Class overview :

Class goals :

• Analyze, manage and implement security for public and private clouds
• Establish data integrity and privacy in the cloud to manage risk
• Maintain platform security and protect data confidentiality
• Protect networks, operating systems and applications within various cloud deployments
• Achieve organizational cybersecurity compliance with effective cloud governance
• Exploit the cloud for efficient disaster recovery and business continuity

Content of Cloud Security Essentials

Cloud Computing Essentials

• Cloud computing service models: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)
• Public
• Private
• Virtual Private
• Hybrid
• Establishing cybersecurity fundamentals
• Determining when security goals require a private cloud

Risk Management and Division of Responsibility

Managing risks in the cloud

• Centralizing information with SaaS to increase data security
• Implementing and managing user authentication and authorization
• Permission and password protection

Negotiating security requirements with vendors

• Identifying needed security measures
• Establishing a service level agreement (SLA)
• Ensuring SLAs meet organizational security requirements

Securing the Cloud Infrastucture

Securing the platform

• Restricting network access through security groups
• Configuring platform-specific user access control
• Integrating with cloud authentication and authorization systems

Compartmentalizing access to protect data confidentiality

• Securing data in motion and data at rest
• Identifying your security perimeter
• Techniques for recovering critical data

Operating System and Network Security

Locking down cloud servers

• Ensuring the cloud is configured according to best practices
• Confirming safeguards have been implemented
• Networking
• Operating Systems
• Applications
• Scanning for and patching vulnerabilities
• Controlling and verifying configuration management

Leveraging provider-specific security options

• Defining security groups to control access
• Filtering traffic by port number
• Discovering and benefiting from the provider’s built-in security
• Protecting archived data

Achieving Security in a Private Cloud

Taking full responsibility for cybersecurity

• Managing the risks of public clouds
• Identifying and assigning security tasks in each SPI service model: SaaS, PaaS, IaaS

Selecting the appropriate product

• Comparing product-specific security features
• Considering organizational implementation requirements

Virtual Private Cloud (VPC)

• Simulating a private cloud in a public environment
• Google Secure Data Connector
• Amazon VPC
• Industry-standard, VPN-encrypted connections

The hybrid cloud alternative

• Connecting on-premises data with cloud applications
• Securely bridging with VPC
• Dynamically expanding capacity to meet business surges

Meeting Compliance Requirements

Managing cloud governance

• Retaining responsibility for the accuracy of the data
• Verifying integrity in stored and transmitted data
• Demonstrating due care and due diligence
• Supporting electronic discovery
• Preserving a chain of evidence

Assuring compliance with government certification and accreditation regulations

• HIPAA
• Sarbanes-Oxley
• Data Protection Act
• PCI DSS
• Limiting the geographic location of data
• Following standards for auditing information systems
• Negotiating third-party provider audits

Preparing for Disaster Recovery

Implementing a plan to sustain availability

• Reliably connecting to the cloud across the public internet
• Anticipating a sudden provider change or loss
• Archiving SaaS data locally
• Addressing data portability and interoperability in preparation for a change in cloud providers

Exploiting the cloud for efficient disaster recovery options

• Achieving cost-effective recovery time objectives
• Employing a strategy of redundancy to better resist DoS