Book Image

Cloud Security Handbook

By : Eyal Estrin
Book Image

Cloud Security Handbook

By: Eyal Estrin

Overview of this book

Securing resources in the cloud is challenging, given that each provider has different mechanisms and processes. Cloud Security Handbook helps you to understand how to embed security best practices in each of the infrastructure building blocks that exist in public clouds. This book will enable information security and cloud engineers to recognize the risks involved in public cloud and find out how to implement security controls as they design, build, and maintain environments in the cloud. You'll begin by learning about the shared responsibility model, cloud service models, and cloud deployment models, before getting to grips with the fundamentals of compute, storage, networking, identity management, encryption, and more. Next, you'll explore common threats and discover how to stay in compliance in cloud environments. As you make progress, you'll implement security in small-scale cloud environments through to production-ready large-scale environments, including hybrid clouds and multi-cloud environments. This book not only focuses on cloud services in general, but it also provides actual examples for using AWS, Azure, and GCP built-in services and capabilities. By the end of this cloud security book, you'll have gained a solid understanding of how to implement security in cloud environments effectively.

Related Content you might be interested in

Current Title:

Small book image
Cloud Security Handbook
Eyal Estrin
Apr, 2022 | 456 pages
Small book image
Mastering AWS Security
Albert Anthony
Oct, 2017 | 252 pages
Small book image
AWS: Security Best Practices on AWS
Albert Anthony
Mar, 2018 | 118 pages
Small book image
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
Prashant Kulkarni | Ankush Chowdhary
Aug, 2023 | 496 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share your thoughts
1
Section 1: Securing Infrastructure Cloud Services
Section 1: Securing Infrastructure Cloud Services
Free Chapter
2
Chapter 1: Introduction to Cloud Security
Chapter 1: Introduction to Cloud Security
Technical requirements
What is a cloud service?
What are the cloud deployment models?
What are the cloud service models?
Why we need security
What is the shared responsibility model?
Command-line tools
Summary
3
Chapter 2: Securing Compute Services
Chapter 2: Securing Compute Services
Technical requirements
Securing VMs
Securing managed database services
Securing containers
Securing serverless/function as a service
Summary
4
Chapter 3: Securing Storage Services
Chapter 3: Securing Storage Services
Technical requirements
Securing object storage
Securing block storage
Securing file storage
Securing the CSI
Summary
5
Chapter 4: Securing Networking Services
Chapter 4: Securing Networking Services
Technical requirements
Securing virtual networking
Securing DNS services
Securing CDN services
Securing VPN services
Securing DDoS protection services
Securing WAF services
Summary
6
Section 2: Deep Dive into IAM, Auditing, and Encryption
Section 2: Deep Dive into IAM, Auditing, and Encryption
7
Chapter 5: Effective Strategies to Implement IAM Solutions
Chapter 5: Effective Strategies to Implement IAM Solutions
Technical requirements
Introduction to IAM
Failing to manage identities
Securing cloud-based IAM services
Securing directory services
Configuring MFA
Summary
8
Chapter 6: Monitoring and Auditing Your Cloud Environments
Chapter 6: Monitoring and Auditing Your Cloud Environments
Technical requirements
Conducting security monitoring and audit trails
Conducting threat detection and response
Conducting incident response and digital forensics
Summary
9
Chapter 7: Applying Encryption in Cloud Services
Chapter 7: Applying Encryption in Cloud Services
Technical requirements
Introduction to encryption
Best practices for deploying KMSes
Best practices for deploying secrets management services
Best practices for using encryption in transit
Best practices for using encryption at rest
Encryption in use
Summary
10
Section 3: Threats and Compliance Management
Section 3: Threats and Compliance Management
11
Chapter 8: Understanding Common Security Threats to Cloud Services
Chapter 8: Understanding Common Security Threats to Cloud Services
Technical requirements
The MITRE ATT&CK framework
Detecting and mitigating data breaches in cloud services
Detecting and mitigating misconfigurations in cloud services
Detecting and mitigating insufficient IAM and key management in cloud services
Detecting and mitigating account hijacking in cloud services
Detecting and mitigating insider threats in cloud services
Detecting and mitigating insecure APIs in cloud services
Detecting and mitigating the abuse of cloud services
Summary
12
Chapter 9: Handling Compliance and Regulation
Chapter 9: Handling Compliance and Regulation
Technical requirements
Compliance and the shared responsibility model
Introduction to compliance with regulatory requirements and industry best practices
What are the common ISO standards related to cloud computing?
What is a SOC report?
What is the CSA STAR program?
What is PCI DSS?
What is the GDPR?
What is HIPAA?
Summary
13
Chapter 10: Engaging with Cloud Providers
Chapter 10: Engaging with Cloud Providers
Technical requirements
Choosing a cloud provider
What is a cloud provider questionnaire?
Tips for contracts with cloud providers
Conducting penetration testing in cloud environments
Summary
14
Section 4: Advanced Use of Cloud Services
Section 4: Advanced Use of Cloud Services
15
Chapter 11: Managing Hybrid Clouds
Chapter 11: Managing Hybrid Clouds
Technical requirements
Hybrid cloud strategy
Identity management over hybrid cloud environments
Network architecture for hybrid cloud environments
Storage services for hybrid cloud environments
Compute services for hybrid cloud environments
Securing hybrid cloud environments
Summary
16
Chapter 12: Managing Multi-Cloud Environments
Chapter 12: Managing Multi-Cloud Environments
Technical requirements
Multi-cloud strategy
Identity management over multi-cloud environments
Network architecture for multi-cloud environments
Data security in multi-cloud environments
Cost management in multi-cloud environments
Cloud Security Posture Management (CSPM)
Cloud Infrastructure Entitlement Management (CIEM)
Patch and configuration management in multi-cloud environments
The monitoring and auditing of multi-cloud environments
Summary
17
Chapter 13:Security in Large-Scale Environments
Chapter 13:Security in Large-Scale Environments
Technical requirements
Managing governance and policies at a large scale
Automation using IaC
Security in large-scale cloud environments
Summary
What's next?
Why subscribe?
18
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Why we need security

As mentioned previously, we can see clear benefits of using cloud services that enable our business to focus on what brings us value (from conducting research in a pharmaceutical lab, to selling products on a retail site, and so on).

But what about security? And, specifically, cloud security?

Why should our organization focus on the overhead called information security (and, in the context of this book, cloud security)?

The cloud has changed the paradigm of organizations controlling their data on-premises (from HR data to customers' data) and investing money in maintaining data centers, servers, storage, network equipment, and the application tier.

Using public clouds has changed the way organizations look at information security (in the context of this book, cloud security).

The following are a few common examples of the difference between on-premises data solutions and the cloud:

Table 1.1 – Differences between on-premises data solutions and the cloud

Table 1.1 – Differences between on-premises data solutions and the cloud

Organizations are often unwilling to migrate to a public cloud for security reasons because the physical servers are located outside of the organization's direct control, and sometimes even outside their physical geography.

Here are a few questions often asked by organizations' management:

  • Are my servers going to behave the same as if they were on-premises?
  • How do I protect my servers outside my data center from a data breach?
  • How do I know the cloud provider will not have access to my data?
  • Do my employees have enough knowledge to work in new environments such as the public cloud?

Perhaps the most obvious question asked is – is the public cloud secure enough to store my data?

From my personal experience, the answer is yes.

By design, the hyper-scale cloud providers invest billions of dollars protecting their data centers, building secure services, investing in employee training, and locating security incidents and remediating them fast. This is all with much higher investment, attention, and expertise than most organizations can dedicate to protecting their local data centers.

The reason for this is simple – if a security breach happens to one of the hyper-scale cloud providers, their customers' trust will be breached, and the cloud providers will run out of business.

At the end of the day, cloud security enables our organization to achieve (among other things) the following:

  • Decreased attack surface: Using central authentication, data encryption, DDoS protection services, and more
  • Compliance with regulation: Deploying environments according to best practices
  • Standardization and best practices: Enforcing security using automated tools and services

Reading this book will allow you to have a better understanding of various methods to secure your cloud environments – most of them using the cloud vendor's built-in services and capabilities.

Previous Section
End of Section 6
Next Section