Practitioner Certificate In Cloud Security Duration: 5 Days
Course Overview
This five day Certified Cloud Security Practitioner course is focused on Cloud Security, encompassing Cloud Security Architecture, DevSecOps, Data and Assurance aspects, Governance, Cloud Security Operations and Web Application Security. The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures. We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. Containers and serverless architectures will be introduced and their security implications reviewed. Agile DevOps methodologies will be covered and the use of a Continuous Integration Pipeline for security improvements, validation and testing. The course is delivered through presentations, discussions, practical demonstrations and 'hands-on' labs. You will gain practical hands-on experience of implementing and using cloud technologies and technical security controls in labs based on services from leading cloud service providers (AWS, Google & Microsoft) and consolidate learning in a group workshop to develop a cloud security architecture, based on a realistic scenario.
Audience
This course is aimed at technical and security specialists looking to develop and operate secure applications and systems using an agile DevOps methodology with fully automated deployments to cloud environments.
Prerequisites
There are no pre-requisites. However, we recommend that all delegates have an understanding of the general technologies, for example Operating Systems and Networking and Security principles. Experience of using cloud services and security technologies is helpful but not essential.
Delegates will learn how to
Delegates will learn about the following topics:
Cloud Concepts
Virtualisation
Cloud Security Frameworks, Principles, Patterns and Certifications
AWS Security Technologies
Microsoft Azure and Office 365
Google Apps for Work
Assurance
Data Protection and Compliance
Containers
Delegates will learn about the following topics:
Web Application Security
Cloud Identity Services
Serverless
Cloud Security as a Service
Automation
Continuous Integration Pipeline
DevSecOps
Outline
DAY ONE
Introduction
Introductions
Objectives of course
Agenda
Cloud Concepts
What is Cloud Computing?
Why is everyone moving to the Cloud?
Cloud computing model
Infrastructure, Platform and Software as a Service
Boundaries and responsibilities
Cloud Service Providers – Gartner Magic Quadrant(s)
Cloud reference architectures
Virtualisation
Overview of different virtualisation technologies and types covering storage, networks and systems.
Cloud Security Frameworks, Principles, Patterns and Certifications
Security Principles
Separation and layers as security controls
Cloud Security Alliance (CSA) Cloud Control Matrix
GOV.UK Cabinet Office and NCSC Cloud Security Principles
Security Architecture Frameworks
Security Architecture Patterns
Cloud Security Architecture Patterns
Trusted Cloud Initiative Reference Architecture
Cloud Security Certifications
AWS Security Technologies
EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
Availability zones and regions
Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
Security Implications of Elastic Load Balancing (ELB) and auto-scaling
Security Groups, Flow Logs, S3, ACLs and subnet routing
AWS Config, CloudTrail, CloudWatch, Trusted Advisor
IPSec VPN options: AWS VPNs, third party solutions
AWS CloudFront, Web Application Firewall and Certificate Manager
Vulnerability management using AWS Inspector
AWS Key Management Service (KMS) and CloudHSM
AWS Identity and Access Management (IAM)
Labs providing practical experience of implementing and using AWS security technologies
Quiz
End of day knowledge check – exam style questions
DAY TWO
Microsoft Azure and Office 365
Azure platform security architecture
Azure Virtual Networks
Azure network security best practices
Azure data security and encryption best practices
Azure Active Directory
Federated identity and Single Sign On
Azure Multi-factor authentication
Azure Key Vault
Azure Virtual Machine encryption
Microsoft Antimalware for Azure Cloud Services and Virtual Machines
Azure Security Center
Office 365 Service Architectures
Office 365 security across physical, logical and data layers
Office 365 email encryption options
Exchange Online Protection
GOV.UK Microsoft Office Security Guidance
Labs providing practical experience of implementing and using Microsoft Azure security technologies
Google Apps for Work
Google Apps for Work applications and architectures
Integration with corporate directories
Single sign-on to enforce use of corporate devices and threat prevention
GOV.UK Google Apps for Work Security Guidance
Google Admin Console
Google Authenticator
Organisational Units
Administrative roles
Data privacy opt-in
Assurance
Centre for Internet Security (CIS) Foundation Benchmarks
Penetration tests of cloud environments
