Sunday, November 22, 2015

Course Review: Security in a Cloud-Enabled World

Just recently released, I decided to spend some time watching "Security in a Cloud-Enabled World" on MVA.

Overall I thought it was a pretty good course, although not what I expected it to be.  The course was broken down into 2 sections, the first focusing on Microsoft's role as a Trusted cloud provider and the second being a list of roadmaps that should be considered when clients chose a cloud provider to host their solutions.

Here are a couple of points I made about the course:

1)  It is good to get validated on what I am currently doing.  When I engage as an SA on a project, I review many aspects of the roadmaps outlined in this course.  This is good validation that I am on the right path.

2)  If you want to skip several hours of boring content, just read the poster and do the quizzes. 

3)  I am not a big fan of using "user reviews" when judging how secure a cloud provider or solution is.  In the second module, many references to how users perceived the security/availability of their solutions in the cloud.  Most, as you could expect, were favorable of the cloud.  While interesting material, it has been well documented that security is a lemons market.  While I am not saying that Azure's security stance is bad, I do think that ultimately it is very difficult for customers or end users to make even an educated guess on the subject.

4)  There was an inherent lack of focus on how to do things in Azure.  While I guess that wasn't the point of the course, I think that this material needs to be covered somewhere.  In one module, the presenter talks at length about access to the administrative consoles.  Some info is provided on MFA and about how to configure subscriptions for security, but no info is presented on how to audit these admin accounts, control these admin accounts, tie these admin accounts to PAM toolsets, etc.  I think there is a lot of room for content like this.

Overall it was a good course.  It was well structured, and provides a good framework for review when designing out cloud solutions.