0845 450 6120

Cloud Security Architecture

This two day course provides an introduction to Cloud Security Architecture.

The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures.

We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. The course is delivered through presentations, discussions, and practical demonstrations.

You will gain practical hands-on experience of implementing and using technical security controls in labs based on services from leading cloud service providers, and consolidate learning in a group workshop to develop a cloud security architecture, based on a realistic scenario.

Learning Objectives

  • Cloud Security Frameworks, Principles, Patterns and Certifications
  •   AWS Security Technologies
  •   AWS Security Labs
  •   Microsoft Azure and Office 365 Security Architecture
  •   Microsoft Azure Security Lab
  •   Google Apps for Work
  •   Automation in the Cloud
  •   Assurance in the Cloud
  •   Data Protection and Compliance in the Cloud
  •   Cloud Security Architectures

Pre-Requisites

This course is aimed at Security Architects working in sectors such as Government and Finance where data protection and cyber-security are particular concerns, who are looking to develop secure architectures for the implementation of applications and systems in commodity cloud environments.

An understanding of security architecture, risk management and a basic technical knowledge of computers and networks is assumed. Experience of using cloud services is helpful but not essentials.

Course Content

DAY ONE

Cloud Concepts

  •   What is Cloud Computing?
  •   Why is everyone moving to the Cloud?
  •   Cloud computing model
  •   Infrastructure, Platform and Software as a Service
  •   Boundaries and responsibilities
  •   Cloud reference architecture

Cloud Security Frameworks, Principles, Patterns and Certifications

  •   Security Principles
  •   Separation and layers as security controls
  •   Cloud Security Alliance (CSA) Cloud Control Matrix
  •   GOV.UK Cabinet Office and NCSC Cloud Security Principles
  •   Security Architecture Frameworks
  •   Security Architecture Patterns
  •   Cloud Security Architecture Patterns
  •   Trusted Cloud Initiative Reference Architecture
  •   Cloud Security Certifications

AWS Security Technologies

  •   EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
  •   Availability zones and regions
  •   Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
  •   Security Implications of Elastic Load Balancing (ELB) and auto-scaling
  •   Security Groups, Flow Logs, S3, ACLs and subnet routing
  •   AWS Config, CloudTrail, CloudWatch, Trusted Advisor
  •   IPSec VPN options: AWS VPNs, third party solutions
  •   AWS CloudFront, Web Application Firewall and Certificate Manager
  •   Vulnerability management using AWS Inspector
  •   AWS Key Management Service (KMS) and CloudHSM
  •   AWS Identity and Access Management (IAM)

AWS Security Lab

  •   Hands on lab providing practical experience of implementing and using AWS security technologies

Microsoft Azure and Office 365

  •   Azure platform security architecture
  •   Azure Virtual Networks
  •   Azure network security best practices
  •   Azure data security and encryption best practices
  •   Azure Active Directory
  •   Federated identity and Single Sign On
  •   Azure Multi-factor authentication
  •   Azure Key Vault
  •   Azure Virtual Machine encryption
  •   Microsoft Antimalware for Azure Cloud Services and Virtual Machines
  •   Azure Security Center
  •   Office 365 Service Architectures
  •   Office 365 security across physical, logical and data layers
  •   Office 365 email encryption options
  •   Exchange Online Protection
  •   GOV.UK Microsoft Office Security Guidance

DAY TWO

Microsoft Azure Security Lab

  •   Hands on lab providing practical experience of implementing and using
  •   Microsoft Azure security technologies

Google Apps for Work

  •   Google Apps for Work applications and architectures
  •   Integration with corporate directories
  •   Single sign-on to enforce use of corporate devices and threat prevention
  •   GOV.UK Google Apps for Work Security Guidance
  •   Google Admin Console
  •   Google Authenticator
  •   Organisational Units
  •   Administrative roles
  •   Data privacy opt-in

Automation

  •   Cloud service provider automation tools
  •   Terraform by Hashicorp
  •   Hardened build images
  •   Vault by Hashicorp
  •   Patching and update strategies
  •   DevSecOp
  •   Assurance
  •   Centre for Internet Security (CIS) Foundation Benchmarks
  •   Penetration tests of cloud environments
  •   External audit and configuration review

Data Protection and Compliance

  •   Personally Identifiable Information (PII) and Personal Data
  •   UK Data Protection Act and Information Commissioner’s Office (ICO)
  •   European Union (EU) Data Protection Directive
  •   EU General Data Protection Regulation (GDPR)
  •   Cyber Essentials Plus
  •   Cloud Security Alliance STAR
  •   PCI DSS
  •   AICPA SOC3 (formerly SAS70)
  •   ISO 27001

Cloud Security Architectures

  •   Cloud security architecture patterns and templates
  •   Scenario requirement
  •   Develop security architecture in groups
  •   Present back to wider group, review and discuss

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include