Course Methodology

This course is highly interactive and includes group discussions, case studies and syndicate work. It also includes practical exercises that allow all participants to use the knowledge they gained to demonstrate their skills in cloud management and security.

Course Objectives

By the end of the course, participants will be able to:

• Understand cloud strengths and misconceptions, and discuss its benefits and weaknesses
• Explain cloud structure, properties and management services
• Set a cloud adoption strategy
• Discuss the main requirements to move current cloud untrusted infrastructure to a trustworthy internet-scale cloud critical computing infrastructure
• Analyze the major risks associated with the different cloud services and deployment models
• Discuss the main principles, mechanisms and best practices for treating cloud risks
• Demonstrate the discussed concepts using practical case studies, business models and industrial tools

Target Audience

IT and infrastructure leaders, decision makers (CxO), risk analysts, strategic planners, architects, administrators, software and business developers, and project managers

Target Competencies

• Cloud management
• Identity management
• Access management
• Security risks management

Cloud overview

• Cloud definition, misconceptions and evolution
• Cloud services and deployment types
• Challenges

Cloud management

• Cloud structure and its properties
• Virtual and application layer management services
• Cloud dynamic nature and its challenges
• Application development and integration within clouds
• Security best practices for automating cloud infrastructure management
• Clarifying the concepts using industrial platforms

Establishing trust in clouds

• Defining cloud trustworthiness
• Its properties
• Assessing cloud trustworthiness
• Establishing trust in:
• Private
• Hybrid
• Community
• Public cloud deployment types
• Establishing trust in:
• IaaS (Infrastructure as a Service) 
• PaaS (Platform as a Service)
• SaaS (Software as a Service)
• Clarifying the concepts using openstack management platform

Identity and access management

• Authentication
• Authorization
• Access management
• Federated access management
• Insiders vs attackers
• Insiders analysis and management
• Related industrial tools:
• Cloud insider treatments
• Cloud strong authentication

Provenance in clouds

• Definition and attributes
• Challenges faced
• Security risks mitigation using provenance
• Case studies for using provenance:
• Forensic investigation
• Trustworthy operational management
• Proactive and predictive management
• Bill assurance
• Related industrial tools