homepage
Open menu
Contact Sales

SEC510: Public Cloud Security: AWS, Azure, and GCP

GIAC Public Cloud Security (GPCS)
GIAC Public Cloud Security (GPCS)
Register Now Course Demo
  • In Person (5 days)
  • Online
38 CPEs

Organizations are becoming multi cloud by choice or by chance. However, although each cloud provider is responsible for the security of the cloud, its customers are responsible for what they do in the cloud. Unfortunately, this means that security professionals must support hundreds of different services across multiple clouds. Many of these services are insecure by default, and few of them are consistent across the different clouds. Security teams need a deep understanding of each cloud's services to lock them down. As the multicloud landscape rapidly evolves, security is constantly playing catch-up to avert disaster. SEC510: Public Cloud Security: AWS, Azure, and GCP solves this problem by teaching you the security nuances between the Big 3 cloud providers and how to securely configure their Platform as a Service (PaaS) / Infrastructure as a Service (IaaS) offerings. 20 Hands-On Labs + Bonus Challenges

Course Authors:
Brandon Evans
Brandon Evans
Certified Instructor
Eric Johnson
Eric Johnson
Senior Instructor
What You Will LearnSyllabusCertificationPrerequisitesLaptop RequirementsAuthor StatementReviewsTraining & Pricing

What You Will Learn

"AWS, Azure and GCP don't handle basic security functions...in exactly the same way. There are nuances that must be taken into account in order for security measures to work properly...The professionals who understand these nuances are not easy to find." - Shai Morag, Forbes Technology Council

Multiple Clouds Require Multiple Solutions

SEC510 provides cloud security practitioners, analysts, and researchers with the nuances of multi-cloud security. Students will obtain an in-depth understanding of the inner workings of the most popular public cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud (often referred to as Google Cloud Platform, or GCP). SEC510 leverages industry-renowned standards and methodologies, such as the Center for Internet Security (CIS) Cloud Foundations Benchmarks, MITRE ATT&CK Cloud Matrix, and Cyber Defense Matrix alongside original research. Students will then apply that knowledge through hands-on exercises in real cloud environments for each provider, launching unhardened services, analyzing their security configurations, validating that they are insufficiently secure, deploying patches, and validating the remediation. This teaches students the philosophies that undergird each provider and how these have influenced their services. Students will leave the course confident that they have the knowledge they need to support their organization's adoption of Platform as a Service (PaaS) / Infrastructure as a Service (IaaS) offerings in each cloud.

What Is Public Cloud Security?

Public Cloud Security is security for cloud platforms that are not managed in-house, such as AWS, Azure, and Google Cloud.

"This class was an excellent investment. I learned a great deal about the various strengths and weaknesses in the 3 largest cloud providers' default services and default configurations as well as inherent insecurities that can't be easily mitigated. There is a great deal of actionable content that I can take back to my team as we work to monitor and help our clients secure their cloud environments." - John Senn, EY

Business Outcomes

  • Maximize technology spend of equipment, services, and employees
  • Decrease the organization's risk profile through customized security configurations
  • Control the confidentiality, integrity, and availability of data in every cloud service provider
  • Increase use of secure automation to keep up with the speed of today's business environment

Students Will Learn How To

Make informed decisions in the Big 3 clouds by understanding the inner workings of each of their Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) offerings

  • Implement secure Identity and Access Management (IAM) with multiple layers of defense-in-depth
  • Build and secure multicloud networks with segmentation and access control
  • Encrypt data at rest and in-transit throughout each cloud
  • Control the confidentiality, integrity, and availability of data in each cloud storage service
  • Support non-traditional computing platforms like Application Services and serverless Functions as a Service (FaaS)
  • Integrate each cloud provider with one another without the use of long-lived credentials
  • Automate security and compliance checks using cloud-native platforms
  • Guide engineering teams in enforcing these security controls using Terraform and Infrastructure-as-Code (IaC)

Hands-On Public Cloud Security Training

SEC510: Public Cloud Security: AWS, Azure, and GCP reinforces all of the concepts discussed in the lectures through hands-on labs in real cloud environments. Each lab includes step-by-step guide as well as a "no hints" option for students who want to test their skills without further assistance. This allows students to choose the level of difficulty that is best for them and fall back to the step-by-step guide as needed. Students can continue to access the lab instructions, application code, and Infrastructure-as-Code after the course concludes. With this, they can repeat every lab exercise in their own cloud environments as many times as they would like.

SEC510 also offers students an opportunity to participate in Bonus Challenges each day in a gamified environment, while also providing more hands-on experience with the Big 3 cloud sevice providers and relevant utilities. Can you win the SEC510 Challenge Coin?

