Training and Awareness

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Now we're going to talk about
00:00
the importance of training and awareness,
00:00
especially when it comes to Cloud development.
00:00
In this lesson, we're going to cover
00:00
the importance of training and
00:00
awareness and the distinction
00:00
between training and awareness.
00:00
We want to talk about how training and
00:00
awareness impact Cloud security.
00:00
Then we want to go through some of
00:00
the requirements for implementing
00:00
effective application security training
00:00
for Cloud developers.
00:00
First and foremost, what is
00:00
the difference between training and awareness?
00:00
Well, simply, awareness is a prerequisite for training.
00:00
Awareness is really building a familiarity with
00:00
different concepts that you're unfamiliar
00:00
with and you become aware of them.
00:00
In the Cloud context when it comes to security,
00:00
you really just become aware of either what constitutes
00:00
insecure configurations or what are some
00:00
of the best practices regarding
00:00
secure Cloud application development.
00:00
Training is more specific.
00:00
It is really formal education about
00:00
how to implement the concepts
00:00
that you have become aware of when it comes to
00:00
developing secure code in the Cloud.
00:00
Now, before you really go to the effort to train
00:00
developers on how to secure Cloud applications.
00:00
One important thing to ask is that should
00:00
an application be hosted in a Cloud environment?
00:00
Will the business really gain all the benefits that
00:00
come from the Cloud if the application has moved there?
00:00
Now, naturally this is a Cloud based course,
00:00
so you would think, well, of course.
00:00
However, there are some instances where you
00:00
really need to analyze and think
00:00
about what data is going
00:00
to be processed by the application.
00:00
Where's it going to be stored?
00:00
Does that data have personally
00:00
>> identifiable information,
00:00
>> or are there particular privacy regulations
00:00
that apply to that data?
00:00
If your organization doesn't necessarily have
00:00
the skills in terms of
00:00
Cloud development and administration
00:00
to ensure that that data is adequately protected,
00:00
it's potentially better to maintain it on-premise.
00:00
On the flip side,
00:00
there may be organizations
00:00
where they do not necessarily have
00:00
the right level of
00:00
skills on-premise to maintain the application.
00:00
They really want to leverage a lot of
00:00
third parties in the Cloud who really they are
00:00
experts or they focus on
00:00
different secure practices when it comes to maintaining
00:00
applications and if the Cloud
00:00
really makes the most sense.
00:00
But that cost-benefit may skew
00:00
and that you are maybe paying
00:00
more money to host something in the Cloud,
00:00
but you may gain in terms of
00:00
security and overall business value.
00:00
Now let's say you're moving to the Cloud.
00:00
You have applications out in the Cloud.
00:00
But how do you train
00:00
your developers to ensure that they know what to do?
00:00
Well, one of the more important things
00:00
to understand is that there are
00:00
differences in the development environment
00:00
between on-premise and Cloud.
00:00
This new and unfamiliar environments
00:00
may cause some issues for developers who
00:00
weren't adequately trained in how to
00:00
successfully develop in the Cloud and do so securely.
00:00
Developers need familiarity and training regarding
00:00
the different languages and
00:00
frameworks that may be done in Cloud environments.
00:00
One of the other key elements that's going to
00:00
help developers get up to speed
00:00
in the Cloud is really the documentation associated with
00:00
the platforms that they're using for development.
00:00
Now, although developers
00:00
are very smart, intelligent bunch,
00:00
and maybe very confident about their skills,
00:00
it's important as an organization to
00:00
really assess people skills.
00:00
Potentially, think about having
00:00
an outside view of
00:00
an hiring application security specific training,
00:00
doing a lot of either automatic or personal code review
00:00
with experienced individuals to
00:00
help developers really feel
00:00
confident and know what to do to make sure that
00:00
any code that's being deployed in
00:00
Cloud application is securely vetted.
00:00
Let's reflect a moment.
00:00
What Cloud applications does
00:00
>> your organization maintain?
00:00
>> A lot of times, people with an organization aren't
00:00
even necessarily all that aware of
00:00
how many Cloud applications they are leveraging.
00:00
One of the benefits of the Cloud is that it's cheaper
00:00
to utilize other companies application.
00:00
When you're developing your own applications,
00:00
these Cloud environments offer
00:00
easy availability to customize your environments,
00:00
build things, proof of concepts, get rid of things,
00:00
update your applications,
00:00
and also provide greater availability.
00:00
But you really want to be aware of what are
00:00
your critical applications that are in
00:00
the Cloud and begin to think about,
00:00
are people receiving the adequate amount of
00:00
training with regards to
00:00
developing in the Cloud environment?
00:00
That brings us to our second question,
00:00
what training do developers at your organization
00:00
receive regarding secure Cloud development?
00:00
They may receive some training about how to
00:00
deploy and develop code in Cloud environments.
00:00
But when it comes to specific aspects of
00:00
Cloud security, an application security,
00:00
more specifically, what education are they're
00:00
receiving and is it enough? It's always worth to look.
00:00
All right. In summary, we talked about the difference
00:00
between training and awareness.
00:00
We talked about the importance of
00:00
training in Cloud development.
00:00
Then we went through some of the aspects
00:00
of the differences between on-premise and
00:00
Cloud environments and what elements
00:00
that a Cloud developer may need
00:00
to get up to speed to
00:00
develop applications in the Cloud in a secure manner.
00:00
All right. I'll see you in the next lesson.
Up Next