25,000+ Courses Nationwide
0345 4506120

APMG Practitioner Certificate in Cloud Security

Course Details

Name APMG Practitioner Certificate in Cloud Security
Virtual Classroom
Start Date:
Working Days:
£2049.00 +vat
Course ID:
P Premium Features


Special Notices

Attendees are recommended to bring a smartphone or tablet upon which they can install apps: several labs use Multi-Factor Authentication (MFA) technologies and benefit from an app such as Google or Microsoft's 'Authenticator' app.

This course is not suited for customer sites where the use of portable electronic devices (e.g. smartphones, tablets) are restricted, as the trainer will require these to manage the cloud environment.

This five day Certified Cloud Security Practitioner course is focused on Cloud Security, encompassing Cloud Security Architecture, DevSecOps, Data and Assurance aspects, Governance, Cloud Security Operations and Web Application Security.

The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures.

We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. Containers and serverless architectures will be introduced and their security implications reviewed. Agile DevOps methodologies will be covered and the use of a Continuous Integration Pipeline for security improvements, validation and testing.

The course is delivered through presentations, discussions, practical demonstrations and 'hands-on' labs. You will gain practical hands-on experience of implementing and using cloud technologies and technical security controls in labs based on services from leading cloud service providers AWS and Microsoft, and consolidate learning in group workshops to develop cloud security architectures, based on realistic scenarios.

Target Audience

This course is aimed at technical and security specialists looking to develop and operate secure applications and systems using an agile DevOps methodology with fully automated deployments to cloud environments.

What's Included:


Exam voucher

Learning Objectives

Delegates will learn about the following topics:

  • Cloud Concepts
  • Virtualisation
  • Cloud Security Frameworks, Principles, Patterns and Certifications
  • AWS Security Technologies
  • Microsoft Azure and Office 365
  • Google Cloud Platform and G Suite
  • Assurance
  • Data Protection and Compliance
  • Containers
  • Web Application Security
  • Cloud Identity Services
  • Serverless
  • Cloud Security as a Service
  • Automation
  • Continuous Integration Pipeline
  • DevSecOps


There are no pre-requisites. However, we recommend that all delegates have an understanding of the general technologies, for example Operating Systems and Networking and Security principles. Experience of using cloud services and security technologies is helpful but not essential.

For those delegates looking for some pre-course general cloud security background, guidance and organisational compliance, the NCSC cloud security collection is probably the single best resource.

Course Content



  •   Introductions
  •   Objectives of course
  •   Agenda

Cloud Concepts

  •   What is Cloud Computing?
  •   Why is everyone moving to the Cloud?
  •   Cloud computing model
  •   Infrastructure, Platform and Software as a Service
  •   Boundaries and responsibilities
  • Cloud Service Providers – Gartner Magic Quadrant(s)
  •   Cloud reference architectures


  •   Overview of different virtualisation technologies and types covering storage, networks and systems.

Cloud Security Frameworks, Principles, Patterns and Certifications

  •   Security Principles
  •   Separation and layers as security controls
  •   Cloud Security Alliance (CSA) Cloud Control Matrix
  •   GOV.UK Cabinet Office and NCSC Cloud Security Principles
  •   Security Architecture Frameworks
  •   Security Architecture Patterns
  •   Cloud Security Architecture Patterns
  •   Trusted Cloud Initiative Reference Architecture
  •   Cloud Security Certifications

AWS Security Technologies

  •   EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
  •   Availability zones and regions
  •   Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
  •   Security Implications of Elastic Load Balancing (ELB) and auto-scaling
  •   Security Groups, Flow Logs, S3, ACLs and subnet routing
  •   AWS Config, CloudTrail, CloudWatch, Trusted Advisor
  •   IPSec VPN options: AWS VPNs, third party solutions
  •   AWS CloudFront, Web Application Firewall and Certificate Manager
  •   Vulnerability management using AWS Inspector
  •   AWS Key Management Service (KMS) and CloudHSM
  •   AWS Identity and Access Management (IAM)
  •   Labs providing practical experience of implementing and using AWS security technologies


