SANS SEC545 Cloud Security Architecture and Operations
 
Security is paramount as more organizations migrate data and infrastructure to the cloud. Operational and development teams explore new cloud services while executives seek cost savings and operational efficiencies. However, is information security susceptible to vulnerabilities? Many cloud providers lack detailed control information about their internal environments, and traditional security controls may not seamlessly translate to the public cloud.

The SEC545 course, Cloud Security Architecture and Operations, offers a comprehensive approach to addressing these challenges head-on. Beginning with a primer on cloud security fundamentals, we delve into crucial cloud policy and governance topics. Over two days, we explore technical security principles and controls for major cloud types (SaaS, PaaS, and IaaS). We examine the Cloud Security Alliance framework and assess risk for cloud services, focusing on technical areas.

Next, we tackle cloud architecture and security design, covering network, data, identity, and account security, among others. We dedicate a day to adapting offensive and defensive strategies to the cloud, including vulnerability management, pen testing, incident handling, and application security.

The course concludes with exploring SecDevOps and automation, integrating security into every stage of the cloud life cycle. We delve into embedding security into orchestration, deploying security through APIs and scripting, and automating incident detection and response.

Learning Objectives:

- Develop and refine internal policies to address cloud security comprehensively.
- Assess cloud risk, including threats, vulnerabilities, and impact across SaaS, PaaS, and IaaS.
- Implement security measures for all layers of a hybrid cloud environment, from hypervisors to application controls.
- Utilize Cloud Access Security Brokers (CASBs) for enhanced protection and monitoring of SaaS deployments.
- Design and implement network security access controls and monitoring in public cloud environments.
- Integrate cloud identity and access management (IAM) into the security architecture.
- Implement various cloud encryption methods and formats.
- Develop multi-tier cloud architectures in Virtual Private Clouds (VPCs) using subnets, availability zones, and gateways.
- Establish DevSecOps teams and automate deployment workflows using AWS and native tools.
- Incorporate vulnerability management, scanning, and penetration testing into cloud environments.
- Implement automated detection and response programs using AWS-IR, CloudWatch, CloudTrail, and AWS Lambda.
- Utilize automation tools like AWS CLI, Ansible, CloudFormation, and CloudWatch for operational tasks and security controls.