Auditing VMware ESX & Cloud Computing

Virtualization and Cloud Computing are ranked the top 2 business driven technology priorities, according to Gartner’s survey amongst 2.000 CIO’s across 50 countries and 38 industries. While delivering on agility requested by business, they recognize the risk that is associated with emerging technologies and regulatory requirements. This training examines what exactly those risks are, assesses virtual environments and cloud- based services against critical compliance requirements and industry standards, evaluates recommended controls and investigates for the presence and effectiveness of said controls.

You will:

(1) examine the proper interaction between Risk Management, Control and Audit for virtualized & ‘cloudified’ enterprise architectures

(2) open the deep risks of virtual infrastructures and cloud architectures and test them against existing guidelines

(3) assess VMware environments and cloud based services against critical compliance requirements

(4) recommend mitigating controls

(5) design, develop and implement controls that auditors must see, investigate and proof; provide evidence that stated designs are actually working and are assured

(6) audit virtualized segments of information systems and for Cloud Governance & Cloud Operation Controls

(7) help your organization to navigate and operate the changing IT- landscape without jeopardizing its risk posture

(8) future proof your career with a training and certification that goes far beyond the white papers!

Risk Management & Auditing VMware vSphere (3 days) & Cloud Based Services (Optional 4th day)

Virtualization Audit Professional

Duration: 3 days
This course starts with explaining virtualization and how it enabled cloud computing. The various virtual infrastructure models and architectures are discussed, enforced with case studies and hands on lab exercises. It then examines a 7 step risk management framework, opens the deep risks in virtual infrastructures and tests them against critical compliance requirements and hardening guidelines. Recommended detective, preventive and corrective controls are covered as well as how to implement them. Following this students learn how to audit for the presence and efficiency of said controls.

Virtualization & Cloud Computing Audit Professional

Duration: 4 days
Day 4 shows how all this works with parts of the business brought into the Cloud. Cloud Governance- and Operations- specific risks and critical compliance requirements are covered as well as mitigating controls. The course examines techniques and tools that enable the IT- Auditor to investigate for the presence and effectiveness of said controls, while allowing the cloud provider to keep its black box and protect its intellectual property. It evaluates Metrics and Services Level Agreements and typical policies for managing Cloud Services and examines the Provider- Client security collaboration & Provider’s Security Operations’ alignment with Client’s Requirements. It covers Incident Response, Application Security Architecture, Data Security, Access Control via Identity Management…and much more.

Course Modules:

Module 01: Virtualization de- mystified
Module 02: Information Systems Risks
Module 03: Risk Assessment
Module 04: Risk Mitigation
Module 05: Auditing VMware vSphere 4.x & 5.x & Private Clouds
Module 06 Planning & Scoping External Cloud Computing Audit Assignments
Module 07 Risks, Critical Compliance Requirements & Controls for External Cloud Governance
Module 08 Auditing for External Cloud Governance-specific Controls
Module 09 Risk, Critical Compliance Requirements & Controls Cloud Operations
Module 10 Auditing for External/Public/Hybrid Cloud Operations

Included in Training:

  • Official Courseware & detailed lab manuals that are continuously updated 
  • Hands on training in mock virtualized & ‘cloudified’ information systems
  • Exercises that have been created on an actual data center
  • Guidelines & Industry guidelines and their viability [SAS 70, ENISA, ISO, ISACA, NIST, PCI DSS 2.0, vSphere 4.1 Hardening Guidelines, Cloud Security Alliance and many more]
  • Instructors are senior Auditors with Security & Forensics expertise and VMware & Cloud skills at the architect level
  • Up to 28 CPE Credits*
  • Examination on the last day of training (virtualization audit professional or virtualization & cloud computing audit professional examination)

* CPE Credits: Continuing Professional Education refer to the obligations that certified professionals have in order to maintain their credentials. This course builds on and adds value to existing standards and justifies CPE Credit claims. Consult the CPE Policy Statement that applies to the maintenance of your certification, e.g. [-] ISACA CPE Requirements for CISA, CISM, CRISC [-] IIA CPE Statement for Certified Internal Auditor [-] ISC2 Policy on Maintaining Credentials for CISSP [-] NOREA Guidelines for Permanent Education for RE, Register of Qualified IT-Auditors, etcetera.

IT- Auditorswill learn:

  • How to create risk- directed audit projects for virtual environments and cloud based services.
  • How to correctly audit virtualized segments of VMware vSphere- based Information Systems and for Cloud Governance- and Cloud Operations- specific controls

IT- Risk- Compliance-, Security & Information Security Governance- experts will learn:

  • Inherent risk and compliance concerns that are associated with the virtualization of enterprise components and bringing parts of the business into the cloud.
  • How to assess virtual infrastructures and cloud architectures against critical compliance requirements.
  • How to identify specific vulnerabilities and threats.
  • How to mitigate against them thru detective, preventive and corrective mitigating controls.

IT- Architects will learn:

  • What auditors look for
  • How to design, develop and implement controls that auditors must investigate, see and prove
  • Typical best practice design configurations that address compliance & risk concerns and that will prevent expensive re-engineering
  • How to prove that the stated designs are actually are working and are assured


Lancelot Institute

Lancelot Institute is an international group of respected consultants in Security, Audit, Governance and Assurance for IT. Its training curriculum is based upon solving main issues for individual clients, thus it is meaningful, case study driven and focus on actionable guidelines and practical skills. Its instructors speak at international conferences and participate in research initiatives [e.g. ISACA, ISSA, LSEC, CAMM- project Cloud Security Alliance].

Upcoming Speaking Engagements

Secure Coding - iPhone Applications - London
Auditing Mobile Applications & Cloud Computing- Platform Information Security Utrecht
Auditing & Securing Mobile Applications - ISACA Belgium
The CIO in the Cloud - LSEC Leaders in Security - Belgium

Copyright 2011, Three Amigoes all rights reserved

  • Entry required.

  • Entry required.

    Enter a valid email address.

  • Entry required.

  • Belgium, Brussels: September 17 till 20

  • Netherlands: September 17 till 20

  • Canada Ottawa, August 27, 2012

  • Brussels, November 26, 2012

  • Ottawa Canada, November 26, 2012

  • Baku Azerbaijan, December 3, 2012

  • Canada, Ottawa: May 22 till 25

  • UK, June 4 till 7 (all inclusive bootcamp)

  • Washington DC, June 18 till 21

  • UK, September 10 till 13 (all inclusive bootcamp)

  • UK, December 3 till 6 (all inclusive bootcamp)

  • Exams

  • Virtualization Audit Professional

  • Virtualization & Cloud Computing Audit Professional

  • No exam

  • Not for now, but ask me again

  • Entry required.

  • Entry required.

  • Entry required.

    Enter a valid email address.

  • Entry required.

  • Entry required.

  • Entry required.

  • Entry required.

  • Entry required.

  • Lancelot Institute contact person:

  • I do not know/ we do not have a contact person