Book Image

Cloud Security Handbook

By : Eyal Estrin
Book Image

Cloud Security Handbook

By: Eyal Estrin

Overview of this book

Securing resources in the cloud is challenging, given that each provider has different mechanisms and processes. Cloud Security Handbook helps you to understand how to embed security best practices in each of the infrastructure building blocks that exist in public clouds. This book will enable information security and cloud engineers to recognize the risks involved in public cloud and find out how to implement security controls as they design, build, and maintain environments in the cloud. You'll begin by learning about the shared responsibility model, cloud service models, and cloud deployment models, before getting to grips with the fundamentals of compute, storage, networking, identity management, encryption, and more. Next, you'll explore common threats and discover how to stay in compliance in cloud environments. As you make progress, you'll implement security in small-scale cloud environments through to production-ready large-scale environments, including hybrid clouds and multi-cloud environments. This book not only focuses on cloud services in general, but it also provides actual examples for using AWS, Azure, and GCP built-in services and capabilities. By the end of this cloud security book, you'll have gained a solid understanding of how to implement security in cloud environments effectively.
Table of Contents (19 chapters)
1
Section 1: Securing Infrastructure Cloud Services
6
Section 2: Deep Dive into IAM, Auditing, and Encryption
10
Section 3: Threats and Compliance Management
14
Section 4: Advanced Use of Cloud Services

What this book covers

Chapter 1, Introduction to Cloud Security, in order to give you a solid understanding of cloud security, helps you to understand concepts such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), private cloud, public cloud, hybrid cloud, multi-cloud, and the Shared Responsibility Model. This and the rest of the chapters in this book will allow you to understand how to implement security in various cloud environments.

Chapter 2, Securing Compute Services, covers how Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) implement virtual machines, managed databases, containers, Kubernetes, and serverless architectures, and what the best practices for securing those services are.

Chapter 3, Securing Storage Services, covers how AWS, Microsoft Azure, and GCP implement object storage, block storage, and managed file storage, and what the best practices for securing those services are.

Chapter 4, Securing Network Services, covers how AWS, Microsoft Azure, and GCP implement virtual networks, security groups, DNS services, CDN, VPN services, DDoS protection services, and web application firewalls, and what the best practices for securing those services are.

Chapter 5, Effective Strategies to Implement IAM Solutions, covers how AWS, Microsoft Azure, and GCP implement directory services, how these cloud providers implement identity and access management for modern cloud applications, how to implement multi-factor authentication, and how to secure all these services.

Chapter 6, Monitoring and Auditing of Your Cloud Environment, covers how AWS, Microsoft Azure, and GCP implement audit mechanisms, how to detect threats in automated and large-scale environments, and how to capture network traffic for troubleshooting and security incident detection (digital forensics).

Chapter 7, Applying Encryption in Cloud Services, covers when to use symmetric and asymmetric encryption in a cloud environment, what the various alternatives for key management services in AWS, Azure, and GCP are, what the alternatives and best practices for storing secrets in code are, and how to implement encryption in traffic and encryption at rest on the AWS, Azure, and GCP cloud services.

Chapter 8, Understanding Common Security Threats to Cloud Computing, covers what the common security threats in public cloud environments are, how to detect those threats, and what the countermeasures to mitigate such threats using built-in services in AWS, Azure, and GCP are.

Chapter 9, Handling Compliance and Regulation, covers what the common security standards related to cloud environments are, what the different levels of Security Operations Center (SOC) are, and how to use cloud services to comply with the European data privacy regulation, GDPR.

Chapter 10, Engaging with Cloud Providers, covers how to conduct a risk assessment in a public cloud environment, what the important questions to ask a cloud provider prior to the engagement phase are, and what important topics to embed inside a contractual agreement with the cloud provider.

Chapter 11, Managing Hybrid Clouds, covers how to implement common features such as identity and access management, patch management, vulnerability management, configuration management, monitoring, and network security aspects in hybrid cloud environments.

Chapter 12, Managing Multi-Cloud Environments, covers how to implement common topics such as identity and access management, patch management, vulnerability management, configuration management, monitoring, and network security aspects in multi-cloud environments.

Chapter 13, Security in Large-Scale Environments, covers what the common Infrastructure as a Code (IaC) alternatives are, how to implement patch management in a centralized manner, how to control configuration and compliance management, and how to detect vulnerabilities in cloud environments (managed services and sample tools) in a large production environment.