My Nexascale Cloud Security Journey in 4 weeks

Cloud Computing & Security Training Summary

I Learnt what cloud security entails

What is Cloud Security? - Security of the cloud relates to the physical infrastructure of an entire cloud platform. Cloud security is the protection of cloud computing systems, infrastructure, and data from cyberattacks and unauthorized access. It involves implementing a variety of security measures, such as encryption, access controls, and firewalls, to ensure that cloud-based resources are secure and available to authorized users. It refers to the set of policies, technologies, and controls deployed to protect data, applications, and infrastructure within cloud environments. It involves securing cloud resources against threats such as data breaches, cyberattacks, and unauthorized access while ensuring compliance with regulations. 

Key Aspects of Cloud Security: 

● Data Protection: Encryption, access controls, and secure storage. 

● Identity Management: Ensuring only authorized users access resources. 

● Network Security: Firewalls, VPNs, and monitoring traffic.

 ● Compliance: Adhering to industry and regulatory standards. 

● Threat Detection: Proactive monitoring and response to security incidents.

Secure data storage and encryption.

What is IAM?

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. IAM provides the infrastructure necessary to control authentication and authorization for your AWS accounts.

Week 1 - Cloud Computing & Security by Ayebakuro Oruwori, PMP

• Cloud Computing: Delivers computing services over the internet on a pay-as-you-go basis, eliminating the need to manage physical infrastructure.
• Cloud Security: Protects cloud systems from cyber threats using encryption, access controls, security groups, and firewalls.
• Cloud Platforms: AWS, Azure, and GCP provide cloud services with a shared responsibility model, where security responsibilities depend on the service type:IaaS (Infrastructure as a Service) – Virtualized resources (e.g., AWS EC2, Azure VMs).PaaS (Platform as a Service) – Development platforms (e.g., AWS Elastic Beanstalk, Azure App Services).SaaS (Software as a Service) – Software applications over the internet (e.g., Google Workspace, Microsoft 365).
• Basic Cloud Concepts: Regions, Availability Zones, Elasticity, Scalability, Serverless Computing, Networking, Security Groups, API Gateway, Microservices, etc.
• Security Principles: Zero Trust, Least Privilege, Role-Based Access Control (RBAC), and Defense in Depth.
• IAM & Compliance: Identity and Access Management (IAM) controls cloud resource access, with compliance standards like GDPR, HIPAA, and ISO-27001.

Week 2 - Identity & Access Management (IAM) in AWS By Fortress Abioye

• AWS IAM: Manages permissions and access to AWS resources.
• Hands-on Activities:Opened AWS accounts.Created IAM users and groups.Assigned policies to control access.

Week 3 - Networking in the Cloud By James R. Lyons

• Amazon VPC (Virtual Private Cloud): A logically isolated network in AWS.
• Key Networking Concepts:CIDR Blocks – Allocate IP addresses.Subnets – Divide a network into smaller sections.Security Groups & NACLs – Control traffic flow.Internet Gateway (IGW) – Connects VPC to the internet.Route Tables – Manage network traffic.NAT Gateway/Instance – Enables outbound internet access while keeping internal resources private.
• Hands-on Activities:Created a VPC, subnets, internet gateway, and route tables.

Week 4 - Secure Data Storage & Encryption By @VictorAkande

• AWS S3 & Azure Blob Storage: Scalable cloud storage solutions.
• Security Features:Access Controls – IAM policies, bucket policies, ACLs.Encryption – Server-side & client-side encryption using AWS KMS & Azure Key Vault.Monitoring – AWS CloudTrail, S3 Access Logs, Azure Monitor.
• Data Protection:Encryption in Transit – Uses TLS/SSL for secure data transfer. Data Recovery – AWS Backup, S3 Versioning, Azure Site Recovery.

This training covered essential cloud computing, security, networking, and data protection principles, with practical hands-on experience in AWS and Azure.

Special Thanks to Facilitators Grace Ezuma