Modern applications need scalable and maintainable backends that can guarantee a high level of availability and allow operations at the terabyte scale that are only possible in the public cloud. This has created another infrastructure frontier that must be secured and continuously protected. Cloud accounts, users and resources present unique security challenges due to the limited security visibility, the scale of the resources and data streams involved and the possibility of complete account takeover, which would have catastrophic consequences for most organizations.
The Practical Introduction to Cloud Security is a 2-day course that attempts to present an overview of the most critical security aspects in the major public cloud providers. AWS, Azure and GCP will all be covered, but AWS will be highlighted due to the inherent complexity of its security and IAM model. The course includes multiple practical exercises and demonstrations representing common or dangerous vulnerabilities in cloud configurations. Attention will be given to the AICPA SOC2 Security technical controls relevant to the Cloud Security topics in the course.
The goal of the training is to enable participants to:
- Be aware of common vulnerabilities and misconfigurations that could result in cloud breaches
- Know the basic cloud security principles and how to apply them when designing a new, or securing an existing application
- Make use of the native and external security tools to ensure visibility and maintainability of the security processes
- Specifics of the Cloud – differences between on-prem and cloud, IaaS vs PaaS vs SaaS in terms of security, shared responsibility model, etc.
- Core Security Model – IAM, principals and resources, roles and policies, tools for managing access control
- Common Security Concerns – at-rest encryption, backup, transfer security configuration, network design
- Network and Compute Security – security groups/ACLs, attaching identities to Compute resources
- Security monitoring – audit trails, network flow logs, cloud security interfaces
- Native and external security tools – IAM, vulnerability management, anomaly detection, etc.
- Operationalizing cloud security – standard flows, processes, typical Cloud Security-related tasks, industry-standard software capabilities
- Senior developers/software architects that need a deep understanding of the cloud security models and requirements while designing applications
- Cloud Admin/DevOps/DevSecOps/SRE professionals that need insight on how to manage and operate security in the cloud
- CIOs/CISOs that need a high-level introduction to Cloud Security to better manage interactions between SOC, Infra, Engineering and GRC teams
Certificate: Upon successful completion of the course attendees will receive a certificate from ESI CEE.