  • Section 1: VM Credential Exposure, Hardening AWS IAM Policies, Hardening Azure and GCP Policies, Advanced IAM features, Bonus Challenges Section 1
  • Section 2: Network Lockdown, Analyzing Network Traffic, Private Endpoint Security, Cloud VPN and Managed SSH, Bonus Challenges Section 2
  • Section 3: Audit Decryption Events, "Encrypt all the Things!", Storage Service Lockdown, Sensitive Data Detection and Exfiltration, Bonus Challenges Section 3
  • Section 4: App Service Security, Serverless Prey, Hardening Serverless Functions, Login with the Microsoft Identity Platform, Broken Firebase Database Access Control, Bonus Challenges Section 4
  • Section 5: Secure Multicloud Integration, Automated Benchmarking, Microsoft Defender and Multicloud, Bonus Challenge Finale, Lab Teardown, Bonus Challenges Section 5

"Labs are amazing, they cover all the content we review over the lecture." - Enrique Gamboa, ALG

"Labs are insane. Such a great setup. I'm learning a ton and plus will be able to build upon this great foundation." - Kevin Sahota, 604 Security

"Labs are very well structured and detailed to explain exactly what is happening and why." - Gareth Johnson, Close Brothers

"The labs are very interesting, the possibility to re-run them with more time to think about it, to explore, is absolutely game changing and great. My biggest concern is actually to be able to make the time to redo them, but frankly the material is that good that I will find a way to do so." - Michael Dechandon, ANSSI

Syllabus Summary:

Section 1 - Securely Use Cloud Identity and Access Management (IAM) and Defending IAM Credentials

Section 2 - Restrict Infrastructure and Data Access to Private Cloud Networks, Monitor for Suspicious Network Traffic, and Use Secure Remote Access Capabilities

Section 3 - Manage Cryptographic Keys, Apply Encryption at Rest and In-Transit Across Cloud Services, Protect Data in Cloud Storage Services, Audit Encryption Key and Storage Access, and Detect Sensitve Data in the Clouds

Section 4 - Secure the Cloud Compute Services that Run Applications, Including Serverless Functions as a Service (FaaS), Manage Application Consumer Identities, and Analyze Firebase (a Suite of Services Acquired by and Integrated with Google Cloud)

Section 5 - Authenticate Clouds to One Another and Automate Misconfiguration Benchmarking

Free Resources:

What You Will Receive:

  • Printed and Electronic courseware
  • MP3 audio files of the course
  • Course virtual machine (VM) with all lab exercises that can be redone outside of class indefinitely
  • Thousands of lines of Infrastructure-as-Code and secure configurations for each cloud platform that you can use at your organization

What Comes Next:

SANS offers several courses that are excellent compliments to SEC510 depending on your job role:

Cloud Security Analyst

Cloud Security Engineer

Cloud Security Architect

DevSecOps Professional

Learn more about our job role based training journeys at sans.org/cloud-security/ace.

Syllabus (38 CPEs)

Download PDF
  • Overview

    SEC510 starts with a brief overview of the public cloud adoption trends. We will examine the factors driving the rise in popularity of Azure and GCP, which historically have lagged far behind AWS. Students will then initialize their lab environment and deploy a modern web application to each of the Big 3 providers.

    This leads into an analysis of one of the most fundamental and misunderstood concepts in cloud security: Identity and Access Management (IAM). Students will compromise real IAM credentials from cloud virtual machines using the Instance Metadata Service (IMDS) to examine firsthand how an attacker can use them to access sensitive cloud data.

    The remainder of this section will focus on how to harden the IMDS and leverage well-written IAM policies to minimize the harm caused by such attacks. These strategies are critical to prevent a minor vulnerability from becoming front-page news.

    Exercises
    • VM Credential Exposure
    • Hardening AWS IAM Policies
    • Hardening Azure and GCP Policies
    • Advanced IAM Features
    • Bonus Challenges (Section 1)
    Topics

    The Multicloud Movement

    • Cloud Market Trends
    • Multicloud Considerations
    • Cloud Procurement through Mergers and Acquisitions
    • Shadow Cloud Accounts

    Multicloud Security Assessment

    • Cyber Defense Matrix
    • Center for Internet Security (CIS) Cloud Foundations Benchmarks
    • MITRE ATT&CK Cloud Matrix
    • Lab Environment Introduction
    • HashiCorp Terraform Overview

    Identity and Access Management

    • Identities
    • Policies
    • Organization-Wide Controls
    • AWS IAM
    • Azure Active Directory (Azure AD) and Microsoft Entra ID
    • Google Cloud IAM

    Cloud Metadata and Credential Services

    • The Cloud Instance Metadata Service (IMDS) for each cloud provider
    • IMDS Compromise Case Study
    • IMDS Hardening

    Related Application Vulnerabilities

    • Command Injection

    SERVER-SIDE REQUEST FORGERY

  • Overview

    Section 2 covers how to lock down infrastructure within a virtual private network. As the public cloud IP address blocks are well known and default network security is often lax, millions of sensitive assets are unnecessarily accessible to the public Internet. This section will ensure that none of these assets belong to your organization.

    It begins by demonstrating how ingress and egress traffic can be restricted within each provider. Students will analyze the damage that can be done without these controls by accessing a public-facing database and creating a reverse shell session in each environment. We will then eliminate both attack vectors with secure cloud configuration.

    The next module covers cloud-based network analysis capabilities to address malicious traffic on network channels that cannot be blocked. Students will analyze cloud flow logs and search for indicators of compromise. The module also covers AWS Traffic Mirroring and Google Cloud Packet Mirroring, both of which have associated Bonus Challenges.

