Cloud Security Hardening Best Practices

Course Title	: Cloud Computing Security Reference Architecture Framework
Course Duration	: 2 Day Face-to-Face Classromm and 2 Day Online Intructor Led Workshop : Online workshop is delivered in two days, two units each day between 10:30 am to 1 pm and 3 pm to 5:30 pm
Course Fee	: Available upon request (Write to us at info@tlcpak.com)
Course Location	: TLC, Customer Onsite and Online
Course Code	: TN221
Deliverables	: Comprehensive Student Guide and Workshop Certificate

Customer onsite workshop can also be conducted for customers in Lahore, and Islamabad

PURPOSE:
In the era of digital transformation, the importance of information security and cybersecurity have been emerged as an essential education/training and is recommended to take by users from all LOB’s as a part of an organizational internal security policy helping them to understand and combat against latest types of threats, risk and vulnerabilities and how to effectively safeguard their endpoint devices.

Attacks on cloud accounts up 630% during COVID-19 pandemic during January and April 2020 timeframe. As per McAfee survey, it is found that overall enteprise use of cloud services increased by 50%, and use of collaboration services such as Cisco WebEx, Microsoft Team, Slack and Zoom increased up to 600%. In a nut shell, security vendors attributed much of those increases to the COVID-19 pandemic. Also, 48% od employess accoring to Gartner's Board of Directors 2021 survey, 48% of employees are working remotely now, versus 30% before the pandemic. 82% of organizations are planning to allow their employees to continue working from home at some level. 40% of companies that suffer a massive data loss will never reopen - Gartner Group.

Security in the cloud is just as vital as security in on-premises environments. Hardening a system is a way to protect it by reducing vulnerability. While hundreds of security recommendations may exist to harden any one technology, this course especially focuses on standard cloud security best practices, knowing key objectives prior embarking in the cloud, consensus-driven security configuration guidelines and recommendations subject to different cloud services and deployment models.

Moreover, providing a superior online experience for a global customer base is no longer optional. As demand increases for web-based services and applications, businesses must satisfy customer needs while ensuring that their websites and applications remain as secure, fast, and reliable as possible. With this shift, enterprises face new challenges and opportunities for growth — from anticipating and meeting customers’ digital needs to mounting a strong defense against web-based attacks, overcoming latency issues, preventing site outages, and maintaining network connectivity and performance.

This course provides an overview of the benefits of cloud computing and how various types of business applications and services can be used in a cloud network scenario. It aims to provide the learner with a good knowledge base of cloud computing concepts and the related enabling technologies. It outlines the pros and cons of cloud computing, the different cloud service models provided, cloud security aspects to consider, and the options for moving your services into the cloud. Other key concepts covered include cloud data storage solutions, Service Oriented Architecture and the cloud, and identity and access management services.

Transitioning to the cloud is one of the most significant technology shifts your company will face. Last year in 2020, over 80% of organizations operating in the cloud experienced at least one compromised account each month, stemming from external actors, malicious insiders, or unintentional mistakes.

The specifics of cloud security activities may vary depending on your cloud platforms and use cases, however, there are some best practices that every organization should follow.

The training course flow will be a mix of lectures & classroom discussions so that participants can have a detailed understanding of various components of cybersecurity technologies.

ABOUT THE WORKSHOP:
Security in the cloud is just as vital as security in on-premises environments. Hardening a system is a way to protect it by reducing vulnerability. While hundreds of security recommendations may exist to harden any one technology, this course especially focuses on standard cloud security best practices, knowing key objectives prior embarking in the cloud, consensus-driven security configuration guidelines and recommendations subject to different cloud services and deployment models.

Moreover, before you invest in migrating your application to cloud, there is a need to study what measures to be taken prior
selecting cloud security tools that not only support feature like DLP and Shadow IT but also understand how to provide end
to end API security.
We will be covering the role of Multi-Mode Next-Generation CASB Architecture details in this two-day online workshop. It is
important to perform a due diligence and thorough planning session prior selecting your CASB product/vendor. You should
avoid taking a wrong decision in opting your solution based on API-only CASB architecture and Multi-Mode First Generation
CASB Architecture. We will be covering Multi-Mode Next-Generation CASB Architecture as one of the unit in our course.

Nevertheless, providing a superior online experience for a global customer base is no longer optional. As demand increases for web-based services and applications, businesses must satisfy customer needs while ensuring that their websites and applications remain as secure, fast, and reliable as possible. With this shift, enterprises face new challenges and opportunities for growth — from anticipating and meeting customers’ digital needs to mounting a strong defense against web-based attacks, overcoming latency issues, preventing site outages, and maintaining network connectivity and performance.

ABOUT THE INSTRUCTOR:
This workshop shall be delivered by IBM Certified Cloud Architect who is also a TOGAF 9 Certified and IBM Certfied Infrastructure System Architect and an experienced trainer with 25+ years of career experience imparting education and training services both locally and internationally and have worked for international enterprise technology vendors including IBM, Fujitsu, and ICL. Our instructor holds various industry professional certifications in the space of enterprise servers and storage technologies, Information Security, Enterprise Architecture, ITIL, Virtualization, Green IT, and a co-author of 10 IBM Redbooks.

