The advance of virtualization technologies couple with Cloud computing has irrevocably changed the face of enterprise computing in the 21st century. The CAPEX and OPEX advantages of these technologies, whether singly or together, have made their adoption almost inevitable, and has opened the possibility for highly elastic and infinite computing power and scalability that supports the delivery of enterprise applications and services. Yet with this adoption comes the risk of negatively affecting the security posture of the organizations that chose to implement these technologies. Do the same security concerns and controls apply and/or scale between the physical and virtual worlds? Are there new security issues that need to be addressed in the virtual world that didn’t exist or weren’t considered high priority in physical architectures?
This course will provide coverage from the ground up on applied security concepts and technologies related to IT virtualization and cloud infrastructures as well as the accompanying threats and vulnerabilities faced by organizations. Building on an understanding the basics of virtualization and cloud infrastructures (Public, Private and Hybrid Clouds) and delivery models (Software As A Service - SaaS, Platform As A Service - PaaS, Infrastructure As A Service - IaaS) the course focuses on the development of security practices, policies, awareness and compliance program, and examine accompanying legal and regulatory issues. We also learn how to deal with non-trivial issues in the Cloud such as load balancing, caching, distributed transactions, and identity and authorization management. Students will come away from the course having learned the benefits of virtualization and cloud computing, as well as how to cope with the unique demands that such environments make on the overall security posture of organizations.