This post is also available in: English
CLOUD SECURITY ADVANCED
Security is a major challenge for the adoption of Cloud Computing. IT decision makers must consider the risk factors associated with cloud migration, in both private and public clouds, and adopt proper measures.
In order to help organizations manage cloud risks correctly and understand the different security aspects of cloud security – we recommend taking the CCSK training (Cloud Computing Security Knowledge).
Cloud Computing Security Knowledge (CCSK) is the world leading cloud security certification coming from the Cloud Security Alliance. The certification covers all major aspects in cloud security including risk management, provider evaluation, infrastructure and application security, identity management and much more.
“This is the mother of all cloud computing security certifications. The Certificate of Cloud Security Knowledge certification is vendor-neutral, and certifies competency in key cloud security areas.”
~ CIO.com, Top Ten Cloud Computing Certifications
The CCSK preparation course is made from 2 stages:
- CCSK Foundation(first stage): Frontal teaching of 6 modules that cover all topics relevant to Cloud Computing security.
- *CCSK Advanced(second stage): The second stage of CCSK training is devoted to practicing cloud labs. In the labs students will practice the different security tools available for private and public IaaS.
- Decision makers who want to understand the terms & concepts of cloud computing, risk assessment methodologies and relevant technologies
- Product managers and developers who are developing for cloud environments
- IT & Security professionals who wish to evaluate the risks and solutions for cloud environments (public and private)
- Security and IT personnel who wish to expand their knowledge of new technologies
- Organizations that make their first steps into the cloud and want to gain knowledge about the security capabilities in this environment
CIO and senior management who are interested in expanding knowledge on relevant information security risks, compliance and legal issues
By the end of this course participants will have a deeper understanding of:
- Terms & concepts relevant to cloud computing
- Legal and compliance issues and regulations relevant to cloud computing
- The distribution of responsibilities between the customer and cloud provider for each cloud deployment technology (PaaS / IaaS / SaaS)
- Understanding the specific technologies for security cloud computing infrastructure, applications and users
- Virtualization security
- Evaluating, Implementing and operating security in public and private cloud
- Familiarity with Amazon’s AWS interfaces and Open Stack
Basic understanding of security fundamentals is highly recommended
The CCSK course is broken out into 6 modules that cover the 13 domains of the CSA Guidance and the ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security.
First Stage – 8 hours
Module 1: Introduction to Cloud Computing.
This module covers the fundamentals of cloud computing, including definitions, architectures, and the role of virtualization. Key topics include cloud computing service models, delivery models, and fundamental characteristics. It also introduces a model for assessing the risk of moving to the cloud.
Module 2: Infrastructure Security for Cloud Computing
This module digs into the details of securing the core infrastructure for cloud computing- including cloud components, networks, management interfaces, and administrator credentials. Students will learn the key components to public and private clouds and techniques for securing them.
Module 3: Managing Cloud Security and Risk
This module covers important considerations for managing security for cloud computing. It begins with risk assessment and governance, then covers legal and compliance issues, such as discovery requirements in the cloud. It finishes with a discussion or portability and interoperability and managing incident response when working with cloud providers.
Module 4: Data Security for Cloud Computing
One of the biggest issues in cloud security is protecting data. This module covers information lifecycle management for the cloud and how to apply security controls, with an emphasis on public cloud. Topics include the Data Security Lifecycle, cloud storage models, data security issues with different delivery models, and managing encryption in and for the cloud.
Module 5: Application Security and Identity Management for Cloud Computing
This module covers identity management and application security for cloud deployments. Topics include federated identity and different IAM applications, secure development, and managing application security in and for the cloud.
Module 6: Selecting Cloud Services
This module covers key considerations when evaluating, selecting, and managing cloud computing providers. It includes important questions to ask and what to look for. We also discuss the role of Security-as-a-Service providers.
Second Stage – 8 hours
This second stage of training includes, in part, additional lectures, although most of the time will dedicated to assessing, building, and securing a cloud infrastructure throughout the exercises.
- Exercise 1: Introduction and Risk Analysis. Students will be introduced to the day’s scenario and build a threat model for migrating to the cloud.
- Exercise 2: Create and Secure a Public Cloud Instance. Students will create a basic cloud instance on a public cloud infrastructure and establish a security baseline. Topics include creating an AWS instance, establishing network security, and understanding machine images.
- Exercise 3: Encrypt Public Cloud Data. In this module students will dive into cloud storage options and learn the basics to encrypt data for their public cloud deployment.
- Exercise 4: Create and Secure a Cloud Application: Now the students will secure their first public application for the cloud, following best practices such as architecting their cloud application stack and managing appropriate network security.
- Exercise 5: Identity Management for the Cloud. Students will create a basic federated identity infrastructure to support their cloud application and learn additional details on standards like SAML and OAuth.
- Exercise 6: Create and Secure a Private Cloud. Students will establish a basic private cloud, then launch and secure their first cloud instances.