    With our infrastructure locked down, we pivot to controlling network access to Platform as a Service (PaaS) using Private Endpoints. We will demonstrate how defenders can use these endpoints to restrict data access to internal networks and how attackers can abuse them to exfiltrate data.

    This section concludes with techniques for securely granting organization members access to assets in private cloud networks. These techniques allow an organization to work effectively while keeping internal systems off the public internet.

    Exercises
    • Network Lockdown
    • Analyzing Network Traffic
    • Private Endpoint Security
    • Cloud VPN and Managed SSH
    • Bonus Challenges (Section 2)
    Topics

    Cloud Virtual Networks

    • Network Service Scanning
    • Default Network Configuration
    • Network Security Groups

    Network Traffic Analysis

    • Flow Logging
    • AWS Traffic Mirroring
    • Google Cloud Packet Mirroring
    • Google Cloud Firewall Rules Logging

    Private Endpoints

    • AWS PrivateLink
    • Azure Private Link
    • Google Cloud Private Google Access
    • Google Cloud VPC Service Controls
    • Custom Service Endpoints

    Advanced Remote Access

    • Managed SSH
    • Hybrid VPN Gateways
    • AWS Session Manager
    • Azure Bastion
    • Google Cloud OS Login
    • Google Cloud Identity-Aware Proxy (IAP)

    Command and Control ServersSoftware Supply-Chain Attacks

  • Overview

    Data security is as important, if not more important, in the cloud than it is on-premises. There are countless cloud data leaks that could have been prevented with the appropriate controls. This section examines the cloud services that enable data encryption, secure storage, access control, data loss detection, policy enforcement, and more.

    The first half of Section 3 covers all you need to know about encryption in the cloud. Students will learn about each provider's cryptographic key management solution and how it can be used to apply multiple layers of encryption at rest. Students will also learn how in-transit encryption is performed throughout the cloud, such as the encryption between clients, load balancers, applications, and database servers. These techniques will improve your organization's security while satisfying its legal and compliance needs.

    The second half of Section 3 is primarily focused on cloud storage services. After briefly discussing the most basic storage security technique, turning off public access, it will cover more advanced controls like organization-wide access control, file versioning, data retention, secure transit, and more. It concludes with a discussion of additional data exfiltration paths and how to automatically detect sensitive data storage.

    Exercises
    • Audit Decryption Events
    • Encrypt All The Things!
    • Storage Service Lockdown
    • Sensitive Data Detection and Exfiltration
    • Bonus Challenges (Section 3)
    Topics

    Cryptographic Key Management

    • AWS KMS
    • Azure Key Vault
    • Google Cloud KMS
    • Overview of Single-Tenant Alternatives: AWS CloudHSM, Azure Dedicated HSM, and Azure Key Vault Managed HSM
    • Key Usage Audit Logging

    Encryption with Cloud Services

    • Disk-Level Encryption
    • Service-Level Encryption
    • Column-Level Encryption
    • In-Transit Encryption

    Cloud Storage Platforms

    • Access Control
    • Audit Logs
    • Data Retention

    Sensitive Data Detection and Exfiltration

    • Data Exfiltration Paths
    • Signed URLs
    • Amazon Macie
    • Amazon CloudWatch Logs Data Protection
    • Overview of Microsoft Purview and Azure Information Protection
    • Google Cloud Data Loss Prevention
  • Overview

    This section teaches students how to secure the infrastructure powering their cloud-based applications and how to protect the users of those applications. It begins with App Services, platforms that simplify the process of running and scaling cloud applications. This leads into a computing paradigm taking the industry by storm: serverless Functions as a-Service (FaaS). It balances the discussion of the challenges serverless introduces with the advantages it provides in securing product development and security operations. After introspecting the serverless runtime environments using Serverless Prey (an open-source tool written by the course authors), students will examine and harden practical serverless functions in a real environment. They will also learn how FaaS security impacts App Service security.

    The next module covers how Customer Identity and Access Management (CIAM) can help track and authenticate the users of an organization's applications. The Google Cloud Platform obtained their CIAM services through their acquisition of a company named Firebase. The section concludes with a detailed breakdown of this CIAM and its interplay with Firebase's flagship product, the Realtime Database. This highly popular but rarely reviewed service is a serverless database with many access control considerations and security implications for Google Cloud projects.

    Exercises
    • App Service Security
    • Serverless Prey
    • Hardening Serverless Functions
    • Login with the Microsoft Identity Platform
    • Broken Firebase Database Access Control
    • Bonus Challenges (Section 4)
    Topics

    App Services

    • Overview of AWS Elastic Beanstalk
    • Azure App Service
    • Google App Engine

    Cloud Serverless Functions

    • Security Advantages and Concerns
    • Function as a Service Defense
    • Persistence with Serverless

    Cloud Customer Identity and Access Management (CIAM)

    • Overview of OAuth 2.0, OpenID Connect (OIDC), and SAML
    • Amazon Cognito User Pools
    • Microsoft Identity Platform
    • Overview of Azure AD Business-to-Consumer (B2C) and Microsoft Entra External ID for Customers
    • Google Cloud Identity for Customers and Partners (CICP)
    • Firebase Authentication

    Firebase Databases and Google Cloud Implications

    • Realtime Database
    • Cloud Firestore
    • Google Cloud Privilege Escalation via Firebase
    • Compliance Concerns
  • Overview

    The course concludes with practical guidance on how to operate an organization across multiple cloud providers. Many of the topics discussed in the sections become more complicated if an organization's cloud providers are integrated with one another. We begin by discussing how multicloud integration impacts Identity and Access Management (IAM). Many organizations use long-lived credentials to support multicloud integrations. These credentials are much more valuable to attackers than those that are short-lived. Although students will learn best practices for long-lived credentials, this will only mitigate the risk, not eliminate it. This module goes one step further by demonstrating novel ways to use Workload Identity Federation to authenticate from one cloud provider to another with short-lived cloud credentials.

