Overview

This five day course is focused on Cloud Security, encompassing Cloud Security Architecture, DevSecOps, Data and Cloud Assurance aspects, Governance, Cloud Security Operations and Web Application Security.
The course spans cloud security principles, patterns and architectural frameworks, data protection and compliance for cloud based applications, data and infrastructure, and the design, development and implementation of cloud security architectures. This course is a fundamentals course that will expose you to a variety of cloud security and assurance aspects across the 3 big cloud computing platforms - AWS, Azure and GCP.
We will review the wide range of technical security controls available using Cloud Service Provider and partner technologies, automation and DevSecOps, assurance, audit and security testing of cloud based services. Containers and serverless architectures will be introduced and their security implications reviewed. Agile DevOps methodologies will be covered and the use of a Continuous Integration Pipeline for security improvements, validation and testing.
Target Audience

This course is aimed at technical and security specialists looking to develop and operate secure applications and systems using an agile DevOps methodology with fully automated deployments to cloud environments.

Continuous Professional Development (CPD)

CPD points can be claimed for NCSC accredited courses at the rate of 1 point per hour of training for NCSC accredited courses (up to a maximum of 15 points).

Read more

Prerequisites

There are no pre-requisites. However, we recommend that all delegates have an understanding of the general technologies, for example Operating Systems and Networking and Security principles. Experience of using cloud services and security technologies is helpful but not essential.

For those delegates looking for some pre-course general cloud security background, guidance and organisational compliance, the NCSC cloud security collection is probably the single best resource.

Read more

Learning Outcomes

Delegates will learn about the following topics:

  • Cloud Concepts
  • Virtualisation
  • Cloud Security Frameworks, Principles, Patterns and Certifications
  • AWS Security Technologies
  • Microsoft Azure and Office 365
  • Google Cloud Platform and G Suite
  • Assurance
  • Data Protection and Compliance
  • Containers
  • Web Application Security
  • Cloud Identity Services
  • Serverless
  • Cloud Security as a Service
  • Automation
  • Continuous Integration Pipeline
  • DevSecOps
Read more

