Cloud Security
Public syllabus for 2025-2026
Academic overview
Teaching team
Learning time distribution
| Total | ||||||
|---|---|---|---|---|---|---|
| Curriculum | Lecture | Practice | Total Weekly | Lecture | Practice | |
| 42 | 28 | 14 | 3 | 2 | 1 | |
| Exam hours | ||||||
| 6 | ||||||
| Individual Study | Bibliography study | Field study | Homework | Tutoring | Others | |
| 102 | 42 | 35 | 16 | 9 | 0 | |
| Overall | ||||||
| 150 |
Learning outcomes
Knowledge
- C1. Fundamentals of cloud computing based on current standards, protocols, and best practices
- C2. Fundamentals of cloud cybersecurity concepts that assures logical infrastructure security including compute, storage, networking, identity and access management and data protection.
Skills
- A1. Ability to recognize abstract patterns implemented in public cloud providers infrastructure (computing, storage, networking, security, identity and access management)
- A2. Ability to identify security mechanism required to be implemented in public cloud infrastructures
Responsibility
- R1. Implement fundamental security controls in a public cloud infrastructure based environment
- R2. Capacity to assess a cloud environment security posture and identify solutions to mitigate potential gaps and threats
Online platform
Course content
| Content | Methods | Obs |
|---|---|---|
| C1. Introduction to Cloud Computing.Present and understand what Cloud Computing represents.Private cloud vs public cloud. Scope of control: software as a service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS). Advantages and disadvantages of current Cloud Computing architectures.Real life applications of Cloud Computing services. | Lecture, conversation, exemplification | Slide deck |
| C2. Cloud abstract concepts introduction. Main abstract terminology review: zones, regions, fault tolerance, scalability, elasticity, agility, cloud service models.Cloud concepts: computing, storage, identity and access management, encryption, database, applications.Cloud architecture review based on case studies. | Lecture, conversation, exemplification | Slide deck |
| C3. Secure Isolation of Physical & Logical InfrastructureCommon attack vectors.Physical security.Disaster recovery and high availability.Multi-cloud and multi-tenant strategy.Secure isolation strategies: storage, inter-tenant network, virtualization. | Lecture, conversation, exemplification | Slide deck |
| C4. Networking in Cloud Virtual firewalls, Network Security Groups, Security Tags.Implementation of Web Application Firewall for applications deployed in public cloud environments. Security of endpoints exposed to the internet.Cloud to on-premise environments network security. | Lecture, conversation, exemplification | Slide deck |
| C5. Container security. Definition and usage of a container. Deployment of containers in public cloud environments. Security of container images during the build, deployment, and monitoring phase. | Lecture, conversation, exemplification | Slide deck |
| C6. Cloud Encryption. Data at rest encryption, PKI and Key ManagementData storage types, retention, archiving and deletion procedures.Data in transit encryption, TLS/SSL. | Lecture, conversation, exemplification | Slide deck |
| C7. Active Directory.Definition of Active Directory, use cases, and utilization. Active Directory configuration and usage with other cloud services. Privileged Identity Management (PIM) monitoring and usage of cloud workloads. | Lecture, conversation, exemplification | Slide deck |
| C8. Identity and access management in Cloud. Multi-factor authentication (MFA) introduction and configuration. Single sign-on use case and implementation in cloud-based app services. | Lecture, conversation, exemplification | Slide deck |
| C9. Policy, Compliance & Risk Management in Cloud Computing. Understand the legal, security, forensics, personal & data privacy issues within Cloud environment. Introduction to security incident management and incident lifecycle.Initial assessment of a public cloud environment security posture, security risk and security score. | Lecture, conversation, exemplification | Slide deck |
| C10. Cloud resources security with native capabilities I. Introduction to public cloud-native security posture management assessment solutions. Security organizational hierarchy and roles responsible for managing cloud security management: security operations center. | Lecture, conversation, exemplification | Slide deck |
| C11. Cloud resources security with native capabilities II. Introduction to native Security information and event management (SIEM) tools Examples from public cloud providers.Connecting a SIEM solution to a 3rd party solution.Creating a SIEM workspace, event integration, dashboard reporting and notifications. | Lecture, conversation, exemplification | Slide deck |
| C12. Monitoring, Auditing and Management. Proactive activity monitoring as Incident Response. Monitoring for unauthorized access, malicious traffic, intrusion detection, events and alerts. Audit process - record generation, reporting and management of security events. | Lecture, conversation, exemplification | Slide deck |
| C13. Cloud Service Providers – Technology Review. | Lecture, conversation, exemplification | Slide deck |
| C14. Wrap Up & Final Projects Review Real-world Case StudiesFinal projects presentation & review | Conversation, exemplification, project review | Slide deck, projects |
Course bibliography
Bibliography: [1] Chris Dotson, Practical cloud security: a guide for secure design and deployment, O'Reilly Media, 1st edition, 2019, ISBN: 1492037516 [2] Julien Vehent, Securing DevOps: Security in the Cloud, Manning, 1st edition, 2018, ISBN: 1617294136 [3] Liz Rice, Container Security: Fundamental Technology Concepts that Protect Containerized Applications, O'Reilly Media, 1st edition, 2020, ISBN: 1492056707