    The next module covers the cloud-native Cloud Security Posture Management (CSPM) services. Students will use these services to automate security checks for the Center for Internet Security (CIS) Benchmarks we have covered throughout the course. With these capabilities, an organization can take the lessons learned in SEC510 and apply them at scale.

    The final module, Multicloud CSPM, ties these two topics together. Most organizations would prefer to use a single platform to assess the security posture of all of their clouds. After learning about the third-party multicloud CSPM services, students will leverage Workload Identity and Microsoft Defender for Cloud to analyze the security posture of all three cloud providers. If implemented properly, this capability will be invaluable to security organizations. If done wrong, this integration can decrease the security of the organization's AWS accounts and Google Cloud projects. This module will highlight these pitfalls to ensure that students engineer this correctly from the start.

    Exercises
    • Secure Multicloud Integration
    • Automated Benchmarking
    • Microsoft Defender and Multicloud
    • Bonus Challenge Finale
    • Lab Teardown
    • Bonus Challenges (Section 5)
    Topics

    Multicloud Access Management

    • Risks from Long-Lived Credentials
    • Workload Identity Federation
    • Cross-Cloud Authentication Without Long-Lived Credentials

    Cloud Security Posture Management

    • AWS Security Hub
    • Azure Security Center
    • Google Cloud Security Command Center
    • Open-Source Solutions

    Multicloud Security Posture Management

    • Third-Party Multicloud Security Posture Management
    • Microsoft Defender for Cloud CSPM

    Summary

    Additional Resources

GIAC Public Cloud Security

The GIAC Public Cloud Security (GPCS) certification validates a practitioner's ability to secure the cloud in both public cloud and multi cloud environments. GPCS-certified professionals are familiar with the nuances of AWS, Azure, GCP and have the skills needed to defend each of these platforms.

  • Evaluation and comparison of public cloud service providers
  • Auditing, hardening, and securing public cloud environments
  • Introduction to multi-cloud compliance and integration
More Certification Details

Prerequisites

Although SEC510 uses Terraform Infrastructure-as-Code to deploy and configure services in each cloud for the labs, students will not need in-depth knowledge of Terraform or need to understand any of the syntax used. However, students will be introduced at a high level to what this code accomplishes.

The following are courses or equivalent experiences that are prerequisites for SEC510:

For those looking to prepare ahead of time, check out the Terraform Getting Started Guide: https://learn.hashicorp.com/terraform/getting-started/install

This class requires a basic understanding of web application technology and concepts such as HTML and JavaScript. To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. Attendees should have some understanding of concepts like databases (SQL) and scripting languages used in modern web applications.

Laptop Requirements

CRITICAL NOTE: Apple systems using the M1/M2 processor line cannot perform the necessary virtualization functionality and therefore cannot be used for this course.

LAB PREPARATION

Please plan to arrive 30 minutes early before your first session for lab preparation and setup. During this time, students can confirm that each cloud account is properly set up, ensure that laptops have virtualization enabled, copy the lab files, and start the Linux virtual machine. For students taking the course Live Online, the instructor will be available to assist them with laptop prep and setup 30 minutes prior to the start of the course.

The first lab of the course, Lab 0, is the foundation for the rest of the course. Failure to complete Lab 0 will prevent the student from completing any other lab exercise. Students should complete as much of Lab 0 as possible prior to the first session.

MANDATORY CLOUD ACCOUNT

The SEC510 course labs contain lab exercises for AWS, Azure, and GCP. Most labs can be completed with any one of these providers. However, we strongly recommend completing the labs for all three providers to learn how the services in each differ in small, yet critical ways. Experiencing this nuance in these interactive labs will help you better defend each platform and prepare for the GPCS certification.

  • SANS will provide students with the AWS account and Azure subscription required to complete the labs for those providers.
  • Students must bring their own Google Cloud account in order to complete all of the course labs.

Prior to the start of class, students must create a Google Cloud account if they would like to complete the associated labs. This account must be brand new (never used for any other purpose). Students who would like to complete the Firebase lab must create a Google Cloud account even if they choose not to complete the rest of the Google Cloud exercises. New Google Cloud users get $300 in free credits:

  • Conference students should not incur any additional costs completing the labs
  • OnDemand students could incur additional fees depending on how long the lab environment remains active

Students can create the Google Cloud account here: https://cloud.google.com

MANDATORY LAPTOP REQUIREMENT

Students must bring their own system configured according to these instructions

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

Students must be in full control of the network running the VM. The VM communicates with several external services (AWS, Azure, GCP, etc.) over HTTPS, SSH, and other non-standard ports. Running the course virtual machine on a host with a VPN, intercepting proxy, or egress firewall filter may cause connection issues communicating with these services. Students must be able to configure or disable these services for the lab environment to function properly.

