Training

Understanding Cloud Security - Price $499 - Register Now

There is a lot of hype and uncertainty around cloud security, but this class will slice through the hyperbole and provide students with the practical knowledge they need to understand the real cloud security issues and solutions. The "Understanding Cloud Security" one-day training class provides students with a comprehensive understanding of cloud security fundamentals. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Cloud Security Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA). Also included are a number of instructor-led demonstrations to see how cloud instances are built and secured. This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. At the end of the class, it is expected that students will be prepared to take the Cloud Security Alliance CCSK certification exam.

Pre-requisites:

We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management.

Course Outline:

This course is broken out into 5 modules that cover the benefits, risks and recommendations for securing critical information in the cloud:.

Module 1: Introduction to Cloud Computing. This module covers the fundamentals of cloud computing, including definitions, architectures, and the role of virtualization. Key topics include cloud computing service models, delivery models, and fundamental characteristics. It also introduces a model for assessing the risk of moving to the cloud.

Module 2: Creating and Securing in the Public Cloud. This modules digs into the details of the different cloud delivery models and their basic security issues. Students will learn the differences between security responsibilities for SaaS, PaaS, and IaaS, and key questions to ask a potential provider. The instructors will also demonstrate creating and applying security to a simple cloud instance on IaaS.

Module 3: Managing Cloud Security and Risk. This module covers important considerations for managing security for cloud computing. It begins with risk assessment and governance, then covers legal and compliance issues, such as discovery requirements in the cloud. It finishes with a discussion or portability and interoperability and managing incident response when working with cloud providers.

Module 4: Securing Public Cloud Data. One of the biggest issues in cloud security is protecting data. This module covers information lifecycle management for the cloud and how to apply security controls, with an emphasis on public cloud. Topics include the Data Security Lifecycle, cloud storage models, data security issues with different delivery models, and managing encryption in and for the cloud.

Module 5: Securing Cloud Users and Applications. This module covers identity management and application security for cloud deployments. Topics include federated identity and different IAM applications, secure development, and managing application security in and for the cloud.

Module 6: Creating and Securing the Private Cloud. In this module we move from the public cloud to the private cloud. Although we tend to have more control over private clouds, that doesn't mean they are immune to security issues. Topics include security risks of private clouds, and the management and security tools available to mitigate them.

About the Instructors

Mike Rothman is President of Securosis. Enterprises both large and small enjoy Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike is one of the most sought after speakers and commentators in the security business and brings a deep background in information security. After 20 years in and around security, he's one of the guys who "knows where the bodies are buried" in the space. Mike published "The Pragmatic CSO" in 2007 to introduce technically oriented security professionals to the nuances of what is required to be a senior security professional.

James Arlen, CISA, practices security for a global 500 financial services firm. Prior to his most recently job, James served as a security consultant engaged as the CISO of a mid-market publicly traded financial institution. He has also been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest and is a Contributing Analyst at Securosis. His areas of interest include organizational change, social engineering, blinky lights and shiny things.

Requires registration at www.sector.ca/register.