Cloud Security & Privacy: An Enterprise Perspective
Course Length: Three Days
Description
An in-depth training course on current cloud computing
security and privacy considerations. Through focused instructor
lecture and practical group and individual discovery activities,
the student is guided to an awareness of and logical responses
to modern cloud computing security issues with an eye towards
proactive practical, managerial and operational responses.
Objectives
At Course Completion: Upon successful completion of this
course, the students will be able to:
• understand the cloud computing architectural framework
• point out cloud computing security challenges
• describe cloud computing security controls recommendation
• implement policies and methodologies to mitigate cloud
security risks
Audience
IT professionals and managers responsible for the recognition
and policy directives required for eliminating and minimizing
the security risks and issues arising from the introduction and
integration of cloud computing, mobile computing, Wi-Fi
capability, off-site hosting resources and on and off premise
security breaches into enterprise level IT infrastructures
Course Outline
1. Introduction: The Evolution of Cloud Computing
2. What is Cloud Computing?
* Cloud Computing Defined
* The SP 1 Framework for Cloud Computing
* The Traditional Software Model
* The Cloud Services Delivery Model
* Cloud Deployment Models
* Key Drivers to Adopting the Cloud
* The Impact of Cloud Computing on Users
* Governance in the Cloud
* Barriers to Cloud Computing Adoption in the Enterprise
3. Infrastructure Security
* Infrastructure Security: The Network Level
* Infrastructure Security: The Host Level
* Infrastructure Security: The Application Level
4. Data Security and Storage
* Aspects of Data Security
* Data Security Mitigation
* Provider Data & Its Security
5. Identity and Access Management
* Trust Boundaries and IAM
* Why IAM?
* IAM Challenges
* IAM Definitions
* IAM Architecture and Practice
* Getting Ready for the Cloud
* Relevant IAM Standards and Protocols for Cloud Services
* IAM Practices in the Cloud
* Cloud Authorization Management
* Cloud Service Provider IAM Practice
* Guidance
6. Security Management in the Cloud
* Security Management Standards
* Security Management in the Cloud
* Availability Management
* SaaS Availability Management
*PaaS Availability Management
* IaaS Availability Management
* Access Control
* Security Vulnerability, Patch and Configuration Management
7. Privacy
* What is Privacy?
* What is the Data Life Cycle?
* What are the key privacy concerns in the Cloud?
* Who is responsible for protecting privacy?
* Changes to Privacy Risk Management and Compliance in Relation
to Cloud Computing
* Legal and regulatory implications
* U.S. Laws and Regulations
* International Laws and Regulations
8. Audit and Compliance
* Internal Policy Compliance
* Governance, Risk & Compliance (GRC)
* Illustrative Control Objectives for Cloud Computing
* Incremental CSP-Specific Control Objectives
* Additional Key Management Control Objectives
* Control Considerations for CSP Users
* Regulatory/External Compliance
* Other Requirements
* Cloud Security Alliance
* Auditing the Cloud for Compliance
9. Examples of Cloud Service Providers
* Amazon Web Services (IaaS)
* Google (Saas, PaaS)
* Microsoft Azure Services Platform (PaaS)
* Proofpoint (Saas, IaaS)
* RightScale (IaaS)
* Salesforce.com (SaaS, PaaS)
* Sun Open Cloud Platform
* Workday (SaaS)
10. Security-as-a-(Cloud) Service
* Origins
* Today’s Offerings
11. The Impact of Cloud Computing on the Role of Corporate IT
* Why Cloud Computing Will be Popular with Business Units
* Potential Threats of Using CSPs
* A Case Study Illustrating Potential Changes in the IT
Profession Cause by Cloud Computing
* Governance Factors to Consider when Using Cloud Computing
12. Job Role- Specific new Skills Required for the Cloud and
Hybrid IT environment
*Systems Administrators
*Electronic Messaging Leads
*Database and Business Intelligence Managers
*Line of Business Application Developers
*Infrastructure Hardening Leads
*Mobile Device Managers
13. Conclusion and the Future of the Cloud
* Analyst Predictions
* Survey Says?
* Security in Cloud Computing
* Program Guidance for CSP Computers
* The Future of Security in Cloud Computing
|