BRING YOUR OWN LAPTOP CONFIGURED USING THE FOLLOWING DIRECTIONS:

A properly configured system is required for each student participating in this course. Before starting your course, carefully read and follow these instructions exactly:

  • Host Operating System: Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed to utilize the latest USB 3.0 devices.
  • Those who use a Linux host must also be able to access exFAT partitions using the appropriate kernel or FUSE modules.
  • Download and install 7-Zip (for Windows Hosts) or Keka (macOS). Without these extraction tools, you'll be unable to extract large archives we'll supply to you in class.
  • Download and install either VMware Workstation Pro 15.5.x, VMware Player 15.5.x, or Fusion 11.5.x or higher versions before class.
  • If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at its website.
  • Other virtualization software, such as VirtualBox and Hyper-V, are not appropriate because of compatibility and troubleshooting problems you might encounter during class.
  • VMware Workstation Pro and VMware Player on Windows 10 are not compatible with Windows 10 Credential Guard and Device Guard technologies. Please disable these capabilities for the duration of the class if they're enabled on your system by following instructions in this document.
Mandatory Host Hardware Requirements
  • CPU: 64-bit 2.5+ GHz multi-core processor or higher
  • BIOS/UEFI: VT-x, AMD-V, or the equivalent must be enabled in the BIOS/UEFI
  • Hard Disk: Solid-State Drive (SSD) is MANDATORY with 50GB of free disk space minimum
  • Memory: 16GB of RAM or higher is mandatory for this class (IMPORTANT! - 16GB of RAM is MANDATORY)
  • Working USB 2.0 or higher port
  • Wireless Ethernet 802.11 B/G/N/AC
  • Local Administrator Access within your host operating system
Mandatory Host Operating System Requirements

You must use a 64-bit laptop with one of the following operating systems that have been verified to be compatible with course VMware image:

  • Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.
Mandatory Software Requirements

Prior to class, ensure that the following software is installed on the host operating system:

  • VMware Workstation Pro 15.5.X+, VMware Player 15.5.X+, or Fusion 11.5+
  • Zip File Utility (7Zip or the built-in operating system zip utility)
Cloud Virtual Machine (AWS AMI)

If your workstation or network does not meet the above requirements, please reach out to your instructor, TA, or OnDemand SME for access to the SEC510 Amazon Machine Image (AMI). After sharing the AMI, instructions will be provided for launching and connecting to the virtual machine over Remote Desktop (RDP). This option is required for students that cannot meet the laptop requirements.

IN SUMMARY

Before beginning the course you should:

  • Complete Lab 0.
  • Have a laptop with a solid-state drive (SSD), 16GB of RAM, and a 64-bit operating system.
  • Install VMware (Workstation or Fusion).
  • Windows only: Verify that the BIOS settings have the Intel VT virtualization extensions enabled.
  • Download the SEC510 Lab Setup Instructions and Course Media from your sans.org account.
  • Register a NEW GCP account with a free trial prior to the start of class at https://cloud.google.com

After you have completed those steps, your course media will be delivered via download. The media files for class can be large, some in the 40 to 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.

In today's learning environment, we have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org

Author Statement

"The use of multiple public cloud providers introduces new challenges and opportunities for security and compliance professionals. As the service offering landscape is constantly evolving, it is far too easy to prescribe security solutions that are not effective in all clouds. While it is tempting to dismiss the multicloud movement or block it at the enterprise level, this will only make the problem harder to control.

"Why do teams adopt multiple cloud providers in the first place? To make their jobs easier or more enjoyable. Developers are creating products that meet the organization's goals, not for the central security team. If a team discovers that a service offering can help get its product to market faster, it can and should use it. Security should embrace the inevitability of the multicloud movement and take on the hard work of implementing guardrails so the organization can move quickly and safely.

"The multicloud storm is here, whether you like it or not."

- Brandon Evans and Eric Johnson

"Simply outstanding! All the way around. Very well done." - Ryan Stillions, IBM X-Force IR

Ways to Learn

  • OnDemand

Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.

  • Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

  • In Person (5 days)

Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings.

Who Should Attend SEC510?

Security analysts, security engineers, security researchers, cloud engineers, DevOps engineers, security auditors, system administrators, operations personnel, and anyone who is responsible for:

  • Evaluating and adopting new cloud offerings
  • Researching new vulnerabilities and developments in cloud security
  • Handling Identity and Access Management
  • Managing a cloud-based virtual network
  • Secure configuration management

NICE Framework Work Roles

  • Security Control Assessor (OPM 612)
  • Enterprise Architect (OPM 651)
  • Security Architect (OPM 652)
  • Research & Development Specialist (OPM 661)
  • Information Systems Security Developer (OPM 631)

"Yes, I would definitely recommend this course. I consider the security topics covered to be critical knowledge for companies that are hosting in the cloud. The course content has been very well put together, well researched, and is very applicable." - Dan Van Wingerden, Radiology Partners

