SANS SEC488 GCLD Cloud Security Essentials
 
Cloud security involves adapting traditional security practices to suit public clouds while understanding and leveraging the shared responsibility model. It requires continuously applying vendor-provided controls, which may be incomplete and inconsistent, to safeguard an organization's applications, data, and reputation while operating in a cloud environment over which the organization has limited control.

Research indicates that most enterprises have strategically opted for a multi-cloud platform, encompassing Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and other cloud service providers. Established CSPs offer a range of security services to assist customers in using their products securely, provided the customer is aware of these services and understands how to utilize them effectively. This cloud security course explores practical lessons using security services from major CSPs and open-source tools. Each training section includes hands-on lab exercises to reinforce the concepts learned, culminating in implementing a functional security architecture in the cloud.

This course will enable you to deploy appropriate security controls in the cloud, often leveraging automation for proactive monitoring. Beginning with a focus on Identity and Access Management (IAM), we will progress to securing cloud environments through discussions and hands-on exercises covering critical topics for defending various cloud workloads across different CSP models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS).

Business Takeaways:

- Gain insights into current cloud deployments
- Safeguard cloud-hosted workloads, services, and virtual machines
- Select and configure services cost-effectively to adequately defend cloud resources
- Proactively address common security misconfigurations in the cloud
- Ensure compliance with industry regulations and laws when operating in the cloud
- Reduce adversary dwell time in compromised cloud deployments

Skills Learned:

- Navigate security challenges and opportunities posed by cloud services
- Assess risks associated with various CSP services
- Choose appropriate security controls for a cloud network security architecture
- Evaluate CSPs based on documentation, security controls, and audit reports
- Confidently utilize services from leading CSPs
- Secure secrets used in cloud environments
- Utilize cloud logging capabilities for accountability
- Assess risks and risk control ownership based on deployment and service delivery models
- Evaluate the trustworthiness of CSPs based on security documentation and third-party attestations
- Secure access to CSP environments
- Implement native network security controls in AWS and Azure
- Follow penetration testing guidelines to assess cloud application security