Demystifying Cloud Security and Audit in AWS

Workshop Description

Several organizations have implemented Cloud in the last couple of years and are still groping in the dark as to the responsibilities of Information Security in the cloud. Cloud computing security, i.e., Cloud Security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Cloud computing and storage provide users with capabilities to store and process their data in third-party data centers. Organizations use the cloud in a variety of different service models (with acronyms such as SaaS, PaaS, and IaaS) and deployment models (private, public, hybrid, and community). Security concerns associated with cloud computing fall into two broad categories: security issues faced by cloud providers (organizations providing software, platform, or infrastructure-as-a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud). Security is a shared responsibility between the Cloud Service Provider and the Customer. The provider must ensure that their infrastructure is secure and that their client’s data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.


At the conclusion of this course, attendees will be able to understand:

  • Overall high-level understanding of the Cloud
  • Regulatory Guidelines on Cloud Implementation
  • Cloud Control Matrix latest version: High-level overview
  • Key Controls on AWS – 50 CIS controls checklist implementation
  • Security ‘in’ the cloud and ‘of’ the cloud

Duration: 8 Hours

Course Content(4 sessions of 90 minutes each)
Module Topics & Contents Details
M1 Demystifying the Cloud The following subtopics will be covered in this module

o Background

o Deployment & Service models

o Advantages of the cloud

o Governments/RBI and the Cloud

M2 Cloud Security & Audit The shared responsibility model, security of the cloud and in the cloud as well as various certifications, etc will be covered.

The overview of containerization, Kubernetes etc at a high level will be introduced for the same

o ISACA Audit program, the various tools used,

o ISO Controls specific to Cloud

o Overview of CCM, CAIQ of CSA will be discussed @ intermediary level

o CSA STAR assessment

M3 AWS Audit Hands-on Part-1 · Understanding the various services of AWS

o Overview

o Compute

o Storage

o Database Services

o Security, Network & Content delivery

o Management and Governance

o CIS benchmarks etc controls Ver 1.4.0 key controls 59 total controls

o Identity and Access Management

o Other services under Security Identity & Compliance

M4 AWS Audit Hands-on Part-2 · Understand Storage & related security

o Management & Governance Module

o Networking Security

o Disaster Recovery as a Service

o Self-Assessment






Participants will have to carry their laptops. It’s advisable to get personal laptops and not corporate laptops. The AWS link should not be blocked on the corporate laptops

Facilitator: Nanda Mohan Shenoy


  • Possess the Banking qualification CAIIB from India
  • Holds a Post Graduate Diploma in Industrial Relations and Personnel Management
  • A Lead Auditor for ISO 27001:2013.
  • Seasoned Banking & Information Security Professional


  • More than 30 Years of experience in the entire Banking and Financial Services and Insurance (BFSI) segment with a deep understanding of Business, Operations, Technology, and Information Security.
  • Held Leadership positions in BNP Paribas India, Global Trust Bank, and Bharat Overseas Bank
  • Worked across multiple verticals, like Operations, Information Technology & Business, and Products like Private Banking, Mutual Funds, Insurance, etc.
  • Has a hands-on experience in Audit of AWS, Azure & Google Cloud with organizations in the BFSI Sector


  • Data Privacy and Cyber security
  • Supported Bureau Veritas India, the certification body as a Subject Matter expert for the ISO 27701:2019 (the Privacy Management Information Systems (PIMS) certification) for Infosys.
  • Addressed the Board and the Senior Management of the various Banks/ NBFC /Other Financial Institutions on the Information and Cyber Security Risk (IndusInd Bank, Tata Capital, SVC Bank, SBI Life Insurance, etc) as well as Privacy Issues.


  • He has trained more than 400 senior management personnel in Aadhaar Compliance
  • He was the keynote speaker on Asian Privacy Laws in Da Nang
  • He was invited by the Securities Board of Vietnam to deliver a keynote on India Aadhaar adoption of Capital markets in 2019
  • He also is one of the popular Quiz masters at the ISACA Conferences