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Reviews

Amazingly put together course. Very actionable material at each page turn.
Jordan N.
US Federal Government
It is amazing how the lab was able to talk to three live cloud providers at the same time. It was impressive.
Christopher Hearn
Harris County
If you Cloud, you need this course - <period>.
Sean Ayres
UPS
    Africa/Abidjan
    Africa/Accra
    Africa/Addis Ababa
    Africa/Algiers
    Africa/Asmara
    Africa/Asmera
    Africa/Bamako
    Africa/Bangui
    Africa/Banjul
    Africa/Bissau
    Africa/Blantyre
    Africa/Brazzaville
    Africa/Bujumbura
    Africa/Cairo
    Africa/Casablanca
    Africa/Ceuta
    Africa/Conakry
    Africa/Dakar
    Africa/Dar es Salaam
    Africa/Djibouti
    Africa/Douala
    Africa/El Aaiun
    Africa/Freetown
    Africa/Gaborone
    Africa/Harare
    Africa/Johannesburg
    Africa/Juba
    Africa/Kampala
    Africa/Khartoum
    Africa/Kigali
    Africa/Kinshasa
    Africa/Lagos
    Africa/Libreville
    Africa/Lome
    Africa/Luanda
    Africa/Lubumbashi
    Africa/Lusaka
    Africa/Malabo
    Africa/Maputo
    Africa/Maseru
    Africa/Mbabane
    Africa/Mogadishu
    Africa/Monrovia
    Africa/Nairobi
    Africa/Ndjamena
    Africa/Niamey
    Africa/Nouakchott
    Africa/Ouagadougou
    Africa/Porto-Novo
    Africa/Sao Tome
    Africa/Timbuktu
    Africa/Tripoli
    Africa/Tunis
    Africa/Windhoek
    America/Adak
    America/Anchorage
    America/Anguilla
    America/Antigua
    America/Araguaina
    America/Argentina/Buenos Aires
    America/Argentina/Catamarca
    America/Argentina/ComodRivadavia
    America/Argentina/Cordoba
    America/Argentina/Jujuy
    America/Argentina/La Rioja
    America/Argentina/Mendoza
    America/Argentina/Rio Gallegos
    America/Argentina/Salta
    America/Argentina/San Juan
    America/Argentina/San Luis
    America/Argentina/Tucuman
    America/Argentina/Ushuaia
    America/Aruba
    America/Asuncion
    America/Atikokan
    America/Atka
    America/Bahia
    America/Bahia Banderas
    America/Barbados
    America/Belem
    America/Belize
    America/Blanc-Sablon
    America/Boa Vista
    America/Bogota
    America/Boise
    America/Buenos Aires
    America/Cambridge Bay
    America/Campo Grande
    America/Cancun
    America/Caracas
    America/Catamarca
    America/Cayenne
    America/Cayman
    America/Chicago
    America/Chihuahua
    America/Ciudad Juarez
    America/Coral Harbour
    America/Cordoba
    America/Costa Rica
    America/Creston
    America/Cuiaba
    America/Curacao
    America/Danmarkshavn
    America/Dawson
    America/Dawson Creek
    America/Denver
    America/Detroit
    America/Dominica
    America/Edmonton
    America/Eirunepe
    America/El Salvador
    America/Ensenada
    America/Fort Nelson
    America/Fort Wayne
    America/Fortaleza
    America/Glace Bay
    America/Godthab
    America/Goose Bay
    America/Grand Turk
    America/Grenada
    America/Guadeloupe
    America/Guatemala
    America/Guayaquil
    America/Guyana
    America/Halifax
    America/Havana
    America/Hermosillo
    America/Indiana/Indianapolis
    America/Indiana/Knox
    America/Indiana/Marengo
    America/Indiana/Petersburg
    America/Indiana/Tell City
    America/Indiana/Vevay
    America/Indiana/Vincennes
    America/Indiana/Winamac
    America/Indianapolis
    America/Inuvik
    America/Iqaluit
    America/Jamaica
    America/Jujuy
    America/Juneau
    America/Kentucky/Louisville
    America/Kentucky/Monticello
    America/Knox IN
    America/Kralendijk
    America/La Paz
    America/Lima
    America/Los Angeles
    America/Louisville
    America/Lower Princes
    America/Maceio
    America/Managua
    America/Manaus
    America/Marigot
    America/Martinique
    America/Matamoros
    America/Mazatlan
    America/Mendoza
    America/Menominee
    America/Merida
    America/Metlakatla
    America/Mexico City
    America/Miquelon
    America/Moncton
    America/Monterrey
    America/Montevideo
