Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

SEC549: Cloud Security Architecture

SEC549Cloud Security
  • 5 Days (Instructor-Led)
  • 30 Hours (Self-Paced)
Course created by:
David HazarEric JohnsonGregory Leonard
David Hazar, Eric Johnson & Gregory Leonard
Register NowCourse Preview
SEC549: Cloud Security Architecture
Course created by:
David HazarEric JohnsonGregory Leonard
David Hazar, Eric Johnson & Gregory Leonard
Register NowCourse Preview
  • GIAC Cloud Security Architecture and Design (GCAD)

    Learn about certification

  • 30 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • Intermediate Skill Level

    Course material is geared for cyber security professionals with hands-on experience

  • 35 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

Learn to design enterprise-ready, scalable cloud solutions for your organization. Engage in threat modeling and secure architecture review labs to experience the cloud migration journey.

Featured Quote

I would recommend this course. It hits many core aspects of secure design. Additionally, lack of Cloud Security Architecture and Strategy, and Insecure Design have been highlighted as a top risk by organizations like Cloud Security Alliance and OWASP. Cloud security architecture topics need to have more attention and focus in general.
Greg LewisSAP

Course Overview

SEC549 prepares students to design secure, scalable cloud infrastructure. Through a representative case study, students will threat-model and analyze real-world challenges in identity access management (IAM), organization policy, network security, data security, and log aggregation—learning to centralize controls while supporting fast, secure cloud adoption.

What You’ll Learn

  • Design secure, enterprise-ready cloud architectures that support business goals
  • Build a scalable identity foundation, centralizing workforce identity with conditional access policies and break glass access
  • Learn how the cloud enables zero-trust for workforce, customer, and workload identities with both identity-based and network-based security controls
  • Create micro-network segmentation using hub-and-spoke models and centralized inspection firewalls
  • Protect cloud data with strong perimeters, data lake, shared Key Management Service (KMS), and disaster recovery designs
  • Enable cloud incident response and telemetry using centralized intra-cloud and cross-cloud push and pull logging designs

Business Takeaways

  • Reduce cloud risks with strategic, phased adoption plans
  • Prevent identity sprawl and technical debt through centralization
  • Support growth with high-level guardrails and secure architecture
  • Avoid costly anti-patterns with thoughtful cloud design
  • Move toward zero-trust using proven access control patterns
  • Create effective conditional access and manage policy exceptions

Meet Your Authors

Slide 1 of 0

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC549: Cloud Security Architecture.

Section 1Cloud Account Management and Identity Foundations

Section 1 introduces core concepts like cloud threat modeling and secure design, then dives into cloud identity. Students build identity foundations, enable federation from Entra ID to AWS and GCP, design resource hierarchies, set up policy guardrails, and manage cloud access.

Topics covered

  • Security Architecture in the Cloud
  • Federated Access / Single Sign On (SSO)
  • Creating Hierarchical Cloud Structures
  • Apply organizational policy guardrails
  • Implementing an Identity Foundation

Labs

  • Threat Model: Workforce Identity
  • Centralizing User Account Provisioning
  • Creating Organization Hierarchies
  • Organization of Policy Guardrails
  • CloudWars: Account Management and Identity

Section 2Implementing an Identity Perimeter in the Cloud

Section 2 explores zero-trust in the cloud, focusing on conditional access policies, customer identity and access management (CIAM), and authenticating users and machines across clouds.

Topics covered

  • Implementing Zero-Trust Architecture
  • Conditional Access Policies
  • Customer Identity and Access Management (CIAM)
  • Architecting Cross-Cloud Authentication

Labs

  • Threat Model: Zero-Trust Architecture
  • Entra ID Conditional Access Policy
  • Application Identity
  • Workload Identity Federation
  • CloudWars: Implementing an Identity Perimeter

Section 3Cloud Native Security Operations

Section 3 covers cloud network components and design, starting with key resources for public, private, and hybrid clouds. Students learn centralized management, micro-segmentation, traffic inspection, and how to access shared services.

Topics covered

  • On-Premises versus Cloud Networks
  • Managing Cloud-Hosted Networks at Scale
  • Cloud Network Micro-Segmentation
  • Network Firewalls and Traffic Inspection
  • Centralized Shared Network Services

Labs

  • Centralizing Network Security
  • Firewall Misconfigurations
  • Micro-segmentation with VPC peering
  • Centralized traffic inspection
  • CloudWars: Private Service Access

Section 4Data Access Perimeters in the Cloud

Section 4 dives into cloud-native data protection, covering storage controls, data lake security, and data loss prevention using tags, attribute-based access control (ABAC), and masking. It ends with key management and backup architecture strategies.

Topics covered

  • Data Security & Privacy Playbook
  • Data Lake and Cloud Storage Security
  • Key Management Architecture
  • Business Continuity and Disaster Recovery Design

Labs

  • Data Discovery and Classification
  • Sharing Data Lake Data using AWS S3 Access Points
  • Customer Managed Key Designs
  • CloudWar: Data Lake Migration and DR Planning

Section 5Enable the Cloud-Focused SOC

Section 5 teaches students how to enable SOC operations in the cloud, covering cloud data sources, log aggregation, and exporting to a central SIEM. Students design logging architectures that support threat detection, response, and recovery from cloud incidents.

Topics covered

  • Security Operations in a Cloud-Centric World
  • Intra-cloud Logging and Aggregation
  • Centralized Log Export Patterns

Labs

  • Managing Cloud-Native Events
  • Centralizing Intra-Cloud Events
  • Exporting Telemetry to a SIEM
  • CloudWars: Incident Response and Final Presentation

Things You Need To Know

Relevant Job Roles

Cybersecurity Architecture (OPM 652)

NICE: Design and Development

Responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.

Explore learning path

Cloud Security Architect

Cloud Security

Designing the adoption of cloud services and define the tools and strategy for cloud solutions

Explore learning path

Enterprise Architecture (OPM 651)

NICE: Design and Development

Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us

GIAC Certification Attempt

Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.

OnDemand Course Access

When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.

Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Eric Johnson
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Enrollment options
    Self-Paced
  • Location & instructor

    Singapore, SG & Virtual (live)

    Instructed by Simon Vernon
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,375 USD*Prices exclude applicable local taxes
    Enrollment options
    Virtual
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by David Hazar
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Boston, MA, US & Virtual (live)

    Instructed by David Hazar
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    London, GB & Virtual (live)

    Instructed by David Hazar
    Date & Time
    Fetching schedule..View event details
    Course price
    £6,715 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Raleigh, NC, US & Virtual (live)

    Instructed by Eric Johnson
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Las Vegas, NV, US & Virtual (live)

    Instructed by Simon Vernon
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Denver, CO, US & Virtual (live)

    Instructed by Eric Johnson
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
Showing 8 of 19

Learn Alongside Leading Cybersecurity Professionals From Around The World

Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching class with code in the background

Get feedback from the world’s best cybersecurity experts and instructors

Learning via laptop

Choose how you want to learn - online, on demand, or at our live in-person training events

Learning via laptop

Get access to our range of industry-leading courses and resources