Audit and Security for Cloud-Based Services

Understanding Corporate Culture:

• the SPI Cloud Computing Model
• cloud network models
• key drivers for moving towards cloud-based services

Software as a Service (SaaS):

• key enterprise applications
• the SaaS transaction model(s)
• SaaS security and audit concerns

Platform as a Service (PaaS):

• major development providers/platforms
• PaaS security and audit concerns

Infrastructure as a Service (IaaS):

• host security in the cloud
• network security in the cloud
• data storage/SAN in a cloud IaaS environment
• cloud bursting
• cloud bursting
• IaaS security and audit concerns

Brokered Cloud Services:

• cloud aggregators
• cloud brokers
• cloud management service portals

Security as a Service:

• identity management as a service
• security event monitoring/IDS as a service
• vulnerability management as a service
• data leakage prevention as a service/Web filtering, e-mail filtering

Cloud-Based Security Standards and Dependencies:

• directories and identity management
• federated identities
• emerging security Standards: SPML, XACML, OAuth, OpenID, others

Governance in a Cloud Services Environment:

• key performance indicators
• audit trails for cloud-based services
• service level agreements, licensing
• legal complexities: data privacy, globalization, trans-border constraints
• third-party assessments and certifications: SAS70, ISO 27001

Disaster Recovery in a Cloud-Based Environment:

• SPI HA architectures
• virtualized environments and their impact on disaster recovery
• updating and testing disaster recovery plans

Cloud Security and Audit:

• key risks and audit concerns
• identifying key controls and mitigations
• cloud-based risk analysis models: ENISA, NIST, CSA
• security best-practices models for cloud-based services
• audit techniques and tests in a cloud-based environment