Course Outline

DAY ONE
Introduction
  • Introductions
  • Objectives of course
  • Agenda
Cloud Concepts
  • What is Cloud Computing?
  • Why is everyone moving to the Cloud?
  • Cloud computing model
  • Infrastructure, Platform and Software as a Service
  • Boundaries and responsibilities
  • Cloud Service Providers – Gartner Magic Quadrant(s)
  • Cloud reference architectures
Virtualisation
  • Overview of different virtualisation technologies and types covering storage, networks and systems.
Cloud Security Frameworks, Principles, Patterns and Certifications
  • Security Principles
  • Separation and layers as security controls
  • Cloud Security Alliance (CSA) Cloud Control Matrix
  • GOV.UK Cabinet Office and NCSC Cloud Security Principles
  • Security Architecture Frameworks
  • Security Architecture Patterns
  • Cloud Security Architecture Patterns
  • Trusted Cloud Initiative Reference Architecture
  • Cloud Security Certifications
AWS Security Technologies
  • EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
  • Availability zones and regions
  • Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
  • Security Implications of Elastic Load Balancing (ELB) and auto-scaling
  • Security Groups, Flow Logs, S3, ACLs and subnet routing
  • AWS Config, CloudTrail, CloudWatch, Trusted Advisor
  • IPSec VPN options: AWS VPNs, third party solutions
  • AWS CloudFront, Web Application Firewall and Certificate Manager
  • Vulnerability management using AWS Inspector
  • AWS Key Management Service (KMS) and CloudHSM
  • AWS Identity and Access Management (IAM)
Lab
  • Architecting on AWS - Lab 1 - Hosting a Static Website
Knowledge Check - Quiz
  • End of module knowledge check – exam style questions
DAY TWO
Microsoft Azure and Office 365
  • Azure platform security architecture
  • Azure Virtual Networks
  • Azure network security best practices
  • Azure data security and encryption best practices
  • Azure Active Directory
  • Federated identity and Single Sign On
  • Azure Multi-factor authentication
  • Azure Key Vault
  • Azure Virtual Machine encryption
  • Microsoft Antimalware for Azure Cloud Services and Virtual Machines
  • Azure Security Center
  • Office 365 Service Architectures
  • Office 365 security across physical, logical and data layers
  • Office 365 email encryption options
  • Exchange Online Protection
  • GOV.UK Microsoft Office Security Guidance
Lab
  • Architecting on AWS - Deploying a Web Application on AWS
Google Apps for Work
  • Google Apps for Work applications and architectures
  • Integration with corporate directories
  • Single sign-on to enforce use of corporate devices and threat prevention
  • GOV.UK Google Apps for Work Security Guidance
  • Google Admin Console
  • Google Authenticator
  • Organisational Units
  • Administrative roles
  • Data privacy opt-in
Assurance
  • Centre for Internet Security (CIS) Foundation Benchmarks
  • Penetration tests of cloud environments
  • External audit and configuration review
Data Protection and Compliance
  • Personally, Identifiable Information (PII) and Personal Data
  • UK Data Protection Act and Information Commissioner’s Office (ICO)
  • European Union (EU) Data Protection Directive
  • EU General Data Protection Regulation (GDPR)
  • Cyber Essentials Plus
  • Cloud Security Alliance STAR
  • PCI DSS
  • AICPA SOC3 (formerly SAS70)
  • ISO 27001
Knowledge Check - Quiz
  • End of module knowledge check – exam style questions
DAY THREE
Containers
  • Concept of containers
  • Docker
  • Why development teams are moving to containers
  • Security issues of containers
  • Container security good practice
  • CIS Benchmark for Docker and Docker Bench tool
  • Orchestration – Kubernetes
  • Security features of Kubernetes
  • Orchestration – Docker Swarm
  • Cloud Service Provider container platforms (AWS, Azure, Google)
  • Container security solutions
Labs
  • Google Cloud Fundamentals: Getting Started with GKE
  • Architecting on AWS - Automating Infrastructure Deployment with AWS CloudFormation
Web Application Security
  • OWASP Top 10
  • Threat Modelling
  • Secure Software Development Lifecycle
Cloud Identity Services
  • SAML
  • oAuth, oAuth 2.0 and OpenID Connect
  • Cloud Identity Providers
Knowledge Check - Quiz
  • End of module knowledge check – exam style questions
DAY FOUR
Serverless
  • Concept of ‘serverless’
  • Pros and Cons
  • AWS Lambda
  • Step functions
  • Dynamo DB
  • SQS, SWS, S3
  • Serverless application architecture
  • Security implications
  • Environment Variable encryption
  • Azure Cloud Functions
  • Google Cloud Functions
Serverless Architecture Lab
  • Architecting on AWS - Implementing a Serverless Architecture with AWS Managed Services
Cloud Security as a Service
  • Cloud Security Services
  • Cloud analytics, e.g. Splunk Cloud
  • Cloud security operations management
Knowledge Check - Quiz
  • End of module knowledge check – exam style questions
Cloud Security Workshop
  • Scenario requirement
  • Develop security architecture in groups
  • Present back to wider group, review and discuss
DAY FIVE
Automation
  • Cloud service provider automation tools
  • Terraform by Hashicorp
  • Hardened build images
  • Vault by Hashicorp
  • Patching and update strategies
  • DevSecOps
Continuous Integration Pipeline
  • Continuous Integration Pipeline
  • Automated environment testing
  • Jenkins
  • Security issues
DevSecOps Lab
  • Automating the Deployment of Infrastructure Using Terraform
Knowledge Check - Quiz
  • End of module knowledge check – exam style questions
Read more

This is an NCSC Certified Training Course.

NCSC Certified Training Course

QA is an approved training provider for ELCAS, proud to support service leavers in their transition into the Tech industry.

ELCAS Enhanced Learning Credits Administration Service

Learn more

Why choose QA

Special Notices

Attendees are recommended to bring a smartphone or tablet upon which they can install apps: several labs use Multi-Factor Authentication (MFA) technologies and benefit from an app such as Google or Microsoft's 'Authenticator' app.

This course is not suited for customer sites where the use of portable electronic devices (e.g. smartphones, tablets) are restricted, as the trainer will require these to manage the cloud environment.

Dates & Locations

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
AppSec
Cloud Security
Cyber Management
Cyber Security Risk
Cyber Tech
DFIR Digital Forensics & Incident Response
Industrial Controls OT
NIST Pathway
Offensive Security
Privacy
Security Auditor
Vulnerability Assessment & Penetration Testing

Frequently asked questions

See all of our FAQs

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

Learn more about our Virtual Classrooms.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

Learn more about QA’s online courses.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Contact Us

Please contact us for more information