IT security - Cloud

With the expansion of the IT Cloud world, it is necessary to respond adequately in the field of security. In this course, we will go through the technological, legislative pitfalls of cloud environments. We will show the possibilities of design, operation and risks associated with the cloud. Let's look at how to grasp this solution so that it is well designed technologically and legislatively. We will say something about the current regulatory requirements within the Czech Republic and the EU from the perspective of the cloud world and in the end we will discuss practical examples from real implementations.

Audience

• IT security professionals
• Infrastructure architects
• System engineers

Outline

How to choose a cloud from a security perspective

• selection by parameters
• price
• scalability
• distance from customers
• legislative restrictions
• provider rating
• selection by type
• public
• hybrid
• private

Cloud technological model

• dataflows
• encryption
• integration

Required services to move to the cloud

• what applications to move to the cloud
• how to move data
• what data = data classification

Operation

• logging
• auditing
• verification
• monitoring
• public endpoints
• network management

Business continuity

• backup
• DR
• Active-Active
• Geolocation

Risk analysis

• data center failure
• outage management segment
• connection failure
• misuse of the application
• attacks (DoS, ...)

Native cloud tools

• release management
• technological stack - PaaS / SaaS
• microsegmentation
• anti-ddos

Practical examples

• Private cloud - OpenStack
• Hybrid model
• Migration to the public cloud

Prerequisities

• Knowledge of network security
• Knowledge of legislation
• Experience with public cloud an advantage