Protect cloud environments with Alibaba Cloud security expertise.

Learn how to secure workloads, applications, and data across Alibaba Cloud environments using industry-recognized cloud security practices.

Develop practical knowledge of identity management, network security, data protection, compliance, monitoring, and threat management to strengthen cloud security posture and reduce risk.

  • Why get trained: Gain hands-on cloud security knowledge to protect cloud infrastructure, secure sensitive data, implement access controls, and support enterprise security requirements.
  • Why it matters: As organizations expand their cloud adoption, skilled cloud security professionals are essential for protecting business-critical assets, maintaining compliance, and defending against evolving cyber threats.
  • Who should attend: Security engineers, cloud engineers, cybersecurity professionals, cloud administrators, security architects, IT operations teams, and professionals pursuing Alibaba Cloud security certifications.

Build the skills to secure cloud environments and support resilient digital transformation initiatives with Alibaba Cloud. HRD Corp Claimable

Overview

A Cloud Security Engineer is responsible for securing cloud workloads on Alibaba Cloud by implementing and managing robust security policies, practices, and technologies. This role emphasizes safeguarding applications and data from potential threats and vulnerabilities. The Cloud Security Engineer works closely with other roles to enhance the overall security posture

Skills Covered

  • Workload Security Implementation: Proficient in securing cloud workloads through the application of best practices and technologies, ensuring the confidentiality, integrity, and availability of resources.
  • Proficiency in Security Services: Expertise in Alibaba Cloud security services, including Anti-DDoS, Security Center, Web Application Firewall (WAF), Bastionhost for secure access, Cloud Firewall (CFW), and Key Management Service (KMS).
  • Threat Detection and Incident Response: Skilled in monitoring and responding to security incidents using integrated security tools and services, including familiarity with SIEM and SOAR solutions to enhance risk governance.
  • Security Automation: Knowledge of automating security processes using services such as Cloud Monitor for automated alerts and ActionTrail for auditing API usage.

Target Audience

Cloud Security Engineers

Course Curriculum

Module 1: Cloud Security Basics

  • Introduction to Cloud Security
  • What is security in the cloud
  • Importance of cloud security
  • Security responsibilities in the cloud
  • Security considerations for different service models
  • Shared security responsibility model
  • Alibaba Cloud security services portfolio
  • Compliance and security standards
  • Important compliance and regulations

Module 2: Identity and Access Management on Alibaba Cloud

  • Resource Access Management Fundamentals
  • Importance of access control
  • Concept of identity on the cloud
  • Principle of least privilege
  • What is RAM
  • Authentication and authorization
  • How RAM works
  • User and role management
  • Planning username conventions & management
  • Manage roles, not users
  • RAM roles
  • Implementing access control policies
  • Access control methods
  • Role-based access control
  • Attribute-based access control
  • RAM policies
  • Writing secure and manageable policies

Module 3: Host Security on Alibaba Cloud

  • Cybersecurity Basics
  • Understanding cybersecurity technologies
  • What is SIEM
  • What is SOAR
  • Host security on the cloud
  • Risks and mitigation strategies specific to cloud hosts
  • Importance of securing both instances and network interfaces
  • Security Center Fundamentals
  • Bastionhost Fundamentals
  • ActionTrail Fundamentals
  • What is ActionTrail
  • Understanding the importance of action auditing, tracking API calls, and configuration changes

Module 4: Data Security on Alibaba Cloud

  • Data Security on Alibaba Cloud
  • Built-in data protection mechanisms (OSS, RDS, SSL)
  • Popular encryption methods
  • Protecting data-at-rest and data-in-transit
  • Importance of SSL/TLS in data transmission
  • Key Management Service Fundamentals
  • What is KMS
  • Concepts & components
  • Basic operations
  • Managing and rotating keys in KMS

Module 5: Network Security and Threat Mitigation on Alibaba Cloud

  • Web Application Security
  • Common cyber attacks across the network stack
  • DDoS attacks
  • OWASP Top 10 threats
  • Cloud Firewall Fundamentals
  • Web Application Firewall Fundamentals
  • Anti-DDoS Fundamentals

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

August 11, 2026 - August 11, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC

August 11, 2026 - August 11, 2026

Location: Online
Modal: VILT
Availability: TBC

October 13, 2026 - October 13, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC

October 13, 2026 - October 13, 2026

Location: Online
Modal: VILT
Availability: TBC

December 8, 2026 - December 8, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC

December 8, 2026 - December 8, 2026

Location: Online
Modal: VILT
Availability: TBC
Trainocate exam and cert

Exam & Certification

Alibaba Cloud Certified Associate: Cloud Security Engineer.

The Alibaba Cloud Certified Associate: Cloud Security Engineer (Exam Code: CSA-C01) is a specialized technical credential focused on securing cloud workloads, applications, and data.

It officially replaced the older ACA Cloud Security certification on May 13, 2025, modernizing the syllabus to address current infrastructure vulnerabilities and defensive tactics

Training & Certification Guide

The Alibaba Cloud Security Engineer certification tests practical abilities across key native security technologies: 
  • Network & Border Defense: Configuring Web Application Firewall (WAF) to block web attacks, and mitigating DDoS disruptions via Anti-DDoS Basic and Premium. 
  • Host & Workload Security: Deploying Security Center (formerly Server Guard) to detect malware, patch vulnerabilities, and monitor server baselines. 
  • Data Protection & Encryption: Implementing data-at-rest and data-in-transit protection through the Key Management Service (KMS), SSL/TLS certificates, and storage encryption. 
  • Identity & Access Management: Setting up granular least-privilege permissions, multi-factor authentication (MFA), and isolation policies using Resource Access Management (RAM)

Frequently Asked Questions

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes