Module 11: Cloud Security & Compliance
Checking access...
Security is the top concern for organizations moving to the cloud — and for good reason. The shared responsibility model means you are accountable for securing your data, identities, and network configurations. This module gives you the tools and frameworks to meet that responsibility.
We cover four critical domains. Encryption and key management — how KMS, CloudHSM, and Azure Key Vault handle key storage and rotation, envelope encryption for performance, and ACM for TLS certificate lifecycle management. Network security — Web Application Firewalls (WAF), DDoS protection (AWS Shield, Azure Firewall, Cloud Armor), and the crucial differences between security groups (stateful instance-level firewalls) and network ACLs (stateless subnet-level filters).
Compliance frameworks are the third pillar. You will learn what SOC 2, PCI DSS, HIPAA, and GDPR require from cloud infrastructure and how services like AWS Artifact, Azure Policy, and GCP Assured Workloads help you demonstrate compliance. We also cover compliance automation — turning controls into code that runs in CI/CD pipelines.
Info
The module project brings all three domains together: you design and deploy a secure three-tier architecture with envelope encryption, WAF rules, security group segmentation, and automated compliance scanning.
By the end of Module 11 you will be able to encrypt data at rest and in transit, segment networks using cloud-native firewalls, and map compliance requirements to concrete cloud controls.