Cloud Security Assessment and Auditing

[wc-ps]
Academy
Cloud Security Assessment and Auditing

Cloud Security Assessment and Auditing

[wc-ps]
Academy
Cloud Security Assessment and Auditing

In brief

Companies are increasingly opting to migrate their IT infrastructure and services onto Cloud, driven by obvious reasons - cost effectiveness and scalability. However, many are unaware of the "shared security responsibility" with Cloud Service Provider (CSP) and assume that security responsibilities will be the function of the CSP. Cloud security breaches are on the rise and most can be attributed to 'the customer's fault'. It is important for companies to understand the various cloud deployment models, carefully assess and evaluate the inherent risks for each, and put in place measures and safeguards to ensure cloud security risks are managed effectively.

Note: pricing is customised, contact us for more information.

2 days                   Classroom/virtual

 

Target audience

 
  • IT executives
  • Risk management and compliance executives
  • Internal audit executives
 

Objectives

 

The course aims to provide participants a better understanding of the cloud architecture and deployment models, benefits of each, and the security related risks companies will need to be aware of as they move their services onto the cloud platform.

 

Outcome

 

At the end of the course, participants will be able to take away key learning points and tips in understanding cloud fundamentals and the following:

  • Recognise the key components and unique characteristics of the cloud
  • Recognise the business value of using the cloud
  • Identify the security and non-security risks arising from use of the cloud
  • Understand the key auditing techniques on cloud
 

Agenda

 
  • What is cloud computing?
  • History and evolution of cloud
  • Core Services: Compute, storage, network, and database
  • Why businesses are moving to cloud such as on-demand, elasticity, pay per Use, independent resource pooling, network access
  • Cloud concepts (covering on-premises vs. cloud, virtual resource, availability zone vs. region vs. edge locations, etc.)
  • Deep dive into cloud categories and delivery models: Categories: Public cloud /Private cloud /Hybrid cloud /Community cloud
  • Delivery models such as business process cloud /SaaS /PaaS / IaaS
  • Design for failure
  • Design principles
  • Scalability (vertically and horizontally, covering stateless applications, distribution of load to multiple loads, stateless/stateful components, distributed processing, etc.)
  • Disposable resources (covering bootstrapping, golden images, containers, etc.)
  • Loose coupling and removing single points of failure (e.g. redundancy, durable data storage, detecting failure, fault isolation, etc.)
  • Automation (serverless management and deployment, alarms and events, etc.)
  • Built-in security (touching on defense in depth, shared responsibility models, reduced privileged access with identity access management, real-time auditing, security as code, etc.)
  • Cost optimisation
  • High performance
  • Cloud threats and mitigation strategies
  • Shared responsibility model
  • Responsibilities of the customer / Secure cloud case studies
  • Cloud audit - Value and tactics / Cloud management audit/assurance programme / SOC 2 compliance
 

Professional associations recognising PwC CPE points

Not applicable

 

Available in

Malaysia

 

How It Works?

Other products people are interested in

Login

Quick Register

(e.g. Tan / Sri/ Datuk/ Mr /Mrs / Ms etc)