Seminar content
| Content | Methods | Obs |
|---|---|---|
| L1. Login to a public cloud provider portal. Navigate and get accommodated to the user interface presented. Introduction to multiple cloud services: cloud compute, storage, active directory, identity and access management, networking and applications. Create basic cloud resources: virtual machine, storage back-up, cloud user account, custom cloud role. Provide a guest use a custom role to edit and delete a previously created virtual machine.Use the cloud native CLI. | Slide deck, conversation, learning together, practical hands-on. | |
| L2. Implement in a public cloud tenant a presented architecture:multiple virtual machines in different regions and zonesvirtual networksencryptionother cloud components | Slide deck, conversation, learning together, practical hands-on. | |
| L3. Fundamental security measures in public cloud:securing a virtual instance (ports, SSH, etc.)user access & rolesstorage securityprivate key rotationdata at rest encryptiondata in transit encryption | Slide deck, conversation, learning together, practical hands-on. | |
| L4. Implementing network security measures:network security groupsvirtual firewallstagsweb application firewall | Slide deck, conversation, learning together, practical hands-on. | |
| L5. Dockerfile and Docker repository introduction.Dockerfile instructionsDocker deployment to a cloud-native serviceSecure a given Dockerfile by adding/removing/editing Docker instructionsdocker-compose | Slide deck, conversation, learning together, practical hands-on. | |
| L6. Introduction to Terraform.Deploy cloud resources using Terraform apply.Deploy Hashicorp Vault for secrets and key management.Access the stored data in Hashicorp Vault using the CLI. | Slide deck, conversation, learning together, practical hands-on. | |
| L7. Implement Active Directory.Create AD policies based on user data, roles and permissions.PIM configurationUser auditing and monitoring | Slide deck, conversation, learning together, practical hands-on. | |
| L8. Configuring Active Directory and implementing tenant wide MFA.Deployment of an application using App Services and secure it with SSO. | Slide deck, conversation, learning together, practical hands-on. | |
| L9. O365 security introduction.Policies, auditing, logging and compliance for Azure O365. | Slide deck, conversation, learning together, practical hands-on. | |
| L10. Native cloud security features: Security Center.Introduction to Security CenterAnalyze and implement solutions for security findings within Azure Security Center. | Slide deck, conversation, learning together, practical hands-on. | |
| L11. Native cloud security features: SentinelIntroduction to Azure SentinelConnect workspace to SentinelRun queries on data ingested by SentinelGenerate automated security reports for Sentinel | Slide deck, conversation, learning together, practical hands-on. | |
| L12. Blue team scenario:create multiple teams: SOC analysts, Cloud Security engineers and Architectsin the given scenario, each team has to accomplish different tasks, based on the team profile:SOC: monitor, analyze and identify potential security attacksSecurity engineers: with the data provided by the SOC team, fix existing security threats as much as possibleArchitects: identify final solutions for existing security issues and implement them | Team work, learning together, puzzle | |
| L13. Private cloud with KubernetesHow to host a Kubernetes ClusterKubernetes pods, services, ingress, certificates and volumesDeploy a Dockerized application to Kubernetes | Slide deck, conversation, learning together, practical hands-on. | |
| L14. Comparison between Public Cloud Providers, also as a review before finals. | Slide deck, conversation, learning together, practical hands-on. | |
| Bibliography: [1] Nigel Poulton, Docker Deep Dive: Zero to Docker in a single book, Packt Publishing, 2020, ISBN: 9781800565135[2] Nigel Poulton, The Kubernetes Book: 2023 Edition, Independently published, 2023, ISBN: 979-8402153776[3] Yevgeniy Brikman, Terraform: Up and Running: Writing Infrastructure as Code, O'Reilly Media, 3rd Edition, 2022, ISBN: 1098116747 |
Seminar bibliography
Class contents corresponds to the curricula of other universities, from inside the country or from the European Union. The practical contents (laboratory works) correspond to the local labor market requirements. /Conținutul disciplinei corespunde curriculei din alte centre universitare, din țară sau Uniunea Europeană. Conținuturile practice (lucrări de laborator) corespund cerințelor de pe piața muncii locală.The content is in line with the structure of similar courses at other universities and covers aspects necessary for familiarization to cloud computing infrastructure and relevant cloud security mechanisms. The ability to understand modern cloud environments is a main component of developing a career in Cybersecurity, as the industry has shifted from legacy self-hosted data centers. Once this course is passed, the candidate will possess highly specialized knowledge regarding public and private cloud security.
Corroboration
(none)
AI tools guidance
Evaluation and delivery
| Activity | Criteria | Methods | Percentage |
|---|---|---|---|
| C |
|
|
|
| S |
|
|
|
Performance standards
Minimum standard (knowledge and skills required for a grade of 5): / Standard minim (cunoștințe și aptitudini necesare pentru nota 5): basic cloud concepts (compute, storage, networking, application, identity and access management) basic cloud security mechanism (network security group, virtual firewall, SIEM and security center) successfully operate a cloud-based environment using browser UI, CLI and terminal SDK
Additional info
(none)