Cloud security didn’t exist 20 years ago, but now it’s one of the most critical skill areas for employees at companies of all sizes. Virtually every business relies on cloud services to conduct their operations, necessarily shifting sensitive proprietary and customer data to the cloud.
The purpose of cloud security training is to ensure that businesses can safely access the benefits of IaaS, PaaS, SaaS products, as well as reckon with the reality of shadow IT.
Companies need their IT team that is fluent with tools at their disposal and poised to respond to new attacks across from anywhere in their environment. Cloud security training programs can quickly upskill individuals, teams, and entire organizations.
There are a number of options out there. Finding the right set of programs for your company is important, as there is no single course that prepares an organization for the entirety of cloud security issues today.
The 5 best cloud security training programs
Below are the top 5 cloud security training programs on the market. These are well-reviewed courses and learning paths from reputable providers.
Each cloud security training program comes with videos, support materials, and connection to a broader community of infosec and cybersecurity professionals. They cover vital content and go beyond lecture-style learning, offering labs or cyber ranges to put new skills into practice.
The #1 cloud security training program is Cloud Security Architecture and Operations from SANS, because it offers the most complete instruction and a variety of hands-on labs.
All the courses on this list of best cloud security training programs are high-quality. Ultimately, the best option will depend on your needs. Cloud Security Architecture and Operations is fairly high level and comparatively expensive.
I’ve included a mix of course-types, which could cover on-boarding and upskilling for individuals and teams, as well as a course focused on how to build a culture of cloud security across your organization.
One last note: cloud security training programs are distinct from cloud security certifications, which can also help organizations ensure the people they hire are up to speed with current best practices.
1. SANS: Cloud Security Architecture and Operations
Our pick for the number one all-around cloud security training program is the Cloud Security Architecture and Operations course offered by the SANS Institute.
SANS, which stands for SysAdmin, Audit, Network, and Security, has been around a long time and had a leading role in the creation and stewardship of cybersecurity and cloud security certifications.
Cloud Security Architecture and Operations is a 5-day course that’s available in-person, or at your own pace on-demand. The course begins with a brief overview of the fundamentals of cloud security and a look guidance from the Cloud Security Alliance.
Bear in mind the purpose of this refresher is to create a shared terminology for cloud concepts—it’s not a thorough review of everything you will need to know.
People who plan to enroll in Cloud Security Architecture and Operations need to have comfort with the command line in order to participate in the exercises. They are also encouraged to have a basic understanding of TCP/IP, network security, security architecture, and experience with VMware virtualization.
The syllabus is divided into five sections:
- Cloud Service Models and Controls
- Cloud Security Architecture and Operations (Part 1)
- Cloud Security Architecture and Operations (Part 2)
- Cloud Security Offense and Defense Operations
- Cloud Security Automation and Orchestration
Numerous hands-on labs complement student learning, and cement objectives by tying new knowledge to practical skills. Students apply techniques in an instructor-led environment, getting experience with best practices in a variety of lab settings.
Upon completing the course, students will have a comprehensive understanding of risk, threats, vulnerabilities in a range of cloud environments. They will be able to exercise good judgment about many of the security concerns IT leaders face, such as:
- Deploying automated workflows
- Evaluating cloud access security brokers
- Integrating security into DevOps
- Securing all layers of a hybrid cloud environment
- Using IAM to secure cloud environments
- Vulnerability management and penetration testing
There is a lot more covered, but suffice to say that people will be able to configure and manage secure cloud architectures, from the hypervisors up to application layer controls.
In terms of a high-level cloud security training course, Cloud Security Architecture and Operations is hard to beat. The cost of SANS courses is fairly high. But it’s been this way for a long time and people continue to pay a premium to take their courses. The truth is that they are a cut above the competition.
One thing to keep in mind moving forward is that in-person courses may not be available for some time. Anecdotally, networking opportunities factor into the value of a SANS course.
2. Infosec: Cloud Security Management
Price: $34/month or $299/year, per Infosec Skills subscription
The Infosec Institute is a technology training company that offers security skills and awareness courses. They have a number of different cloud security training modules, but our pick is the Cloud Security Management learning path: a thorough review of the field that combines six Infosec courses into one cohesive, hands-on, educational experience
Cloud Security Management can serve as a helpful overview to aspiring IT leaders or an up-to-date refresher for old pros. The affordable, flexible, subscription-based pricing model makes it an especially attractive option for enterprise-grade training, as well.
The course is aimed at people with 2-3 years of relevant IT security experience and a Security+ certification. Comparable knowledge and experience is fine, but the course assumes you have a basic working knowledge of IT security.
The six Infosec courses that make up the learning path are:
- Architectural Concepts & Design Requirements in IT Security
- Legal and Compliance in IT Security
- Cloud Platform and Infrastructure Security
- Cloud Data Security
- Cloud Application Security
The video-based courses include 18 hours of training. The videos are supported by skill assessments and practical labs in Infosec’s cloud hosted cyber range.
This gives learners the chance to practice practical skills as they encounter new concepts, solidifying outcomes by providing the most realistic training environment possible.
Each course that makes up the learning path goes in-depth on its subject area. From the physical design of secure and reliable data centers, to cloud application security testing, people learn how to secure every layer of their environment from cyber attack.
An Infosec Skills subscription grants complete access to the entirety of the company’s offerings, which means you get a ton more than just the Cloud Security Management learning path when you sign up. There are 700+ courses, including some designed to help people study for cloud security certifications, and new ones being added all the time.
Recent additions that supplement cloud security training include:
- Cyber range: Network Traffic Analysis
- Learning path: Network Security Fundamentals
- Learning path: Web Server Protection
Team subscription pricing comes with additional administrative features that let you manage licenses and organize learners into groups, as well as a dedicated client success manager. Licenses are transferable, and volume discounts are available.
