Compliance in the Cloud Fundamentals
Security Training Architect II in Content
One of the largest limiting factors for organizations considering migrating to the cloud is: "How do we maintain regulatory compliance in a cloud environment?" This course is designed to give a brief introduction to some of the tools and techniques the student can use to help answer that very question.
You can find the interactive diagram used in the course right here - https://interactive.linuxacademy.com/diagrams/ComplianceinCloud.html
Compliance in the Cloud
About the Author
About the Course
Welcome to our Maintaining Compliance in the Cloud Fundamentals Course. This course is designed around introducing the student to the differences about maintaining compliance in the cloud. It is intended to be 100% vendor-neutral as we discuss these topics. It's important to note that the compliance efforts that I cover in this course are based on US legislation and regulations. Of course, other countries have their own laws, standards and regulations, so the student should take their own country's stance into mind as we cover these topics. You can find the interactive diagram we use right here - https://interactive.linuxacademy.com/diagrams/ComplianceinCloud.html
Overview of Regulations
To begin our discussions around maintaining regulatory compliance in the cloud, it is vitally important to understand the regulations that we may encounter along our careers. This video lesson is centered around introducing you, the student, to some of the more common regulations. This lesson will focus on the regulations themselves, as well as understanding how certain controls are written within those regulations. NIST Special Publication 800-53
Challenges of Maintaining Compliance in the Cloud
As we discuss maintaining compliance, there are certain challenges that an organization may face that are unique to cloud environments. In this video, we'll highlight some of these challenges and discuss possible mitigations help smooth the compliance efforts.
Does Compliance Equal Security?
One of the main driving forces of the creation of regulatory and legislative compliance frameworks was to increase the security around certain protected information. This has created an interesting debate about whether maintaining compliance with these frameworks actually ensures data security for the organization. In this lesson, we take a look at this debate to determine how we can marry the two concepts.
Cloud Security Tools and Their Role in Maintaining Compliance
Cloud Identity and Access Management
As we discussed in our Overview lesson, Identity and Access management (IAM) plays a pivotal role in maintaining regulatory compliance. In this lesson, let’s take a deeper look at some of the key differences in how IAM is implemented in a cloud solution vs a traditional, on-premise solution. Tom's Netflix Provisioning Video Mentioned in the Lesson
Cloud Disaster Recovery
In addition to Identity and Access Management and Intrusion Detection and Prevention Systems, Disaster Recovery efforts is another focal point of maintaining regulatory compliance. Let’s take a look at how cloud solutions can offer solutions to help us maintain compliance, while optimizing performance.
Cloud Intrusion Detection and Prevention Techniques
Monitoring for suspicious activities is vital to the increased security and compliance level of any network or system. However, understanding how to work within the cloud environment and with your cloud service provider to ensure these detection and prevention processes are done appropriately is especially important for maintaining compliance in the cloud. In this lesson, we’ll examine how to gather this information as well as discuss some of the key differences between performing these actions in a cloud vs in an on-premise solution.
GRC in the Cloud
One of the keys to successfully manage security plans and programs is through the successful implementation of GRC (Governance, Risk Management, and Compliance), and in order to successfully manage GRC, we must maintain a risk-based approach for our programs in addition to ensuring the controls we select are tailored for maintaining regulatory compliance. In this lesson, we’ll discuss and give a brief overview into the GRC concepts that you’ll need to understand.
GRC's Role in Maintaining Compliance
Our previous lesson was focused on giving a brief overview of GRC, but now let’s take a deeper look into how using GRC effectively can have a significant impact on our organization meeting compliance goals.
GRC in the Cloud
As we’ve shown, GRC plays an integral role in maintaining our compliance goals. Now, let’s take it a step further and discuss how we can properly leverage GRC to ensure that we are striving to meet our compliance goals in a cloud environment. This lesson will focus on giving you, the student, the knowledge necessary to carry out effective Cloud GRC.
We have concluded our course on Maintaining Compliance in the Cloud. Now let's take a look at some other courses that you may be interested in.