    America/Montreal
    America/Montserrat
    America/Nassau
    America/New York
    America/Nipigon
    America/Nome
    America/Noronha
    America/North Dakota/Beulah
    America/North Dakota/Center
    America/North Dakota/New Salem
    America/Nuuk
    America/Ojinaga
    America/Panama
    America/Pangnirtung
    America/Paramaribo
    America/Phoenix
    America/Port-au-Prince
    America/Port of Spain
    America/Porto Acre
    America/Porto Velho
    America/Puerto Rico
    America/Punta Arenas
    America/Rainy River
    America/Rankin Inlet
    America/Recife
    America/Regina
    America/Resolute
    America/Rio Branco
    America/Rosario
    America/Santa Isabel
    America/Santarem
    America/Santiago
    America/Santo Domingo
    America/Sao Paulo
    America/Scoresbysund
    America/Shiprock
    America/Sitka
    America/St Barthelemy
    America/St Johns
    America/St Kitts
    America/St Lucia
    America/St Thomas
    America/St Vincent
    America/Swift Current
    America/Tegucigalpa
    America/Thule
    America/Thunder Bay
    America/Tijuana
    America/Toronto
    America/Tortola
    America/Vancouver
    America/Virgin
    America/Whitehorse
    America/Winnipeg
    America/Yakutat
    America/Yellowknife
    Antarctica/Casey
    Antarctica/Davis
    Antarctica/DumontDUrville
    Antarctica/Macquarie
    Antarctica/Mawson
    Antarctica/McMurdo
    Antarctica/Palmer
    Antarctica/Rothera
    Antarctica/South Pole
    Antarctica/Syowa
    Antarctica/Troll
    Antarctica/Vostok
    Arctic/Longyearbyen
    Asia/Aden
    Asia/Almaty
    Asia/Amman
    Asia/Anadyr
    Asia/Aqtau
    Asia/Aqtobe
    Asia/Ashgabat
    Asia/Ashkhabad
    Asia/Atyrau
    Asia/Baghdad
    Asia/Bahrain
    Asia/Baku
    Asia/Bangkok
    Asia/Barnaul
    Asia/Beirut
    Asia/Bishkek
    Asia/Brunei
    Asia/Calcutta
    Asia/Chita
    Asia/Choibalsan
    Asia/Chongqing
    Asia/Chungking
    Asia/Colombo
    Asia/Dacca
    Asia/Damascus
    Asia/Dhaka
    Asia/Dili
    Asia/Dubai
    Asia/Dushanbe
    Asia/Famagusta
    Asia/Gaza
    Asia/Harbin
    Asia/Hebron
    Asia/Ho Chi Minh
    Asia/Hong Kong
    Asia/Hovd
    Asia/Irkutsk
    Asia/Istanbul
    Asia/Jakarta
    Asia/Jayapura
    Asia/Jerusalem
    Asia/Kabul
    Asia/Kamchatka
    Asia/Karachi
    Asia/Kashgar
    Asia/Kathmandu
    Asia/Katmandu
    Asia/Khandyga
    Asia/Kolkata
    Asia/Krasnoyarsk
    Asia/Kuala Lumpur
    Asia/Kuching
    Asia/Kuwait
    Asia/Macao
    Asia/Macau
    Asia/Magadan
    Asia/Makassar
    Asia/Manila
    Asia/Muscat
    Asia/Nicosia
    Asia/Novokuznetsk
    Asia/Novosibirsk
    Asia/Omsk
    Asia/Oral
    Asia/Phnom Penh
    Asia/Pontianak
    Asia/Pyongyang
    Asia/Qatar
    Asia/Qostanay
    Asia/Qyzylorda
    Asia/Rangoon
    Asia/Riyadh
    Asia/Saigon
    Asia/Sakhalin
    Asia/Samarkand
    Asia/Seoul
    Asia/Shanghai
    Asia/Singapore
    Asia/Srednekolymsk
    Asia/Taipei
    Asia/Tashkent
    Asia/Tbilisi
    Asia/Tehran
    Asia/Tel Aviv
    Asia/Thimbu
    Asia/Thimphu
    Asia/Tokyo
    Asia/Tomsk
    Asia/Ujung Pandang
    Asia/Ulaanbaatar
    Asia/Ulan Bator
    Asia/Urumqi
    Asia/Ust-Nera
    Asia/Vientiane
    Asia/Vladivostok
    Asia/Yakutsk
    Asia/Yangon
    Asia/Yekaterinburg
    Asia/Yerevan
    Atlantic/Azores
    Atlantic/Bermuda
    Atlantic/Canary
    Atlantic/Cape Verde
    Atlantic/Faeroe
    Atlantic/Faroe
    Atlantic/Jan Mayen
    Atlantic/Madeira
    Atlantic/Reykjavik
    Atlantic/South Georgia
    Atlantic/St Helena
    Atlantic/Stanley
    Australia/ACT
    Australia/Adelaide
    Australia/Brisbane
    Australia/Broken Hill
    Australia/Canberra
    Australia/Currie
    Australia/Darwin
    Australia/Eucla
    Australia/Hobart
    Australia/LHI
    Australia/Lindeman
    Australia/Lord Howe
    Australia/Melbourne
    Australia/NSW
    Australia/North
    Australia/Perth
    Australia/Queensland
    Australia/South
    Australia/Sydney
    Australia/Tasmania
    Australia/Victoria
