Audit and Security for Cloud-Based Services - ASN305

Description

Cloud-based services which offer internet-based computing and on-demand resources, software, and data, are rapidly changing the landscape of IT. With Software as a Service (SaaS) delivering application software, Platform as a Service (PaaS) available to design and develop software, and Infrastructure as a Service (IaaS) providing the equipment upon which to support other services, cloud computing offers IT a way to increase capacity and capabilities minus a huge investment.

In this two-day seminar, attendees will explore the current state of cloud computing and its common architecture and examine the major SaaS, PaaS, and IaaS providers in the market today. We will cover the security and control deficiencies that exist in cloud-based services and look at Security-as-a-Service as a way to protect against them. We will review a risk-based approach to audit and controls for cloud based-services and investigate such areas as cloud-based network models, cloud brokers, and disaster recovery and governance in a cloud-services environment. Throughout the seminar, class exercises will reinforce what you learn and help you identify the risks, controls, and gaps in cloud services.

What you will learn

You will learn about the current state of cloud computing, its common architecture, and the major services provided in the market. Also, how to use SaaS as a way to protect against security and control deficiencies


Objectives

Understanding Corporate Culture:

  • the SPI Cloud Computing Model
  • cloud network models
  • key drivers for moving towards cloud-based services

Software as a Service (SaaS):

  • key enterprise applications
  • the SaaS transaction model(s)
  • SaaS security and audit concerns

Platform as a Service (PaaS):

  • major development providers/platforms
  • PaaS security and audit concerns

Infrastructure as a Service (IaaS):

  • host security in the cloud
  • network security in the cloud
  • data storage/SAN in a cloud IaaS environment
  • cloud bursting
  • cloud bursting
  • IaaS security and audit concerns

Brokered Cloud Services:

  • cloud aggregators
  • cloud brokers
  • cloud management service portals

Security as a Service:

  • identity management as a service
  • security event monitoring/IDS as a service
  • vulnerability management as a service
  • data leakage prevention as a service/Web filtering, e-mail filtering

Cloud-Based Security Standards and Dependencies:

  • directories and identity management
  • federated identities
  • emerging security Standards: SPML, XACML, OAuth, OpenID, others

Governance in a Cloud Services Environment:

  • key performance indicators
  • audit trails for cloud-based services
  • service level agreements, licensing
  • legal complexities: data privacy, globalization, trans-border constraints
  • third-party assessments and certifications: SAS70, ISO 27001

Disaster Recovery in a Cloud-Based Environment:

  • SPI HA architectures
  • virtualized environments and their impact on disaster recovery
  • updating and testing disaster recovery plans

Cloud Security and Audit:

  • key risks and audit concerns
  • identifying key controls and mitigations
  • cloud-based risk analysis models: ENISA, NIST, CSA
  • security best-practices models for cloud-based services
  • audit techniques and tests in a cloud-based environment

Further information

ACI Learning
Provider:
ACI Learning
Duration:
2 Days
Locations:
Amsterdam, Atlanta, Ga, Bandar Seri Begawan, Boston, Ma, Burlington, Ma, Cape Town, Charlotte, Nc, Chicago, Il, Dallas, Tx, Denver, Co, Dubai, Dublin, Dublin, Oh, Hong Kong, Houston, Tx, Las Vegas, Nv, London, Manila, New York, Ny, Oman, Orlando, Fl, Philadelphia, Pa, San Antonio, San Diego, Ca, San Francisco, Ca, Seattle, Wa, Singapore, Virtual Training Room Only, Washington, Dc

Contact Information

ACI Learning

6855 S. Havana St.
Suite 230
Centennial
80112 USA

Locations