Duration: 4 Days
In this course, you will cover the concepts, processes, and best practices needed to successfully secure information within cloud infrastructures. You will learn the basic cloud types and delivery models, and develop an understanding of the risk and compliance responsibilities and challenges for each cloud type and service delivery model. You will also learn how to apply RSA's trust-based security model to real-world security problems. Through hands-on exercises, you will learn to implement a private cloud using a third party provider's interface. Some materials in this course have been developed in conjunction with the Cloud Security Alliance.
What You Will Learn
- Security aspects of each cloud model
- Develop a risk-management strategy for moving to the cloud
- Implement a public cloud instance using a public cloud service provider
- Apply RSA's trust-based security model to different layers in the
infrastructure stack
- Distinguish between cloud providers and third party managed service
providers
Audience
Those who work in security or virtualization administration, compliance, architecture, and audit roles that need to implement or administer cloud services via a public or private cloud
Prerequistes
- Basic familiarity with IT concepts, including storage, computation, and
networking
- Knowledge of TCP/IP networking technologies (equivalent to CompTIA
Network+ certification)
- Knowledge of information security concepts (equivalent to CompTIA's
Security+ certification)
- Familiar with virtualization concepts
- Comfortable using a command-line interface (CLI)
Course Outline
1. Cloud Computing
- Cloud
- Cloud Service Models
- Cloud Deployment Models
2. Managing Cloud Security and Risk
- Impact of Cloud Tiers on Security and Risk
- Standards Organization
- RSA's Cloud Trust Model
- Things to Look for in a Cloud Provider
3. Infrastructure Layer Trust
- Infrastructure Trust Layer Definition
- Disaster Recovery
- Virtualization
- Segmentation
and Isolation
- Log
Management
- Secure
Communications
- Multi-Tenancy
4. Application Layer Trust
- Web Application Security Fundamentals
- Application Security Phases and Lifecycle
- SDLC
- PaaS Security Concerns
5. Information Layer Trust
- Information Layer Trust
- Data Retention/Destruction
- Data Leakage
- Data Privacy
- Data Encryption and Key
Management
- Data Geolocation
- E-Discovery
- Data Portability
- Data
Classification
6. Management
- Management Layer Trust
- Identity and Access Management
- Contract SLAs
- Roles and
Responsibilities
- Provider
Viability
- Compliance
Monitoring
- Business
Continuance
- Provider Supply
Chain
- Third Party Risk
Assessment
- Software
Licensing Risk
7. Securing Private Clouds
- Enterprise IT Evolution
- Private Cloud Security Primer
Course Labs
In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.
