Offering Internet-based computing and on-demand resources, software, and data, cloud-based services are rapidly changing the landscape of IT. With Software as a Service (SaaS) delivering application software, Platform as a Service (PaaS) available to design and develop software, and Infrastructure as a Service (IaaS) providing the equipment upon which to support other services, cloud computing offers IT a way to increase capacity and capabilities minus a huge investment.
In this two-day seminar, attendees will explore the current state of cloud computing and its common architecture, and examine the major SaaS, PaaS, and IaaS providers in the market today. We will cover the security and control deficiencies that exist in cloud-based services and look at Security as a Service as a way to protect against them. We will review a risk-based approach to audit and controls for cloud based-services and investigate such areas as cloud-based network models, cloud brokers, and disaster recovery and governance in a cloud-services environment. Throughout the seminar, class exercises will reinforce what you learn and help you identify the risks, controls, and gaps in cloud services.
This course is available on-site at your location, or offered through open enrollment in Denver,CO, New York,NY, and Chicago,IL.
- Cloud-Based Computing: An Architectural Overview, application architectures, the SPI Cloud Computing Model, key drivers for moving towards cloud-based services
- Software as a Service (SaaS), key enterprise applications, the SaaS transaction model(s), SaaS security and audit concerns
- Platform as a Service (PaaS), major development providers/platforms, PaaS security and audit concerns
- Infrastructure as a Service (IaaS), host security in the cloud, network security in the cloud, data storage/SAN in a cloud IaaS environment, cloud bursting, virtualization models for cloud-based services: Hypervisor VM and inter VM isolation, cloud-based security domains: virtualized security/firewalls, IaaS security and audit concerns
- Cloud-Based Network Models, private cloud architectures, hybrid architectures, public architectures, de-perimeterization of networks: secure access from any device, anywhere
- Brokered Cloud Services, cloud aggregators, cloud brokers, cloud management service portals
- Security as a Service, identity management as a service, security event monitoring/IDS as a service, vulnerability management as a service, data leakage prevention as a service/Web filtering, e-mail filtering
- Cloud-Based Security Standards and Dependencies, directories and identity management, federated identities, emerging security Standards: SPML, XACML, OAuth, OpenID, others
- Governance in a Cloud Services Environment, key performance indicators, audit trails for cloud-based services, service level agreements, licensing, legal complexities: data privacy, globalization, trans-border constraints, third-party assessments and certifications: SAS70, ISO 27001
- Disaster Recovery in a Cloud-Based Environment, SPI HA architectures, virtualized environments and their impact on disaster recovery, updating and testing disaster recovery plans
- Cloud Security and Audit, key risks and audit concerns, identifying key controls and mitigations, cloud-based risk analysis models: ENISA, NIST, CSA, security best-practices models for cloud-based services, audit techniques and tests in a cloud-based environment