  •   End of day knowledge check – exam style questions


Microsoft Azure and Office 365

  •   Azure platform security architecture
  •   Azure Virtual Networks
  •   Azure network security best practices
  •   Azure data security and encryption best practices
  •   Azure Active Directory
  •   Federated identity and Single Sign On
  •   Azure Multi-factor authentication
  •   Azure Key Vault
  •   Azure Virtual Machine encryption
  •   Microsoft Antimalware for Azure Cloud Services and Virtual Machines
  •   Azure Security Center
  •   Office 365 Service Architectures
  •   Office 365 security across physical, logical and data layers
  •   Office 365 email encryption options
  •   Exchange Online Protection
  •   GOV.UK Microsoft Office Security Guidance
  •   Labs providing practical experience of implementing and using Microsoft Azure security technologies

Google Apps for Work

  •   Google Apps for Work applications and architectures
  •   Integration with corporate directories
  •   Single sign-on to enforce use of corporate devices and threat prevention
  •   GOV.UK Google Apps for Work Security Guidance
  •   Google Admin Console
  •   Google Authenticator
  •   Organisational Units
  •   Administrative roles
  •   Data privacy opt-in


  •   Centre for Internet Security (CIS) Foundation Benchmarks
  •   Penetration tests of cloud environments
  •   External audit and configuration review

Data Protection and Compliance

  •   Personally Identifiable Information (PII) and Personal Data
  •   UK Data Protection Act and Information Commissioner’s Office (ICO)
  •   European Union (EU) Data Protection Directive
  •   EU General Data Protection Regulation (GDPR)
  •   Cyber Essentials Plus
  •   Cloud Security Alliance STAR
  •   PCI DSS
  •   AICPA SOC3 (formerly SAS70)
  •   ISO 27001


  •   End of day knowledge check – exam style questions



  •   Concept of containers
  •   Docker
  •   Why development teams are moving to containers
  •   Security issues of containers
  •   Container security good practice
  •   CIS Benchmark for Docker and Docker Bench tool
  •   Orchestration – Kubernetes
  •   Security features of Kubernetes
  •   Orchestration – Docker Swarm
  •   Cloud Service Provider container platforms (AWS, Azure, Google)
  •   Container security solutions (e.g. Twistlock, NeuVector, AquaSecurity)
  •   Labs providing hands-on experience of Docker containers and potential security issues

Web Application Security

  •   OWASP Top 10
  •   Threat Modelling
  •   Secure Software Development Lifecycle

Cloud Identity Services

  •   SAML
  •   oAuth, oAuth 2.0 and OpenID Connect
  •   Cloud Identity Providers


  •   End of day knowledge check – exam style questions



  •   Concept of ‘serverless’
  • Pros and Cons
  •   AWS Lambda
  •   Step functions
  •   Dynamo DB
  •   SQS, SWS, S3
  •   Serverless application architecture
  •   Security implications
  •   Environment Variable encryption
  •   Azure Cloud Functions
  •   Google Cloud Functions
  •   Labs providing hands-on experience of Serverless architectures

Cloud Security as a Service

  •   Cloud Security Services
  •   Cloud analytics, e.g. Splunk Cloud
  •   Cloud security operations management, e.g. AlertLogic


  •   End of day knowledge check – exam style questions

Cloud Security Workshop

  •   Scenario requirement
  •   Develop security architecture in groups
  •   Present back to wider group, review and discuss



  •   Cloud service provider automation tools
  •   Terraform by Hashicorp
  •   Hardened build images
  •   Vault by Hashicorp
  •   Patching and update strategies
  •   DevSecOps

Continuous Integration Pipeline

  •   Continuous Integration Pipeline
  •   Automated environment testing
  •   Jenkins
  •   Security issues

DevSecOps Lab

  •   Hands-on experience of coding security improvements and automated deployments


  •   End of section quiz – exam style questions


  •   Independent APMG Certified Exam – 100 questions, 2 hours, pass mark 50%

Please note: all classroom-based courses are run on working days only unless otherwise stated.

