Cloud Security Essentials

More businesses than ever are moving sensitive data and shifting mission-critical workloads to the cloud, and not just to one cloud service provider (CSP). Something that is unclear to many, is that organizations are still responsible for securing their data and mission-critical applications in the cloud. The benefits in terms of cost and speed of leveraging a multi cloud platform to develop and accelerate delivery of business applications and analyze customer data can quickly be reversed if security professionals are not properly trained to secure the organization’s cloud environment and investigate and respond to the inevitable security breaches. New technologies introduce new risks. Th cloud security course helps your organization successfully navigate both the security challenges and opportunities presented by cloud services.

Course Key Learnings

• Navigate your organization through the security challenges and opportunities presented by cloud services
• Identify the risks of the various services offered by cloud service providers (CSPs)
• Select the appropriate security controls for a given cloud network security architecture
• Evaluate CSPs based on their documentation, security controls, and audit reports
• Confidently use the services of any of the leading CSPs
• Protect secrets used in cloud environments
• Leverage cloud logging capabilities to establish accountability for events that occur in the cloud environment
• Identify the risks and risk control ownership based on the deployment models and service delivery models of the various products offered by cloud service providers (CSPs)
• Evaluate the trustworthiness of CSPs based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem
• Secure access to the consoles used to access the CSP environments
• Implement network security controls that are native to both AWS and Azure
• Follow the penetration testing guidelines put forth by AWS and Azure to invoke your “inner red teamer” to compromise a full stack cloud application

BUSINESS TAKEAWAYS

• Understand the current cloud deployment
• Protect cloud-hosted workloads, services, and virtual machines
• Cost-effectively select appropriate services and configure properly to adequately defend cloud resources
• Get in front of common security misconfigurations BEFORE they are implemented in the cloud
• Ensure business is aligning to industry regulations and laws when operating in the cloud
• Decrease adversary dwell time in compromised cloud deployments

Course Content:

Module1:  Identity and Access Management (IAM)

Overview

The first section of this cloud security course will set the stage for the course and then dive straight into all things Identity and Access Management (IAM). Students will learn very quickly that IAM arguably plays the most important role (no pun intended) in protecting the organization’s cloud account. After this section, students will be able to:

• Identify security holes in their cloud account’s IAM service
• Understand what it takes to implement cloud accounts which follow the concept of least privilege access
• Discover and protect various secrets related to cloud service authentication
• Use cloud vendor-provided IAM analysis tools to automate the discovery of any security shortcomings

Exercises

• New Cloud Users
• Permissions Boundaries
• Cloud Management Station
• Deploy CD/CA Environment

Topics

• Course Overview
• Cloud Accounts and Groups
• Policies and Permissions
• Identity Guardrails
• Temporary Credentials and Secrets Management
• Cloud Resource and External Identities
• Customer Account Management
• More IAM Best Practices

Module2: Compute and Configuration Management

Overview

The second section will cover ways to protect the compute elements in cloud providers’ Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings. Students will determine early on that there is much more complexity when launching instances or virtual machines in the cloud as opposed to on-premises. As the section progresses, students will learn to:

• Securely deploy a compute instance/virtual machine in CSP environments
• Maintain the running instance throughout its lifecycle
• Create hardened images for re-use in the organization
• Understand the various threats that could affect cloud-based applications
• Lock down cloud storage to prevent spillage of sensitive information

Exercises

• Secure Instance Deployment
• Threat Intelligence Gold Image
• Which Reality
• Blob Lock Down

Topics

• Secure Instance/ Virtual Machine Deployment
• Host Configuration Management
• Image Management
• Application Security
• Threat Modeling
• Platform as a Service (PaaS) and Software as a Service (SaaS) Challenges
• Container Services
• Cloud Storage

Module3: Data Protection and Automation

Overview

The third section will first focus on the protection of data in cloud environments. All too often, we are reading news articles about breaches that, very frequently, come down to a misconfiguration of a cloud service. Students will learn just what to look out for regarding these misconfiguration as well as:

• How to properly identify and classify their organization’s data in various cloud services
• Encrypt data where it resides and as it traverses networks
• Ensure the data is available when it is required
• Leverage Infrastructure as Code (IaC) not only to automate operations, but also automate security configurations
• Identify gaps in cloud-based productivity services
• Learn how Cloud Access Security Broker (CASB), Cloud Workload Protection Platform (CWPP), and Cloud Security Posture Management (CSPM) tools operate and what benefit they may add to the organization

Exercises

• Data Hunting
• Data in Transit Encryption
• Terraform Code Assessment
• Cloud Custodian

Topics

• Data Classification
• Data at Rest Encryption
• Availability
• Data in Transit
• Lifecycle Management
• Infrastructure as Code
• Productivity Services
• CASBs, CWPPs, and CSPMs… Oh My!

Module4:Networking and Logging

Overview

Section 4 is where many network security analysts, engineers, and architects will begin salivating as they will do a deep dive into the ins and outs of cloud networking and log generation, collection, and analysis to set themselves up for success to defend their IaaS workloads. Students will learn to:

• Learn how to control cloud data flows via network controls
• Add segmentation between compute resources of varying sensitivity levels
• Generate the proper logs, collect those logs, and process them as a security analyst
• Increase the effectiveness of their security solutions by gaining more network visibility
• Detect treats in real time as they occur in the cloud

Exercises

• Restricting Network Access
• Web Application Firewall (WAF)
• Cloud Services Logging
• IaaS Logging

Topics

• Public Cloud Networking
• Remote Management of IaaS Systems
• Segmentation
• Network Protection Services
• Cloud Logging Services
• Log Collection and Analysis
• Network Visibility

Module5: Compliance, Incident Response, and Penetration Testing

Overview

In the fifth section, we’ll dive headfirst into compliance frameworks, audit reports, privacy, and eDiscovery to equip you with the information and references to ensure that the right questions are being asked during CSP risk assessments. After covering special-use cases for more restricted requirements that may necessitate the AWS GovCloud or Azure’s Trusted Computing, we’ll delve into penetration testing in the cloud and finish the day with incident response and forensics. Student will learn to:

• Leverage the Cloud Security Alliance Cloud Controls Matrix to select the appropriate security controls for a given cloud network security architecture and assess a CSP’s implementation of those controls using audit reports and the CSP’s shared responsibility model
• Use logs from cloud services and virtual machines hosted in the cloud to detect a security incident and take appropriate steps as a first responder according to a recommended incident response methodology
• Perform a preliminary forensic file system analysis of a compromised virtual machine to identify indicators of compromise and create a file system timeline

Exercises

• Microsoft Defender for Cloud
• Fun With Functions
• Multi-Cloud Penetration Testing
• Multi-Cloud Forensics

Topics

• Security Assurance
• Cloud Auditing
• Privacy and Risk Management
• Serverless for Defenders
• Preparing for Cloud Penetration Tests
• Conducting Cloud Penetration Tests
• Legal and Contractual Requirements
• Incident Response and Forensics

Module6: CloudWars

Overview

This final section of this cloud security training course consists of an all-day, CloudWars competition to reinforce the topics covered in books 1-5. Through this friendly competition, students will answer several challenges made up of multiple choice, fill-in-the-blank, as well as hands-on and validated exercises performed in two CSP environments. They will be given a brand-new environment to deploy in two different cloud vendors and will be tasked to take this very broken environment and make the appropriate changes to increase its overall security posture.

Who Should Attend

Join online class Call WhatsApp 0337-7222191, 0331-3929217, 0312-2169325