Skip to content

Cloud Security

Public syllabus for 2025-2026

Academic overview

Programme
CS
Period
Year 1, Semester 2
Credits
5
Weeks
14

Curriculum placement

Appears in study plans

Teaching team

Course coordinator
Seminar coordinators
Matei Csik-Molnar

Learning time distribution

Total
Curriculum Lecture Practice Total Weekly Lecture Practice
42 28 14 3 2 1
Exam hours
6
Individual Study Bibliography study Field study Homework Tutoring Others
77 33 26 12 6 0
Overall
125

Learning outcomes

Knowledge

  • C1. Fundamentals of cloud computing based on current standards, protocols, and best practices
  • C2. Fundamentals of cloud cybersecurity concepts that assures logical infrastructure security including compute, storage, networking, identity and access management and data protection.

Skills

  • A1. Ability to recognize abstract patterns implemented in public cloud providers infrastructure (computing, storage, networking, security, identity and access management)
  • A2. Ability to identify security mechanism required to be implemented in public cloud infrastructures

Responsibility

  • R1. Implement fundamental security controls in a public cloud infrastructure based environment
  • R2. Capacity to assess a cloud environment security posture and identify solutions to mitigate potential gaps and threats

Online platform

_______________

Course content

Content Methods Obs
C1. Introduction to Cloud Computing.Present and understand what Cloud Computing represents.Private cloud vs public cloud. Scope of control: software as a service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS). Advantages and disadvantages of current Cloud Computing architectures.Real life applications of Cloud Computing services. Lecture, conversation, exemplification Slide deck
C2. Cloud abstract concepts introduction. Main abstract terminology review: zones, regions, fault tolerance, scalability, elasticity, agility, cloud service models.Cloud concepts: computing, storage, identity and access management, encryption, database, applications.Cloud architecture review based on case studies. Lecture, conversation, exemplification Slide deck
C3. Secure Isolation of Physical & Logical InfrastructureCommon attack vectors.Physical security.Disaster recovery and high availability.Multi-cloud and multi-tenant strategy.Secure isolation strategies: storage, inter-tenant network, virtualization. Lecture, conversation, exemplification Slide deck
C4. Networking in Cloud Virtual firewalls, Network Security Groups, Security Tags.Implementation of Web Application Firewall for applications deployed in public cloud environments. Security of endpoints exposed to the internet.Cloud to on-premise environments network security. Lecture, conversation, exemplification Slide deck
C5. Container security. Definition and usage of a container. Deployment of containers in public cloud environments. Security of container images during the build, deployment, and monitoring phase. Lecture, conversation, exemplification Slide deck
C6. Cloud Encryption. Data at rest encryption, PKI and Key ManagementData storage types, retention, archiving and deletion procedures.Data in transit encryption, TLS/SSL. Lecture, conversation, exemplification Slide deck
C7. Active Directory.Definition of Active Directory, use cases, and utilization. Active Directory configuration and usage with other cloud services. Privileged Identity Management (PIM) monitoring and usage of cloud workloads. Lecture, conversation, exemplification Slide deck
C8. Identity and access management in Cloud. Multi-factor authentication (MFA) introduction and configuration. Single sign-on use case and implementation in cloud-based app services. Lecture, conversation, exemplification Slide deck
C9. Policy, Compliance & Risk Management in Cloud Computing. Understand the legal, security, forensics, personal & data privacy issues within Cloud environment. Introduction to security incident management and incident lifecycle.Initial assessment of a public cloud environment security posture, security risk and security score. Lecture, conversation, exemplification Slide deck
C10. Cloud resources security with native capabilities I. Introduction to public cloud-native security posture management assessment solutions. Security organizational hierarchy and roles responsible for managing cloud security management: security operations center. Lecture, conversation, exemplification Slide deck
C11. Cloud resources security with native capabilities II. Introduction to native Security information and event management (SIEM) tools Examples from public cloud providers.Connecting a SIEM solution to a 3rd party solution.Creating a SIEM workspace, event integration, dashboard reporting and notifications. Lecture, conversation, exemplification Slide deck
C12. Monitoring, Auditing and Management. Proactive activity monitoring as Incident Response. Monitoring for unauthorized access, malicious traffic, intrusion detection, events and alerts. Audit process - record generation, reporting and management of security events. Lecture, conversation, exemplification Slide deck
C13. Cloud Service Providers – Technology Review. Lecture, conversation, exemplification Slide deck
C14. Wrap Up & Final Projects Review Real-world Case StudiesFinal projects presentation & review Conversation, exemplification, project review Slide deck, projects

Course bibliography

] Chris Dotson, Practical cloud security: a guide for secure design and deployment, O'Reilly Media, 1st edition, 2019, ISBN: 1492037516 [2] Julien Vehent, Securing DevOps: Security in the Cloud, Manning, 1st edition, 2018, ISBN: 1617294136 [3] Liz Rice, Container Security: Fundamental Technology Concepts that Protect Containerized Applications, O'Reilly Media, 1st edition, 2020, ISBN: 1492056707

