cloud Storage Benefits and Challenges, Cloud Storage Services, Technologies and Approaches

‍

Non-Relational (NoSQL) Storage Compared to Relational Storage

‍

Cloud Service Testing Considerations and Testing Types

‍

Service Grids and Autonomic Computing

‍

Cloud Computing Industry Standards Organizations

This foundational course module provides a well-rounded, end-to-end presentation of essential techniques, mechanisms, patterns and industry technologies for establishing cloud-based security controls and security architectures. The cloud security fundamentals covered in Module 2 are continued by introducing threat categorizations and new cloud security mechanisms.

‍

Cloud Security Basics

‍

Common Cloud Security Mechanisms

‍

Cloud Security Threats

‍

Cloud Security Threat Categorization Methodology

‍

Identification and Treatment of Common Threats

‍

Cloud Network Security Patterns and Supporting Mechanisms

‍

Securing Network Connections and Cloud Authentication Gateways

‍

Collaborative Monitoring and Logging

‍

Independent Cloud Auditing

‍

Cloud Identity and Access Management Patterns and Supporting Mechanisms

‍

Federating and Enabling Secure Interoperability among Cloud Consumers

‍

Trust Assurance Patterns and Supporting Mechanisms

‍

Trust Attestation and Establishing Trustworthiness

This advanced course module covers cloud security mechanisms and architectural design patterns that address data and access control security for virtual machines, as well as trust boundaries, geotagging and BIOS security. The course module also explains common methods used by attackers to breach organizational resources and provides a methodology for countering such attacks. The module concludes by demonstrating the relationship between threats, attacks, and risks via threat modeling.

‍

Cloud Service Security Patterns and Supporting Mechanisms

‍

Virtual Machine Platform Protection Patterns

‍

Considerations for Setting Up Secure Ephemeral Perimeters

‍

Trusted Cloud Resource Pools and Cloud Resource Access Control

‍

Permanent Data Access Loss Protection

‍

Cloud Data Breach Protection

‍

Isolated Trust Boundaries

‍

The Attack Lifecycle and the Security Lifecycle

‍

Proactive Mitigation vs. Incidence Response

‍

Threats, Vulnerabilities, Impacts from Exploitation

‍

Threat Modeling, Threats and Mitigations

This course module presents participants with a series of exercises and problems that are designed to test their ability to apply their knowledge of topics covered in previous modules. Completing this lab will help highlight areas that require further attention and will help prove proficiency in cloud computing security practices, mechanisms and architectural patterns as they are applied and combined to solve real-world problems.

‍

Reading Exercise 9.1: Case Study Background IAM in the Cloud

‍

Lab Exercise 9.2: Cloud Identity and Access Management (IAM) Environment Setup

‍

Lab Exercise 9.3: PKI in the Cloud

‍

Lab Exercise 9.4: Budget Banking Data Breach

‍

Lab Exercise 9.5: Cloud Data Encryption and Key Management

‍

Lab Exercise 9.6: ACE Telecommunications Move to the Cloud

‍

Lab Exercise 9.7: Cloud Service Protection Architecture

‍

Reading Exercise 9.8: Case Study Background Big Box Retailer Breach

‍

Lab Exercise 9.9: Networking Security