Premium Members Get 10% Off and Earn Rewards Find Out More
Practical Cloud Security: A Guide for Secure Design and Deployment
"With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up. Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. IBM Distinguished Engineer Chris Dotson shows you how to establish data asset management, identity and access management (IAM), vulnerability management, network security, and incident response in your cloud environment.."--Back cover
1129626723
Practical Cloud Security: A Guide for Secure Design and Deployment
"With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up. Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. IBM Distinguished Engineer Chris Dotson shows you how to establish data asset management, identity and access management (IAM), vulnerability management, network security, and incident response in your cloud environment.."--Back cover
49.99 In Stock
Practical Cloud Security: A Guide for Secure Design and Deployment

Practical Cloud Security: A Guide for Secure Design and Deployment

by Chris Dotson
Practical Cloud Security: A Guide for Secure Design and Deployment
Add to Wishlist
Practical Cloud Security: A Guide for Secure Design and Deployment

Practical Cloud Security: A Guide for Secure Design and Deployment

by Chris Dotson

Overview

"With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up. Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. IBM Distinguished Engineer Chris Dotson shows you how to establish data asset management, identity and access management (IAM), vulnerability management, network security, and incident response in your cloud environment.."--Back cover

Product Details

ISBN-13: 9781098148171
Publisher: O'Reilly Media, Incorporated
Publication date: 11/14/2023
Edition description: 2nd ed.
Pages: 228
Product dimensions: 7.00(w) x 9.19(h) x 0.48(d)

About the Author

Chris Dotson is an IBM Distinguished Engineer and an executive security architect in the IBM CIO organization He has 11 professional certifications, including the Open Group Distinguished IT Architect certification, and over 25 years of experience in the IT industry. Chris has been featured as a cloud innovator on the https://www.ibm.com home page several times; his focus areas include cloud infrastructure and security, identity and access management, networking infrastructure and security, servers, storage, and bad puns.

Table of Contents

Preface ix

1 Principles and Concepts 1

Least Privilege 1

Defense in Depth 2

Threat Actors, Diagrams, and Trust Boundaries 2

Cloud Delivery Models 6

The Cloud Shared Responsibility Model 6

Risk Management 10

2 Data Asset Management and Protection 13

Data Identification and Classification 13

Example Data Classification Levels 14

Relevant Industry or Regulatory Requirements 15

Data Asset Management in the Cloud 17

Tagging Cloud Resources 18

Protecting Data in the Cloud 19

Tokenization 19

Encryption 20

Summary 26

3 Cloud Asset Management and Protection 29

Differences from Traditional IT 29

Types of Cloud Assets 30

Compute Assets 31

Storage Assets 37

Network Assets 41

Asset Management Pipeline 42

Procurement Leaks 43

Processing Leaks 44

Tooling Leaks 45

Findings Leaks 45

Tagging Cloud Assets 46

Summary 48

4 Identity and Access Management 49

Differences from Traditional IT 51

Life Cycle for Identity and Access 52

Request 53

Approve 54

Create, Delete, Grant, or Revoke 54

Authentication 55

Cloud IAM Identities 55

Business-to-Consumer and Business-to-Employee 56

Multi-Factor Authentication 57

Passwords and API Keys 59

Shared IDs 61

Federated Identity 61

Single Sign-On 61

Instance Metadata and Identity Documents 63

Secrets Management 64

Authorization 68

Centralized Authorization 69

Roles 70

Revalidate 71

Putting It All Together in the Sample Application 72

Summary 75

5 Vulnerability Management 77

Differences from Traditional IT 78

Vulnerable Areas 80

Data Access 80

Application 81

Middleware 82

Operating System 84

Network 84

Virtualized Infrastructure 85

Physical Infrastructure 85

Finding and Fixing Vulnerabilities 85

Network Vulnerability Scanners 87

Agentless Scanners and Configuration Management 88

Agent-Based Scanners and Configuration Management 89

Cloud Provider Security Management Tools 91

Container Scanners 91

Dynamic Application Scanners (DAST) 92

Static Application Scanners (SAST) 92

Software Composition Analysis Scanners (SCA) 93

Interactive Application Scanners (LAST) 93

Runtime Application Self-Protection Scanners (RASP) 93

Manual Code Reviews 94

Penetration Tests 94

User Reports 95

Example Tools for Vulnerability and Configuration Management 95

Risk Management Processes 98

Vulnerability Management Metrics 98

Tool Coverage 99

Mean Time to Remediate 99

Systems/Applications with Open Vulnerabilities 100

Percentage of False Positives 100

Percentage of False Negatives 100

Vulnerability Recurrence Rate 100

Change Management 101

Putting It All Together in the Sample Application 102

Summary 106

6 Network Security 109

Differences from Traditional IT 109

Concepts and Definitions 111

Whitelists and Blacklists 111

DMZs 112

Proxies 112

Software-Defined Networking 113

Network Features Visualization 113

Overlay Networks and Encapsulation 113

Virtual Private Clouds 114

Network Address Translation 115

IPv6 116

Putting It All Together in the Sample Application 116

Encryption in Motion 118

Firewalls and Network Segmentation 121

Allowing Administrative Access 126

Web Application Firewalls and RASP 130

Anti-DDoS 132

Intrusion Detection and Prevention Systems 133

Egress Filtering 134

Data Loss Prevention 136

Summary 137

7 Detecting, Responding to, and Recovering from Security Incidents 139

Differences from Traditional IT 140

What to Watch 141

Privileged User Access 142

Logs from Defensive Tooling 144

Cloud Service Logs and Metrics 147

Operating System Logs and Metrics 148

Middleware Logs 148

Secrets Server 149

Your Application 149

How to Watch 149

Aggregation and Retention 150

Parsing Logs 151

Searching and Correlation 152

Alerting and Automated Response 152

Security Information and Event Managers 153

Threat Hunting 155

Preparing for an Incident 155

Team 156

Plans 157

Tools 159

Responding to an Incident 160

Cyber Kill Chains 161

The OODA Loop 162

Cloud Forensics 163

Blocking Unauthorized Access 164

Stopping Data Exfiltration and Command and Control 164

Recovery 164

Redeploying IT Systems 164

Notifications 165

Lessons Learned 165

Example Metrics 165

Example Tools for Detection, Response, and Recovery 166

Putting It All Together in the Sample Application 167

Monitoring the Protective Systems 168

Monitoring the Application 169

Monitoring the Administrators 169

Understanding the Auditing Infrastructure 170

Summary 171

Index 173

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Networking & Telecommunications
Security - Computer Networks
Computers
Networking & Telecommunications
Security - Computer Networks

Customer Reviews