Instructor-Led Red Hat Training

Cloud Security Architecture and Operations

4 days

This Cloud Security course will cover Cloud Security, Cloud Security Architecture, Cloud Security Operations, and will include hands-on labs from AWS Security Engineer course. Security architecture and operations is the systematic design and ongoing management of security controls, policies, and practices across cloud environments. It secures workloads, identities, and data against dynamic threats while maintaining compliance, primarily using a zero-trust approach. Hands-on labs using AWS will reinforce learning using security key services including compute, storage, networking, database services, tools for automation, continuous monitoring and logging, responding to security incidents and leverage the AWS shared security responsibility model, and Architect and build AWS security application infrastructures.

Students will learn to implement the Core Pillars of Cloud Security Architecture:

  • Identity and Access Management (IAM): The new perimeter. Focuses on least privilege, role-based access control (RBAC), multi-factor authentication (MFA), and eliminating excessive cloud permissions.
  • Network Segmentation: Implementing micro-segmentation using hub-and-spoke network models and centralized firewalls to inspect north-south and east-west traffic.
  • Data Protection: Employing encryption for data in transit and at rest, alongside robust key management services (KMS) and data loss prevention (DLP) tools.
  • Workload Security: Securing containers, virtual machines, and APIs against configuration drift and  runtime vulnerabilities.

Students will learn to Implement Operational Best Practices:

  • Shared Responsibility Model: Clearly defining security obligations between the Cloud Service Provider (CSP)—such as AWS, Azure, or GCP—and your organization. [12]
  • Cloud Security Posture Management (CSPM): Continuously monitoring cloud environments for misconfigurations and compliance violations. [12]
  • Cloud Workload Protection Platforms (CWPP): Defending dynamic, ephemeral workloads across multi-cloud environments.
  • Cloud Native SIEM & SOAR: Centralizing intra-cloud telemetry, log analysis, and incident response playbooks for automated threat detection.

Students will Learn to Implement Key Frameworks & Guidelines:

  • Cloud Security Alliance (CSA) Cloud Controls Matrix: Offers a standardized baseline for cloud security assurance.
  • NIST Cloud Computing Security Reference Architecture: Provides federal and enterprise guidance on cloud deployment models and risk mitigation.
  • OWASP Secure Cloud Architecture: Best practices specifically focused on protecting APIs, serverless functions, and object storage.

Students will do relevant AWS Security Engineer Hands-On Labs to reinforce learning:

Identifying entry points on AWS

  • Ways to access the platform IAM policies Securing entry points Incident response
  • Lab - cross-account authentication

Security Considerations - Web Applications

  • Security points in an AWS web application environment Analyse a three-tier application model and identify common threats Assess environments to improve security

Application Security

  • Securing EC2 instances Assess vulnerabilities with Inspector Apply security in an automated way using Systems Manager Isolate a compromised instance
  • Lab - Assessing Security with Inspector and Systems Manager

Securing Networking Communications - Part 1

  • Apply security best practices to VPC Implement an ELB device as a protection point Protect data in transit using certificates
  • Data Security
  • Protect data at rest using encryption and access controls AWS services used to replicate data Protect archived data
  • Security Considerations: Hybrid Environments
  • Security points outside of a VPC Common DoS threats
  • Monitoring and Collecting Logs on AWS
  • Monitor events and collect logs with CloudWatch Use Config to monitor resources AWS-native services that generate and collect logs
  • Lab - Server Log Analysis Part 1 - collect logs

Processing Logs on AWS

  • Stream and process logs for further analysis AWS services used to process logs from S3 buckets
  • Lab - Server Log Analysis Part 2 - analyse logs

Securing Networking Communications - Part 2

  • Identify AWS services used to connect on-premise to AWS Data protection between on-premise and AWS Securely access VPC resources in other accounts
  • Out-Of-Region Protection
  • Use Route 53 to isolate attacks Implement WAF to protect applications Use CloudFront to deliver content securely Protect applications using Shield
  • Account Management on AWS
  • Manage multiple accounts Use identity providers / brokers to acquire access to AWS services
  • Lab - AWS Federated Authentication with ADFS

Security Considerations: Serverless Environments

  • How to secure data in a serverless environment Use Cognito to authorize users Control API access with API Gateway Use AWS messaging services securely Secure Lambda functions
  • Lab - Monitor and Respond with Config and Lambda

Secrets Management on AWS

  • Manage key and data encryption with KMS Describe how CloudHSM is used to generate and secure keys Use Secrets Manager to authenticate applications
  • Lab - Using KMS

Security Automation on AWS

  • Deploy security-oriented AWS environments in a reproducible manner Provide management and control of IT services to end-users in a self-serve manner
  • Lab - Security Automation on AWS with Service Catalog

Threat Detection and Sensitive Data Monitoring

  • Threat detection and monitoring for malicious or unauthorized behavior Leverage machine learning to gain visibility into how sensitive data is being managed in the AWS Cloud

Back to top