Seminar content

Content Methods Obs
L1. Login to a public cloud provider portal. Navigate and get accommodated to the user interface presented. Introduction to multiple cloud services: cloud compute, storage, active directory, identity and access management, networking and applications. Create basic cloud resources: virtual machine, storage back-up, cloud user account, custom cloud role. Provide a guest use a custom role to edit and delete a previously created virtual machine.Use the cloud native CLI. Slide deck, conversation, learning together, practical hands-on.
L2. Implement in a public cloud tenant a presented architecture:multiple virtual machines in different regions and zonesvirtual networksencryptionother cloud components Slide deck, conversation, learning together, practical hands-on.
L3. Fundamental security measures in public cloud:securing a virtual instance (ports, SSH, etc.)user access & rolesstorage securityprivate key rotationdata at rest encryptiondata in transit encryption Slide deck, conversation, learning together, practical hands-on.
L4. Implementing network security measures:network security groupsvirtual firewallstagsweb application firewall Slide deck, conversation, learning together, practical hands-on.
L5. Dockerfile and Docker repository introduction.Dockerfile instructionsDocker deployment to a cloud-native serviceSecure a given Dockerfile by adding/removing/editing Docker instructionsdocker-compose Slide deck, conversation, learning together, practical hands-on.
L6. Introduction to Terraform.Deploy cloud resources using Terraform apply.Deploy Hashicorp Vault for secrets and key management.Access the stored data in Hashicorp Vault using the CLI. Slide deck, conversation, learning together, practical hands-on.
L7. Implement Active Directory.Create AD policies based on user data, roles and permissions.PIM configurationUser auditing and monitoring Slide deck, conversation, learning together, practical hands-on.
L8. Configuring Active Directory and implementing tenant wide MFA.Deployment of an application using App Services and secure it with SSO. Slide deck, conversation, learning together, practical hands-on.
L9. O365 security introduction.Policies, auditing, logging and compliance for Azure O365. Slide deck, conversation, learning together, practical hands-on.
L10. Native cloud security features: Security Center.Introduction to Security CenterAnalyze and implement solutions for security findings within Azure Security Center. Slide deck, conversation, learning together, practical hands-on.
L11. Native cloud security features: SentinelIntroduction to Azure SentinelConnect workspace to SentinelRun queries on data ingested by SentinelGenerate automated security reports for Sentinel Slide deck, conversation, learning together, practical hands-on.
L12. Blue team scenario:create multiple teams: SOC analysts, Cloud Security engineers and Architectsin the given scenario, each team has to accomplish different tasks, based on the team profile:SOC: monitor, analyze and identify potential security attacksSecurity engineers: with the data provided by the SOC team, fix existing security threats as much as possibleArchitects: identify final solutions for existing security issues and implement them Team work, learning together, puzzle
L13. Private cloud with KubernetesHow to host a Kubernetes ClusterKubernetes pods, services, ingress, certificates and volumesDeploy a Dockerized application to Kubernetes Slide deck, conversation, learning together, practical hands-on.
L14. Comparison between Public Cloud Providers, also as a review before finals. Slide deck, conversation, learning together, practical hands-on.
Bibliography: [1] Nigel Poulton, Docker Deep Dive: Zero to Docker in a single book, Packt Publishing, 2020, ISBN: 9781800565135[2] Nigel Poulton, The Kubernetes Book: 2023 Edition, Independently published, 2023, ISBN: 979-8402153776[3] Yevgeniy Brikman, Terraform: Up and Running: Writing Infrastructure as Code, O'Reilly Media, 3rd Edition, 2022, ISBN: 1098116747

Seminar bibliography

Class contents corresponds to the curricula of other universities, from inside the country or from the European Union. The practical contents (laboratory works) correspond to the local labor market requirements. /Conținutul disciplinei corespunde curriculei din alte centre universitare, din țară sau Uniunea Europeană. Conținuturile practice (lucrări de laborator) corespund cerințelor de pe piața muncii locală.The content is in line with the structure of similar courses at other universities and covers aspects necessary for familiarization to cloud computing infrastructure and relevant cloud security mechanisms. The ability to understand modern cloud environments is a main component of developing a career in Cybersecurity, as the industry has shifted from legacy self-hosted data centers. Once this course is passed, the candidate will possess highly specialized knowledge regarding public and private cloud security.

Corroboration

(none)

AI tools guidance

(none)

Evaluation and delivery

Activity Criteria Methods Percentage
C
  • Ability to understand cloud concepts
  • Ability to understand cloud security concepts
  • Capacity to identify security vulnerabilities and propose potential security measures and processes
  • Written test and oral assessment
  • in the exam session
  • 45.0%
S
  • Ability to assess a presented cloud environment security posture
  • Ability to implement specific security mechanism in an existing public or private cloud
  • Written test and oral assessment in the exam session—Lab activity
  • 30.0%
  • 25.0%

Performance standards

Minimum standard (knowledge and skills required for a grade of 5): / Standard minim (cunoștințe și aptitudini necesare pentru nota 5): basic cloud concepts (compute, storage, networking, application, identity and access management) basic cloud security mechanism (network security group, virtual firewall, SIEM and security center) successfully operate a cloud-based environment using browser UI, CLI and terminal SDK

Additional info

(none)