With Software as a Service (SaaS) delivering application software, Platform as a Service (PaaS) available to design and develop software, and Infrastructure as a Service (IaaS) providing the equipment upon which to support other services, cloud computing offers IT a way to increase capacity and capabilities minus a huge investment.
In this two-day seminar, attendees will explore the current state of cloud computing and its common architecture, and examine the major SaaS, PaaS, and IaaS providers in the market today. We will cover the security and control deficiencies that exist in cloud-based services and look at Security as a Service as a way to protect against them. You will review a risk-based approach to audit and controls for cloud based-services and investigate such areas as cloud-based network models, cloud access security brokers, disaster recovery and governance in a cloud-services environment. Throughout the seminar, class exercises will reinforce what you learn and help you identify the risks, controls, and gaps in cloud services.
This course is available on-site at your location, or offered through open enrollment 12/1/20 - 12/2/20.
- 1. Cloud-Based Computing: An Architectural Overview, the SPI Cloud Computing Model, cloud network models, key drivers for moving towards cloud-based services
- 2. Software as a Service (SaaS), key enterprise applications, the SaaS transaction model(s), SaaS security and audit concerns
- 3. Platform as a Service (PaaS), major development providers/platforms, PaaS security and audit concerns
- 4. Infrastructure as a Service (IaaS), host security in the cloud, network security in the cloud, data storage/SAN in a cloud IaaS environment, cloud bursting, IaaS security and audit concerns
- 5. Brokered Cloud Services, cloud aggregators, cloud brokers, cloud management service portals
- 6. Security as a Service, identity management as a service, security event monitoring/IDS as a service, vulnerability management as a service, data leakage prevention as a service/Web filtering, e-mail filtering
- 7. Cloud-Based Security Standards and Dependencies, directories and identity management, federated identities, security Standards: SPML, XACML, OAuth, OpenID, others
- 8. Governance in a Cloud Services Environment, key performance indicators, audit trails for cloud-based services, service level agreements, licensing, legal complexities: data privacy, globalization, trans-border constraints, third-party assessments and certifications: SSAE18, ISO 27001
- 9. Disaster Recovery in a Cloud-Based Environment, SPI HA architectures, virtualized environments and their impact on disaster recovery, updating and testing disaster recovery plans
- 10. Cloud Security and Audit, key risks and audit concerns, identifying key controls and mitigations, cloud-based risk analysis models: ENISA, NIST, CSA, security best-practices models for cloud-based services, audit techniques and tests in a cloud-based environment