TARGETED AUDIENCE:
This workshop is intended for resources from:

Different LOB's including application, audit, risk, compliance, information security and cybersecurity profesionals, IT operations, system integrators, IT consultants, solution architects and legal professionals.
CXO's, Managers, Senior IT and Business Leaders who want to refresh thier present knowledge in the field of information and cybersecurity.
Students and fresh engineering graduates.

PREREQUISITES:
Participants attending this workshop should be familiar with basic Information Technology (IT) and Security concepts, business challenges and the role of general system wide infrastructure technologies and their applications.

COURSE OUTLINE:

Unit 1 – Cloud and Cloud Storage Fundamentals

Cloud Computing and Cloud Storage Defined.

Defining Service Oriented Architecture (SOA) and Web Services.

Describe Representational State Transfer (REST) Architecture.

Understand Cloud Service and Deployment Models' their details.

Problems in moving workloads to cloud and Application Readiness.

Cloud solution to common IT problems & challenges.

Business benefits of using Cloud Storage and associated Risks.

Cloud Storage Initiative by SNIA – Cloud Data Mgt. Interface.

Scalable Cloud Services Architecture & Storage Access Protocols.

Types of Cloud Storage Models and their types and applications.

Understand API and Cloud storage API protocols.

Obstacles to establish connectivity to Object Cloud Storage.

Understanding the Role of Cloud Storage Gateways.

Protocols supported by Cloud Storage Gateways.

What are the negatives to cloud computing and Security Concerns.

Data protection in the cloud and Cloud Seeding problems.

Compliance in the context of Data Protection & Technologies.

Understanding the Role of Data Sanitization and Best Practices.

Cloud enabling infrastructure technology used by low cost CSP.

Unit 1 Assessment

Unit 2 -Exploiting Network Threat Detection and Prevention Tools

Describe and understand Intrusion Detection System and Intrusion Prevention Systems.

Evaluate the effectiveness of your IDS and IPS systems.

Firewall and Network-based IPS/IDS.

IPS Capacity Planning and best practices.

A basic features Comparison Matrix – Firewall Vs IDS Vs IPS.

Critical issue with Zero-day vulnerability.

Understanding critical components of SIEM Solution.

How to select a right SIEM tools for your business.

Describing a solution based on Network Access Control.

Secure network components – NAC devices.

Best practices to implement Network Access Control.

Industry Use Cases for Network Access Control.

Next-Generation Firewall defined.

The path to next-generation secure network access.

Unit 2 Assessment.

Unit 3 – Ensure Secure and Reliable Network Connection

Ensure secure, Fast, and Reliable Customer Connections.

Overcome DNS challenges and strengthening client side security.

Explore client-side attacks and client side protection.

TLS challenges and effectively implementing TLS based solutions.

Global CDN, Faster Routing and Mobile Optimization.

How to select tools for optimal network path selection.

Web Application Firewall and their challenges.

Strengthen Security Posture for your WAF Infrastructure.

Bot Mitigation and their challenges.

DDoS Attack Mitigation and what to look for in a DDoS mitigation services provider.

Understand Load Balancing and its challenges.

Detect Anomalous behavior and Secure Web properties at the Edge.

Data Loss Prevention challenges and an end-to-end DLP solution.

Edge Programmability challenges.

Unit 3 Assessment.

Unit 4 – Cloud Access Security Broker Architecture - CASB

Understand 9 Layers of IT Infrastructure Foundation from overall Security perspective.

Cloud Management Components and Cloud Architecture.

Cloud Computing Reference Architecture – CCRA.

NIST Cloud Computing Reference Architecture.

Discussing Advanced Cloud Security Challenges.

Understand key pillars of Robust Cloud Security program.

Top Cloud Application Security Threats.

Cloud security features required for Cloud Computing Models.

Understand Cloud Access Security Broker.

Security features offered by Cloud Access Security Broker.

How Cloud Access Security Broker work.

Requirements of a CASB Solution.

Cloud Access Security Broker Solution Deployment Models.

Key considerations for choosing a CASB.

Multi-Mode Next-Gen CASB Architecture.

Use cases for Cloud Access Security Broker.

Cloud Access Security Broker Vs. Secure Access Service Edge.

CASB and SASE – Pros and Cons.

Privileged Access Management Defined.

Unprivileged to Privileged Access Management using Zero Trust Security Architecture.

Digital Enterprise based on Zero Trust Architecture – A Bigger View.

Cloud Security Best Practices any Organization should follow.

Unit 4 Assessment.

Following are the customers who have attended this workshop.

Group Photographs of students attended our Cloud Computing Security Reference Architecture Framework Workshop

Bank AL-Habib Ltd, Pakistan Oxygen Ltd, Adamjee Insurance and Muller & Phipps Pakistan has attended a two-day online workshop on "Cloud Computing Security Reference Architecture Framework" on November 17 - 18, 2021.