    Australia/West
    Australia/Yancowinna
    Brazil/Acre
    Brazil/DeNoronha
    Brazil/East
    Brazil/West
    CET
    CST6CDT
    Canada/Atlantic
    Canada/Central
    Canada/Eastern
    Canada/Mountain
    Canada/Newfoundland
    Canada/Pacific
    Canada/Saskatchewan
    Canada/Yukon
    Chile/Continental
    Chile/EasterIsland
    Cuba
    EET
    EST
    EST5EDT
    Egypt
    Eire
    Etc/GMT
    Etc/GMT+0
    Etc/GMT+1
    Etc/GMT+10
    Etc/GMT+11
    Etc/GMT+12
    Etc/GMT+2
    Etc/GMT+3
    Etc/GMT+4
    Etc/GMT+5
    Etc/GMT+6
    Etc/GMT+7
    Etc/GMT+8
    Etc/GMT+9
    Etc/GMT-0
    Etc/GMT-1
    Etc/GMT-10
    Etc/GMT-11
    Etc/GMT-12
    Etc/GMT-13
    Etc/GMT-14
    Etc/GMT-2
    Etc/GMT-3
    Etc/GMT-4
    Etc/GMT-5
    Etc/GMT-6
    Etc/GMT-7
    Etc/GMT-8
    Etc/GMT-9
    Etc/GMT0
    Etc/Greenwich
    Etc/UCT
    Etc/UTC
    Etc/Universal
    Etc/Zulu
    Europe/Amsterdam
    Europe/Andorra
    Europe/Astrakhan
    Europe/Athens
    Europe/Belfast
    Europe/Belgrade
    Europe/Berlin
    Europe/Bratislava
    Europe/Brussels
    Europe/Bucharest
    Europe/Budapest
    Europe/Busingen
    Europe/Chisinau
    Europe/Copenhagen
    Europe/Dublin
    Europe/Gibraltar
    Europe/Guernsey
    Europe/Helsinki
    Europe/Isle of Man
    Europe/Istanbul
    Europe/Jersey
    Europe/Kaliningrad
    Europe/Kiev
    Europe/Kirov
    Europe/Kyiv
    Europe/Lisbon
    Europe/Ljubljana
    Europe/London
    Europe/Luxembourg
    Europe/Madrid
    Europe/Malta
    Europe/Mariehamn
    Europe/Minsk
    Europe/Monaco
    Europe/Moscow
    Europe/Nicosia
    Europe/Oslo
    Europe/Paris
    Europe/Podgorica
    Europe/Prague
    Europe/Riga
    Europe/Rome
    Europe/Samara
    Europe/San Marino
    Europe/Sarajevo
    Europe/Saratov
    Europe/Simferopol
    Europe/Skopje
    Europe/Sofia
    Europe/Stockholm
    Europe/Tallinn
    Europe/Tirane
    Europe/Tiraspol
    Europe/Ulyanovsk
    Europe/Uzhgorod
    Europe/Vaduz
    Europe/Vatican
    Europe/Vienna
    Europe/Vilnius
    Europe/Volgograd
    Europe/Warsaw
    Europe/Zagreb
    Europe/Zaporozhye
    Europe/Zurich
    GB
    GB-Eire
    GMT
    GMT+0
    GMT-0
    GMT0
    Greenwich
    HST
    Hongkong
    Iceland
    Indian/Antananarivo
    Indian/Chagos
    Indian/Christmas
    Indian/Cocos
    Indian/Comoro
    Indian/Kerguelen
    Indian/Mahe
    Indian/Maldives
    Indian/Mauritius
    Indian/Mayotte
    Indian/Reunion
    Iran
    Israel
    Jamaica
    Japan
    Kwajalein
    Libya
    MET
    MST
    MST7MDT
    Mexico/BajaNorte
    Mexico/BajaSur
    Mexico/General
    NZ
    NZ-CHAT
    Navajo
    PRC
    PST8PDT
    Pacific/Apia
    Pacific/Auckland
    Pacific/Bougainville
    Pacific/Chatham
    Pacific/Chuuk
    Pacific/Easter
    Pacific/Efate
    Pacific/Enderbury
    Pacific/Fakaofo
    Pacific/Fiji
    Pacific/Funafuti
    Pacific/Galapagos
    Pacific/Gambier
    Pacific/Guadalcanal
    Pacific/Guam
    Pacific/Honolulu
    Pacific/Johnston
    Pacific/Kanton
    Pacific/Kiritimati
    Pacific/Kosrae
    Pacific/Kwajalein
    Pacific/Majuro
    Pacific/Marquesas
    Pacific/Midway
    Pacific/Nauru
    Pacific/Niue
    Pacific/Norfolk
    Pacific/Noumea
    Pacific/Pago Pago
    Pacific/Palau
    Pacific/Pitcairn
    Pacific/Pohnpei
    Pacific/Ponape
    Pacific/Port Moresby
    Pacific/Rarotonga
    Pacific/Saipan
    Pacific/Samoa
    Pacific/Tahiti
    Pacific/Tarawa
    Pacific/Tongatapu
    Pacific/Truk
    Pacific/Wake
    Pacific/Wallis
    Pacific/Yap
    Poland
    Portugal
    ROC
    ROK
    Singapore
    Turkey
    UCT
    US/Alaska
    US/Aleutian
    US/Arizona
    US/Central
    US/East-Indiana
    US/Eastern
    US/Hawaii
    US/Indiana-Starke
    US/Michigan
    US/Mountain
    US/Pacific
    US/Samoa
    UTC
    Universal
    W-SU
    WET
    Zulu
    Filters:
    Training Formats
          Location
          Dates

          Register for SEC510

          Loading...

          All pricing excludes applicable taxes