External audit and configuration review
Data Protection and Compliance
Personally Identifiable Information (PII) and Personal Data
UK Data Protection Act and Information Commissioner’s Office (ICO)
European Union (EU) Data Protection Directive
EU General Data Protection Regulation (GDPR)
Cyber Essentials Plus
Cloud Security Alliance STAR
PCI DSS
AICPA SOC3 (formerly SAS70)
ISO 27001
Quiz
End of day knowledge check – exam style questions
DAY THREE
Containers
Concept of containers
Docker
Why development teams are moving to containers
Security issues of containers
Container security good practice
CIS Benchmark for Docker and Docker Bench tool
Orchestration – Kubernetes
Security features of Kubernetes
Orchestration – Docker Swarm
Cloud Service Provider container platforms (AWS, Azure, Google)
Container security solutions (e.g. Twistlock, NeuVector, AquaSecurity)
Labs providing hands-on experience of Docker containers and potential security issues
Web Application Security
OWASP Top 10
Threat Modelling
Secure Software Development Lifecycle
Cloud Identity Services
SAML
oAuth, oAuth 2.0 and OpenID Connect
Cloud Identity Providers
Quiz
End of day knowledge check – exam style questions
DAY FOUR
Serverless
Concept of ‘serverless’
Pros and Cons
AWS Lambda
Step functions
Dynamo DB
SQS, SWS, S3
Serverless application architecture
Security implications
Environment Variable encryption
Azure Cloud Functions
Google Cloud Functions
Labs providing hands-on experience of Serverless architectures
Cloud Security as a Service
Cloud Security Services
Cloud analytics, e.g. Splunk Cloud
Cloud security operations management, e.g. AlertLogic
Quiz
End of day knowledge check – exam style questions
Cloud Security Workshop
Scenario requirement
Develop security architecture in groups
Present back to wider group, review and discuss
DAY FIVE
Automation
Cloud service provider automation tools
Terraform by Hashicorp
Hardened build images
Vault by Hashicorp
Patching and update strategies
DevSecOps
Continuous Integration Pipeline
Continuous Integration Pipeline
Automated environment testing
Jenkins
Security issues
DevSecOps Lab
Hands-on experience of coding security improvements and automated deployments
Quiz
End of section quiz – exam style questions
Exam
Independent APMG Certified Exam – 100 questions, 2 hours, pass mark 50%
Practitioner Certificate In Cloud Security Duration: 5 Days
Course Overview
This five day Certified Cloud Security Practitioner course is focused on Cloud Security, encompassing Cloud Security Architecture, DevSecOps, Data and Assurance aspects, Governance, Cloud Security Operations and Web Application Security. The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures. We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. Containers and serverless architectures will be introduced and their security implications reviewed. Agile DevOps methodologies will be covered and the use of a Continuous Integration Pipeline for security improvements, validation and testing. The course is delivered through presentations, discussions, practical demonstrations and 'hands-on' labs. You will gain practical hands-on experience of implementing and using cloud technologies and technical security controls in labs based on services from leading cloud service providers (AWS, Google & Microsoft) and consolidate learning in a group workshop to develop a cloud security architecture, based on a realistic scenario.
Audience
This course is aimed at technical and security specialists looking to develop and operate secure applications and systems using an agile DevOps methodology with fully automated deployments to cloud environments.
Prerequisites
There are no pre-requisites. However, we recommend that all delegates have an understanding of the general technologies, for example Operating Systems and Networking and Security principles. Experience of using cloud services and security technologies is helpful but not essential.
Delegates will learn how to
Delegates will learn about the following topics:
Cloud Concepts
Virtualisation
Cloud Security Frameworks, Principles, Patterns and Certifications
AWS Security Technologies
Microsoft Azure and Office 365
Google Apps for Work
Assurance
Data Protection and Compliance
Containers
Delegates will learn about the following topics:
Web Application Security
Cloud Identity Services
Serverless
Cloud Security as a Service
Automation
Continuous Integration Pipeline
DevSecOps
Outline
DAY ONE
Introduction
Introductions
Objectives of course
Agenda
Cloud Concepts
What is Cloud Computing?
Why is everyone moving to the Cloud?
Cloud computing model
Infrastructure, Platform and Software as a Service
Boundaries and responsibilities
Cloud Service Providers – Gartner Magic Quadrant(s)
Cloud reference architectures
Virtualisation
Overview of different virtualisation technologies and types covering storage, networks and systems.
