Cloud Legion - Cloud Security foundation

Cloud Security foundation

Cloud Security Foundation is an introductory level workshop for IT professionals who wants to validate their knowledge of cloud security.

About the Instructor

Christian Ibiri

He is a person passionate about technology and above all, the disruptive or the transformations of the way we are used to doing things, such as cloud computing, agile methodologies and agile Infrastructures. He is a founding member of DevSecOps Argentina, has more than 10 years of experience in IT, of which the last 7 years in the areas of Hybrid Infrastructures, Cloud, DevOps and automation of tools. He participates in many infrastructure projects, networking, migration and implementation of private and public clouds, automation, unified communications and collaboration, accompanying the other parts involved in them, from the requirements stage to the implementation and post-implementation. DevOps enthusiast, agile infrastructures and infrastructure as code.

About the Instructor

Luciano Moreira

Luciano Moreira has a Master in Cybersecurity from “Camilo José Cela University”. First Certified CSA STAR Auditor in the SOLA region, Elected Cybersecurity Consultant of the Year in the Cybersecurity Excellence Awards 2016, 2017 and 2018, MVP - Most Valuable Professional Azure (Security, Infrastructure & Storage), ISO 27001: 2013 Lead Auditor, 27018, 27017 and 9001: 2015, Founder and President of DevSecOps Argentina, President of the Argentina chapter of the CSA Cloud Security Alliance. Member of ISSA, ISACA, OWASP, of the academic committee of the E-gisart and Cyber events of ISACA and of the scientific committee in Cybersecurity of the IEEE ARGENCON event, orator and Security Instructor in Education IT, FSA, I-SEC, among others. Luciano has more than 17 years of experience in IT, of which the last 12 years working in the area of Information Security.

Objectives

At the end of this workshop you will learn: basics of Cloud Policy and Contracts, Cloud Risks, including Threats and Vulnerabilities, Cloud Security Alliance's 14 domains of Cloud Security Research, best Practices to Secure Multiple Layers in the clouds, how to adapt the security architecture, tools and processes for use in cloud environments.

Plan of Studies

This workshop is divided into 2 days: the first day will present the basics of architecture and infrastructure, as well as a wide range of topics, such as the administration of patches and configurations, virtualization security, the security of applications and the management of changes. As we deep into these fundamental cloud standards, you will learn how to immediately improve the ways in which your own team is deploying assets in the cloud.

The second day begins with disaster recovery and business continuity planning, using models and architecture in the cloud. The storage of data in the cloud has become common, so we will discuss how to protect that data, using many tactics, including identity and access management protocols. New approaches to data and network encryption, key management and data lifecycle issues will be covered in detail. This will be followed by a discussion about intrusion detection and response to incidents in cloud environments, along with how to better manage these critical security processes and the technologies that support them. We will finish with a final risk assessment for your own projects that will potentially move to the cloud.

Day 1

Introduction to cloud computing

Delivery models: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS)
Cloud types (public, private and hybrid)
Explanation of “Jerico cloud cube model”

Security challenges in the cloud

Introduction to the topic: Why is this difficult?
Virtualización y multi-tenancy.
Risk assessment for migration to the cloud
Unique SaaS challenges and security agents accessing the cloud (CASB)

Politics and governance for cloud computing

Internal political needs
Contractual security requirements
Service Level Agreements
Governance models for the cloud

Compliance and Legal Considerations

Compliance challenges for the cloud.
Legal and geographical jurisdiction.
Concerns about privacy

Risk, audit and evaluation for the cloud: Focus of the provider

Risk management
Auditing the cloud
Remote
On site
CloudAudit A6

Security infrastructure in the cloud

Management of patches and configurations.
Change management
Network security and virtualization
Application security for SaaS, PaaS and IaaS

Day 2

Disaster recovery and business continuity planning in the cloud

Identity and Access Management (IAM)

IAM architecture and relevance for the cloud.
Authentication and authorization rules.
Account management and provisioning.
Federation

Security of data in the cloud

Types of encryption and availability
Encryption architectures and key management
Data/information life cycle
Retention
Disposition
Classification

Intrusion detection and incident response

Detection of incidents for different cloud models
Intrusion Detection System Administration/Intrusion Prevention System (IDS/IPS) and alerts
The feedback circuit of event management

Risk, audit and evaluation for the cloud: Project focus

Risk management
Evaluations for the cloud
Insight testing the cloud
Internal evaluations

Who should attend this workshop

Security personal tasked with evaluating the technical risks of cloud computing.

Managers of networks and systems that manage private clouds or need to take advantage of public or hybrid cloud services.

Technical auditors and consultants who need to gain a deeper understanding of cloud computing and security issues.

Security and IT managers who want to understand the risks of cloud computing and advise business management about the risks and the several approaches involved.

If you want to know more about our courses and workshops, you can send us your query by completing the form below. We will contact you as soon as possible.