Course Information
Advanced Cloud & AWS Security
Course Description
This seminar is designed for Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud clients to assist in understanding these platforms and to acquaint them with the types of audit, security, compliance, and other assurance tools available.
The Cloud Security Alliance, Microsoft (MSFT), and Amazon have all published a shared-responsibility reference model, which asserts that the client is primarily responsible for various controls in the cloud environment. This training will leverage the shared-responsibility model to focus on how to assess whether the client has appropriately managed the controls for which the client is responsible. Other frameworks and reference models will be introduced as appropriate. This course will focus on the control responsibilities of the cloud client and will look at general principles for monitoring and oversight of cloud platforms primarily focusing on the platform.
Course Objectives
Upon completion of this course, participants will be able to:
• Identify the security and compliance benefits and risks of using the IaaS, PaaS and FaaS service models.
• Discuss special governance topics (including vendor management) for cloud resources.
• Describe available client security services for risk assessment including auditing, logging, and monitoring tools.
• Identify appropriate internal controls to use for managing these service models.
• Discuss how client security and auditing tools can validate whether security controls are implemented and operating effectively.
• Identify the impact of a hybrid cloud environment (i.e. one or more cloud vendors in combination with on-premises environment)
1. Cloud Threats / Breaches
· Recent cloud breaches
o Discussion of breach details
o Implications for other organizations
2. Cloud Fundamentals
· Review key definitions
3. Deployment Models
· Use cases and in-depth discussion of
o Multi-cloud, Hybrid
4. Service Models
· In-depth discussions
· PaaS, IaaS, Faas
5. Legal and Regulatory
· Recent changes in legal and regulatory landscape
6. Migrating to the Cloud
· Migration tools
· Benefits of cloud native development
· When does cloud native development make sense?
· Key migration risks
7. Platform as a Service (PaaS)
· Key PaaS Vendors, Pros and cons
· Key challenges/risks specific to PaaS
· Maintaining compliance with PaaS developed applications
· Security recommendations for PaaS
· Software Development Kits (SDKs)
o Use cases
o Difference between SDKs and APIs
8. Infrastructure as a Service (IaaS)
· Key IaaS Vendors
· Key challenges/risks specific to IaaS
· Maintaining compliance IaaS workloads
· Security recommendations for IaaS
9. Identity and Access Management (IAM)
· Cloud IAM vendor offerings
o AWS IAM services
· Controlling privileged users in the cloud
10. Cloud Access Security Brokers (CASBs)
· Review of leading CASB vendors
o Netskope, Bitglass, Symantec, McAfee
11. Virtualization
· Cloud implications of virtualization
o Managing virtualized resources in hybrid and multi-cloud environments
· OpenShift
· Hyperconvergence
o Definition
o Use cases
o Benefits
o Key vendors
12. Containers
· Container images
· Container networking
· Container security
· Docker
o Container lifecycle and management
o Docker Swarm
· Modernizing applications using containers
13. Kubernetes
· Key capabilities of Kubernetes
· How Kubernetes works
· Kubernetes services available through AWS
14. Fundamentals of Cloud Operations
· Security implications of cloud operations
15. Vendor Cloud Compute and Storage Services
· Cloud Compute and Storage Services
o AWS EC2 and S3 storage
16. Cloud Management Platforms
· Flexera (RightScale)
17. AWS Cloud Offerings
· AWS API
· AWS Management Console
· AWS Elastic Load Balancer (ELB)
· CloudFront
· Elastic Beanstalk
· Managing AWS costs
18. Cloud Application Security
· Continuous Delivery strategy through CI/CD Pipelines
o CI/CD Pipeline tools
o Security of the pipeline
o Auditing the pipeline
19. Cloud Native Software Development
· Design principles for cloud applications
· Serverless computing or FaaS
o AWS Lamda, Azure Functions, Google Functions
o Container native development
20. Cloud Security
· AWS security
o AWS API security
o AWS Cloud Watch
21. Encryption Key Management
· AWS Key Management Services
22. Cloud Risk Management
· Vendor tools for cloud risk management
o AWS
· Compliance solutions
· Amazon Inspector
Instructors
Mary Siero (CISSP, CISM, CRISC) is Senior Instructor for MISTI. She is an executive level Information Technology Consultant and the President of Innovative IT, a leading North Carolina based information technology consulting firm that specializes in IT operational, compliance and security consulting. Ms. Siero’s career includes ten years in healthcare as a Chief Information Officer and five years in the gaming industry as Vice President of IT Operations, both heavily regulated industries. She has over 40 years’ experience in engineering and technology from industries such as Healthcare, Government, Education, Gaming and Hospitality, Consumer Products, and Manufacturing. Ms. Siero is active in the information system security community and has provided testimony on the record for the State of Nevada Information Technology Board regarding The Current and Future Cyber Threat. She routinely presents at national conferences on information technology topics; holds several professional IT security certifications including CISSP, CISM and CRISC; and is the author of Safeguarding Your Organizations Data: A Call to Action. She is a Charter Member of the FBI Citizen’s Academy Alumni Association in Las Vegas, and is a member in good standing of the International Information Systems Security Certification Consortium (ISC)2, the Information Systems Security Association (ISSA), , the Information Systems Audit and Control Association (ISACA), and the North Carolina Technology Association She is a graduate of the University of Detroit with a Master’s Degree in Polymer Chemistry and a graduate of Michigan State University where she obtained her Bachelor’s Degree in Chemistry.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.