No special equipment is necessary for any Infosec skills course, and they offer a 7-day free trial.
3. (ISC)2: Building a Strong Culture of Security
Price: $160, or free for (ISC)² members
Addressing the human-layer of your cloud security infrastructure is critical. One compromised device or identity can quickly spiral into a costly security event, even with staunch cybersecurity protections in place.
Enter: Building a Strong Culture of Security, offered by (ISC)², the International Information System Security Certification Consortium.
Rather than focus on the technical aspects of IT defense, the purpose of this cloud security training is to help employees across an organization cultivate safe behaviors that minimize mistakes.
Building a Strong Culture of Security will help you do just that. It’s a self-paced, interactive course that will help those responsible for securing cloud environments recruit every member of their team and organization to the cause. The course contains four modules:
- Facilitating a Focus on Security
- Creating Engaging Security Awareness Programs
- Driving Behavioral Change
- Implementing and Maintaining Momentum
Upon completion, you will be able to build a transparent, fun, and effective security education training and awareness program. Learn tricks to help engage employees, share successful results, build credibility, and improve overall security hygiene.
The payoff is employees who are better at recognizing threats posed by phishing, suspicious websites, and social engineering. Instead of falling entirely on the shoulders of your IT team, a security in the cloud becomes everyone’s responsibility.
Having security protocols in place that everyone understands is just as important as the technology you use to remediate threats. Even the most dire attacks can be short-circuited when people know what to look for, how to secure their accounts, and who to alert when something appears suspicious.
This is huge, especially for companies trying to scale. As they hire new employees and bring people over from other IT environments, they’ll need to be enculturated with their new environment. By having a strong culture of security in place, everyone who comes on board will receive consistent instruction about their role in protecting sensitive assets in the cloud.
As new security procedures are rolled out, the IT team will be able to communicate with people across the organization, relying on a shared vocabulary of core concepts.
4. edX: Cloud Computing Security
Price: Free, or $299 for certificate and graded assignments
Cloud Computing Security is part of the Cloud Computing Micromasters program from edX, an online platform established by Harvard and MIT to provide free massive open online courses (MOOCs). Today, there are more than 120 institutional partners on edX, offering a wide range of educational opportunities.
The Cloud Computing Security course is hosted by the University of Maryland, and designed to teach people security strategies to keep cloud data safe. The course is 8 weeks long, with an estimated workload of 8-10 hours per week.
Throughout the course, students develop their IT acumen within cloud environments, covering topics like:
- Architecting and configuring cloud security features
- Compliance in the cloud
- Implementing security policies
- Monitoring logs in a cloud environment
- Network performance analysis
- Threat detection and response
Upon completing the course, students will be able to evaluate the security posture of cloud environments at each layer. It’s a comprehensive overview that conveys an understanding of how IT leaders can leverage all of the tools at their disposal in the service of a coherent cloud security strategy.
There is an optional hands-on exercise that involves the creation of a WordPress site on a cloud-based web server. You can create an AWS Educate account to complete this objective without additional out-of-pocket costs.
Unless you require the certificates, virtually every edX course is free to take, and there are additional cloud security training and relevant IT courses available:
5. SANS: Cloud Security Essentials
Cloud Security Essentials, from SANS, provides a comprehensive overview of how to protect environments using the major cloud service providers: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and Alibaba Cloud.
It’s a helpful cloud security training course for system admins, risk managers, security engineers, and others working in a cloud environment.
As the course description explains, “Like foreign languages, cloud environments have similarities and differences.” Cloud Security Essentials helps people gain fluency in each language, so to speak, so they can more effectively manage organizations with multi-cloud deployment.
The truth is that many organizations distribute workloads and data across multiple cloud service providers. This promotes availability and resilience, but it also increases an organization’s attack surface, as its cloud assets are now spread between providers with different rules.
The 5-day Cloud Security Essentials course provides backbone knowledge about how these cloud systems work, what makes them different, and how to secure each one. People learn how to navigate the shared responsibility of cloud security as it pertains to working with each provider with IaaS, PaaS, and SaaS services.
The course syllabus is broken into five sections, one for each day:
- Welcome to the Cloud
- Securing the Cloud Environment and Infrastructure Security
- Application Security and Securing Services
- Cloud Operations and Architecture
- Legal/Compliance, Penetration Testing & Incident Response
In each section, the training is reinforced with multiple hands-on labs to provide practical experience and context for understanding the technology. Students will gain confidence using the command line interface, and assessing log services that will help them monitor what’s going on.
Although it’s an “essentials” course, and well-suited to relative cloud security novices, the information is covered at depth. Students should have some understanding of TCP/IP, network security, information security principles and the Linux command-line, though such experience is not required.
Before enrolling be sure to look at the laptop requirements on the course page, as there are both necessary hardware and software to complete the course.
This is easily the most comprehensive introductory course for cloud security. Like all SANS offerings, the price is relatively high compared to courses that promise to cover similar ground. Judging from the market reputation of SANS courses, the price continues to be justified.
AWS, Azure, and Google Cloud Training
There are dozens of cloud security training programs focused exclusively on managing products from the major vendors. AWS, Azure, and Google Cloud (and others) all offer their own training, learning paths, cloud security certifications, and miles of documentation about how to keep their services safe.
If you invested in a cloud or hybrid environment supported by one or more of these vendors, taking advantage of these training opportunities will help you keep IT teams up to speed with the latest practices.
There is no end to cloud security training. Next week’s attack has never been seen before. Is your organization ready?