Attend From Anywhere


How Attend from Anywhere works

Our ‘Attend from Anywhere’ courses allow you to access award-winning classroom training without leaving your home or office. We use WebEx web and video conferencing platform by Cisco. Before you book you should check to ensure you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings (if it doesn’t work you should adjust your settings or contact your IT department about permitting the website).

WebEx system requirements >

Run a WebEx test meeting >

  • Up to three weeks before the start of the course we will send you Joining Instructions by email.
  • You should enter ‘My Virtual Account’ to update your address for courseware and book a pre-test with a member of the Virtual Learning Team, who will check everything works.
  • 15 minutes before the course begins you should launch the software, connect your audio and familiarise yourself with the interface and how the virtual interactions work.
  • The course will be split into multiple sessions, with short breaks in between so you can stay focused and refreshed.
  • Throughout the course the learning professional will use an electronic whiteboard, which will transmit all the notes directly to your screen.
  • You can ask the learning professional a question at any time, either by simply speaking aloud through your microphone or by clicking the virtual ‘raise-a-hand’ button on the interface.
  • Towards the end of the course there will be plenty of time for detailed Q&As with the learning professional, just as if you were physically in the classroom.
  • Following the course you will be asked to complete a course evaluation form, which will allow you to give detailed feedback on your experience and help us to make future improvements.
  • For four weeks after the course has finished you will have on-demand access to helpful videos on the subject matter, and we may send you useful emails reminding you of the ‘Key Learning Points’.

Benefits of Attend from Anywhere

Access to experts

Receive full support from our subject-matter experts for the duration of your course.


Access your training from home, the office, or anywhere with internet access.


Save money on training and expenses like transport, hotels, meals and childcare.

* Please note that overseas customers may incur additional charges for postage of courseware.


Our technology makes our online courses the same high quality as our classroom training.


Reduce time out of the office and time spent travelling to and from training centres.


What equipment do I need for an Attend from Anywhere course?

You will need an internet-connected computer and a USB headset with an in-built mic to interact with the trainer. Two monitors are recommended; one to stream the video from the classroom and the other to display the interactive interface.

How reliable are Attend from Anywhere courses?

We use leading Cisco technology and our classrooms are specifically optimised to improve sound quality for remote attendees. We also offer a pre-test so you can test everything is working before the course starts.

How are remote attendees made to fell included?

Our trainers are specially trained on how to interact with remote attendees and our technology allows them to take over remote PCs. Our remote labs ensure all participants can take part in hands-on class exercises wherever they are.

What makes Attend from Anywhere courses cost effective?

Our technology makes our Attend from Anywhere courses the same high-quality experience as our classroom training, so we do not price them differently. However, organisations and individuals do make significant financial savings by booking this type of course when associated costs (such as travel, expenses, hotels, food and childcare) are factored in.

How can I take the exam remotely?

You may be able to take your exam via one of our accredited remote live proctors. Where this is not possible you may be issued with an exam voucher or required to attend a classroom in order to take the exam. Please contact us for specific details in relation to your course.

If you are able to take your exam remotely you need to book it before the course begins  and switch on a webcam to enable invigilation and show photo ID (please note that exam slots are subject to availability with the live proctors and may not be available during the week of the exam. Exam slots are booked on a first come first served basis).

Click here to test if your hardware is compatible


Exam Information - For Classroom based events:

Candidates will receive individual emails to access their AMPG GCT candidate portal, typically available two weeks post exam. If you experience any issues, please contact the APMG GCT technical help desk on 01494 4520450.


70 minutes


70, multiple choice (4 multiple choice answers only 1 of which is correct)

Pass Mark


Exam Information - For Attend from Anywhere events:

The (Attend from Anywhere) exam is a Proctor-U APMG exam for the Practitioner Certificate in Cloud Security, which will be taken by delegates in their own time after the course. Delegates will receive individual emails to access their AMPG GCT candidate portal, typically available two weeks post exam.

We work with the best