Companies are increasingly opting to migrate their IT infrastructure and services onto Cloud, driven by obvious reasons - cost effectiveness and scalability. However, many are unaware of the "shared security responsibility" with Cloud Service Provider (CSP) and assume that security responsibilities will be the function of the CSP. Cloud security breaches are on the rise and most can be attributed to 'the customer's fault'. It is important for companies to understand the various cloud deployment models, carefully assess and evaluate the inherent risks for each, and put in place measures and safeguards to ensure cloud security risks are managed effectively.
Note: pricing is customised, contact us for more information.
Risk management and compliance executives
Internal audit executives
The course aims to provide participants a better understanding of the cloud architecture and deployment models, benefits of each, and the security related risks companies will need to be aware of as they move their services onto the cloud platform.
At the end of the course, participants will be able to take away key learning points and tips in understanding cloud fundamentals and the following:
Recognise the key components and unique characteristics of the cloud
Recognise the business value of using the cloud
Identify the security and non-security risks arising from use of the cloud
Understand the key auditing techniques on cloud
What is cloud computing?
History and evolution of cloud
Core Services: Compute, storage, network, and database
Why businesses are moving to cloud such as on-demand, elasticity, pay per Use, independent resource pooling, network access
Cloud concepts (covering on-premises vs. cloud, virtual resource, availability zone vs. region vs. edge locations, etc.)
Deep dive into cloud categories and delivery models: Categories: Public cloud /Private cloud /Hybrid cloud /Community cloud
Delivery models such as business process cloud /SaaS /PaaS / IaaS
Design for failure
Scalability (vertically and horizontally, covering stateless applications, distribution of load to multiple loads, stateless/stateful components, distributed processing, etc.)
Disposable resources (covering bootstrapping, golden images, containers, etc.)
Loose coupling and removing single points of failure (e.g. redundancy, durable data storage, detecting failure, fault isolation, etc.)
Automation (serverless management and deployment, alarms and events, etc.)
Built-in security (touching on defense in depth, shared responsibility models, reduced privileged access with identity access management, real-time auditing, security as code, etc.)
Cloud threats and mitigation strategies
Shared responsibility model
Responsibilities of the customer / Secure cloud case studies
Cloud audit - Value and tactics / Cloud management audit/assurance programme / SOC 2 compliance
Professional associations recognising PwC CPE points