Skip to main content
Cloud Computing Security in Security Management

Cloud Computing Security in Security Management

$249.00
When you get access:
Course access is prepared after purchase and delivered via email
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
Who trusts this:
Trusted by professionals in 160+ countries
Your guarantee:
30-day money-back guarantee — no questions asked
How you learn:
Self-paced • Lifetime updates
Adding to cart… The item has been added

This curriculum spans the design and operationalisation of cloud security controls across identity, data, infrastructure, and third-party risk, comparable in scope to a multi-phase advisory engagement addressing continuous compliance, secure DevOps, and threat resilience in regulated enterprise environments.

Module 1: Foundational Cloud Security Architecture

  • Selecting between shared responsibility model interpretations based on cloud service provider (AWS, Azure, GCP) and deployment type (IaaS, PaaS, SaaS).
  • Designing secure network segmentation using virtual private clouds (VPCs), subnets, and regional peering with explicit egress filtering.
  • Implementing identity federation using SAML 2.0 or OIDC to integrate cloud platforms with existing enterprise identity providers.
  • Enforcing encryption of data at rest by configuring KMS-managed keys with customer-managed policies and audit logging.
  • Establishing secure default configurations for compute instances using hardened machine images and automated configuration drift detection.
  • Defining boundary protection controls for hybrid environments, including site-to-site VPNs and encrypted direct connects.

Module 2: Identity and Access Management Governance

  • Implementing least-privilege role policies using cloud-native IAM with condition keys for time, IP, and MFA enforcement.
  • Managing cross-account access using trust policies and organizational units within cloud provider directories.
  • Enabling just-in-time (JIT) privileged access through integration with PAM solutions for administrative roles.
  • Conducting quarterly access certification reviews using automated IAM analytics and access advisor reports.
  • Integrating cloud identity logs with SIEM platforms using native APIs for real-time anomaly detection.
  • Enforcing conditional access policies based on device compliance, location, and risk signals from identity protection services.

Module 3: Data Protection and Encryption Strategy

  • Classifying data assets according to sensitivity and mapping encryption requirements to regulatory frameworks (e.g., HIPAA, GDPR).
  • Deploying client-side encryption for data in transit to cloud storage, managing key lifecycles independently of cloud providers.
  • Implementing tokenization or masking for non-production environments using data anonymization pipelines.
  • Configuring bucket policies and object access controls to prevent public exposure of storage resources.
  • Integrating cloud data loss prevention (DLP) tools with email gateways and collaboration platforms to detect exfiltration attempts.
  • Establishing data residency controls by enforcing storage location constraints and monitoring cross-region replication.

Module 4: Threat Detection and Incident Response

  • Deploying cloud-native detective controls such as AWS GuardDuty, Azure Defender, or GCP Security Command Center with custom threat intelligence feeds.
  • Designing automated response playbooks using serverless functions triggered by security findings (e.g., isolate instance, revoke keys).
  • Conducting purple team exercises to validate detection coverage across cloud workloads and identity events.
  • Implementing host-based logging on compute instances using lightweight agents that forward to centralized collectors.
  • Establishing cloud-specific incident runbooks that define roles, communication channels, and evidence preservation procedures.
  • Performing forensic data acquisition from ephemeral cloud resources using memory snapshots and preserved boot volumes.

Module 5: Secure Development and DevOps Integration

  • Embedding static application security testing (SAST) into CI/CD pipelines with policy gates that block non-compliant code deployments.
  • Managing secrets in automation workflows using dedicated secret stores instead of environment variables or configuration files.
  • Implementing infrastructure as code (IaC) scanning using tools like Checkov or tfsec to detect misconfigurations pre-deployment.
  • Enforcing signed and versioned artifact promotion across development, staging, and production environments.
  • Restricting deployment permissions to CI/CD systems using short-lived credentials and role assumption.
  • Monitoring drift between declared IaC templates and actual cloud state using automated configuration auditing tools.

Module 6: Compliance and Audit Management

  • Mapping cloud control configurations to compliance frameworks (e.g., NIST 800-53, ISO 27001, SOC 2) using control matrices.
  • Generating audit-ready evidence packages using automated compliance reporting tools like AWS Audit Manager.
  • Responding to auditor requests for logs by defining retention policies and access controls for audit data stores.
  • Implementing configuration standards using cloud policy engines (e.g., AWS Config, Azure Policy) with non-compliance alerts.
  • Documenting exceptions and compensating controls for inherited cloud services lacking direct configurability.
  • Conducting internal control testing cycles to validate the effectiveness of automated compliance monitoring.

Module 7: Cloud Security Posture Management (CSPM)

  • Deploying CSPM tools to continuously assess configuration risks across multi-cloud environments with unified policy sets.
  • Normalizing findings from disparate cloud providers into a single risk scoring model for executive reporting.
  • Integrating CSPM alerts with ticketing systems using webhooks and deduplication logic to reduce operational noise.
  • Defining ownership attribution for cloud resources using tagging standards and cost center mappings.
  • Establishing remediation SLAs based on risk severity and automating low-risk fixes via API-driven workflows.
  • Conducting quarterly CSPM rule tuning exercises to reduce false positives and align with evolving business use cases.

Module 8: Third-Party and Supply Chain Risk

  • Evaluating SaaS provider security controls through standardized questionnaires (e.g., SIG, CAIQ) and audit reports (SOC 2).
  • Monitoring vendor API usage patterns for anomalous behavior indicating compromised integrations.
  • Enforcing contractual obligations for incident notification timelines and data handling practices in cloud vendor agreements.
  • Isolating third-party application access using dedicated cloud accounts and network segmentation.
  • Revoking API keys and OAuth tokens for offboarded vendors using automated deprovisioning workflows.
  • Assessing software bill of materials (SBOM) for cloud-native applications to identify vulnerable open-source dependencies.
!