Cloud Computing is an on-demand service model for information technology based on virtualization and distributed computing technologies. Computing services ranging from data storage and processing to software, such as email handling, are available instantly, commitment-free and on-demand. Economy of scale and flexibility are the most important aspects of cloud computing even from a security standpoint, since cloud-based defenses can be more robust, scalable and cost-effective. However, the all the data and resources available at a single point present a very attractive target for unauthorized access.
Cloud Security is undoubtedly, one of the most important factors and should be implemented after an informed assessment of the security risks and benefits of using cloud computing. It is essential to have a firm understanding of security and compliance requirements prior to moving to the cloud.
Two factors will determine the type and amount of security controls needed and who is responsible for them.
Type of Cloud: Public, Private, Hybrid
Service Model: Software-as-a-Service (SAAS), Platform-as-a-Service (PAAS), Infrastructure-as-a-Service (IAAS)
Cloud Security requires a multi-layered defense which includes hardening, access control and encryption into the cloud / virtualization layer.
About this training
Security issues / concerns associated with cloud computing fall broadly into two categories:
- Security issues faced by cloud providers offering Software-Platform-Infrastructure (SPI) service models
- Security issues faced by their customers.
This course helps participants understand cloud computing fundamentals and the requirements of cloud security covering all the domains outlined by the Cloud Security Alliance (CSA) and the recommendations given by the European Network and Information Security Agency (ENISA).
Participants work on a set of exercises involving scenarios where they need to assess, build and secure a cloud infrastructure. This 2 day course helps participants understand how an organization can effectively transition securely into a cloud computing environment.
Course Outline
CSA Guidance for Critical Areas of Focus in Cloud Computing
- Domain 1 - Cloud Architecture
- Domain 2 - Governance and Enterprise Risk
- Domain 3 - Legal and Electronic Discovery
- Domain 4 - Compliance and Audit
- Domain 5 - Information Lifecycle Management
- Domain 6 - Portability and Interoperability
- Domain 7 - Traditional Security, BCM, D/R
- Domain 8 - Data Center Operations
- Domain 9 - Incident Response
- Domain 10 - Application Security
- Domain 11 - Encryption and Key Management
- Domain 12 - Identity and Access Management
- Domain 13 - Virtualization
ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
- Security benefits of cloud
- Risks and underlying vulnerabilities
- Information assurance framework
- Division of liabilities
- Key legal issues
- Applied Knowledge
- Classify popular cloud providers into S-P-I model
- Redundancy
- Securing popular cloud services
- Vulnerability assessment considerations
- Practical encryption use cases