Description
Cloud-based services which offer internet-based computing and on-demand resources, software, and data, are rapidly changing the landscape of IT. With Software as a Service (SaaS) delivering application software, Platform as a Service (PaaS) available to design and develop software, and Infrastructure as a Service (IaaS) providing the equipment upon which to support other services, cloud computing offers IT a way to increase capacity and capabilities minus a huge investment.
In this two-day seminar, attendees will explore the current state of cloud computing and its common architecture and examine the major SaaS, PaaS, and IaaS providers in the market today. We will cover the security and control deficiencies that exist in cloud-based services and look at Security-as-a-Service as a way to protect against them. We will review a risk-based approach to audit and controls for cloud based-services and investigate such areas as cloud-based network models, cloud brokers, and disaster recovery and governance in a cloud-services environment. Throughout the seminar, class exercises will reinforce what you learn and help you identify the risks, controls, and gaps in cloud services.
What you will learn
You will learn about the current state of cloud computing, its common architecture, and the major services provided in the market. Also, how to use SaaS as a way to protect against security and control deficiencies
Objectives
Understanding Corporate Culture:
- the SPI Cloud Computing Model
- cloud network models
- key drivers for moving towards cloud-based services
Software as a Service (SaaS):
- key enterprise applications
- the SaaS transaction model(s)
- SaaS security and audit concerns
Platform as a Service (PaaS):
- major development providers/platforms
- PaaS security and audit concerns
Infrastructure as a Service (IaaS):
- host security in the cloud
- network security in the cloud
- data storage/SAN in a cloud IaaS environment
- cloud bursting
- cloud bursting
- IaaS security and audit concerns
Brokered Cloud Services:
- cloud aggregators
- cloud brokers
- cloud management service portals
Security as a Service:
- identity management as a service
- security event monitoring/IDS as a service
- vulnerability management as a service
- data leakage prevention as a service/Web filtering, e-mail filtering
Cloud-Based Security Standards and Dependencies:
- directories and identity management
- federated identities
- emerging security Standards: SPML, XACML, OAuth, OpenID, others
Governance in a Cloud Services Environment:
- key performance indicators
- audit trails for cloud-based services
- service level agreements, licensing
- legal complexities: data privacy, globalization, trans-border constraints
- third-party assessments and certifications: SAS70, ISO 27001
Disaster Recovery in a Cloud-Based Environment:
- SPI HA architectures
- virtualized environments and their impact on disaster recovery
- updating and testing disaster recovery plans
Cloud Security and Audit:
- key risks and audit concerns
- identifying key controls and mitigations
- cloud-based risk analysis models: ENISA, NIST, CSA
- security best-practices models for cloud-based services
- audit techniques and tests in a cloud-based environment