Cloud Security Frameworks, Principles, Patterns and Certifications
Security Principles
Separation and layers as security controls
Cloud Security Alliance (CSA) Cloud Control Matrix
GOV.UK Cabinet Office and NCSC Cloud Security Principles
Security Architecture Frameworks
Security Architecture Patterns
Cloud Security Architecture Patterns
Trusted Cloud Initiative Reference Architecture
Cloud Security Certifications
AWS Security Technologies
EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
Availability zones and regions
Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
Security Implications of Elastic Load Balancing (ELB) and auto-scaling
Security Groups, Flow Logs, S3, ACLs and subnet routing
AWS Config, CloudTrail, CloudWatch, Trusted Advisor
IPSec VPN options: AWS VPNs, third party solutions
AWS CloudFront, Web Application Firewall and Certificate Manager
Vulnerability management using AWS Inspector
AWS Key Management Service (KMS) and CloudHSM
AWS Identity and Access Management (IAM)
Labs providing practical experience of implementing and using AWS security technologies
Quiz
End of day knowledge check – exam style questions
DAY TWO
Microsoft Azure and Office 365
Azure platform security architecture
Azure Virtual Networks
Azure network security best practices
Azure data security and encryption best practices
Azure Active Directory
Federated identity and Single Sign On
Azure Multi-factor authentication
Azure Key Vault
Azure Virtual Machine encryption
Microsoft Antimalware for Azure Cloud Services and Virtual Machines
Azure Security Center
Office 365 Service Architectures
Office 365 security across physical, logical and data layers
Office 365 email encryption options
Exchange Online Protection
GOV.UK Microsoft Office Security Guidance
Labs providing practical experience of implementing and using Microsoft Azure security technologies
Google Apps for Work
Google Apps for Work applications and architectures
Integration with corporate directories
Single sign-on to enforce use of corporate devices and threat prevention
GOV.UK Google Apps for Work Security Guidance
Google Admin Console
Google Authenticator
Organisational Units
Administrative roles
Data privacy opt-in
Assurance
Centre for Internet Security (CIS) Foundation Benchmarks
Penetration tests of cloud environments
External audit and configuration review
Data Protection and Compliance
Personally Identifiable Information (PII) and Personal Data
UK Data Protection Act and Information Commissioner’s Office (ICO)
European Union (EU) Data Protection Directive
EU General Data Protection Regulation (GDPR)
Cyber Essentials Plus
Cloud Security Alliance STAR
PCI DSS
AICPA SOC3 (formerly SAS70)
ISO 27001
Quiz
End of day knowledge check – exam style questions
DAY THREE
Containers
Concept of containers
Docker
Why development teams are moving to containers
Security issues of containers
Container security good practice
CIS Benchmark for Docker and Docker Bench tool
Orchestration – Kubernetes
Security features of Kubernetes
Orchestration – Docker Swarm
Cloud Service Provider container platforms (AWS, Azure, Google)
Container security solutions (e.g. Twistlock, NeuVector, AquaSecurity)
Labs providing hands-on experience of Docker containers and potential security issues
Web Application Security
OWASP Top 10
Threat Modelling
Secure Software Development Lifecycle
Cloud Identity Services
SAML
oAuth, oAuth 2.0 and OpenID Connect
Cloud Identity Providers
Quiz
End of day knowledge check – exam style questions
DAY FOUR
Serverless
Concept of ‘serverless’
Pros and Cons
AWS Lambda
Step functions
Dynamo DB
SQS, SWS, S3
Serverless application architecture
Security implications
Environment Variable encryption
Azure Cloud Functions
Google Cloud Functions
Labs providing hands-on experience of Serverless architectures
Cloud Security as a Service
Cloud Security Services
Cloud analytics, e.g. Splunk Cloud
Cloud security operations management, e.g. AlertLogic
Quiz
End of day knowledge check – exam style questions
Cloud Security Workshop
Scenario requirement
Develop security architecture in groups
Present back to wider group, review and discuss
DAY FIVE
Automation
Cloud service provider automation tools
Terraform by Hashicorp
Hardened build images
Vault by Hashicorp
Patching and update strategies
DevSecOps
Continuous Integration Pipeline
Continuous Integration Pipeline
Automated environment testing
Jenkins
Security issues
DevSecOps Lab
Hands-on experience of coding security improvements and automated deployments
Quiz
End of section quiz – exam style questions
Exam
Independent APMG Certified Exam – 100 questions, 2 hours, pass mark 50%
