Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Enterprise Cloud Security and Governance
  • Table Of Contents Toc
Enterprise Cloud Security and Governance

Enterprise Cloud Security and Governance

By : Zeal Vora
Buy this Book
close
close
Enterprise Cloud Security and Governance

Enterprise Cloud Security and Governance

By: Zeal Vora
Buy this Book

Overview of this book

Modern day businesses and enterprises are moving to the Cloud, to improve efficiency and speed, achieve flexibility and cost effectiveness, and for on-demand Cloud services. However, enterprise Cloud security remains a major concern because migrating to the public Cloud requires transferring some control over organizational assets to the Cloud provider. There are chances these assets can be mismanaged and therefore, as a Cloud security professional, you need to be armed with techniques to help businesses minimize the risks and misuse of business data. The book starts with the basics of Cloud security and offers an understanding of various policies, governance, and compliance challenges in Cloud. This helps you build a strong foundation before you dive deep into understanding what it takes to design a secured network infrastructure and a well-architected application using various security services in the Cloud environment. Automating security tasks, such as Server Hardening with Ansible, and other automation services, such as Monit, will monitor other security daemons and take the necessary action in case these security daemons are stopped maliciously. In short, this book has everything you need to secure your Cloud environment with. It is your ticket to obtain industry-adopted best practices for developing a secure, highly available, and fault-tolerant architecture for organizations.
Table of Contents (11 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
The Fundamentals of Cloud Security
chevron up
Icon
The Fundamentals of Cloud Security
Icon
Getting started
Icon
Service models
Icon
Deployment models
Icon
Cloud security
Icon
Why is cloud security considered hard?
Icon
Virtualization – cloud's best friend
Icon
Enterprise virtualization with oVirt
Icon
Service Level Agreement
Icon
Business Continuity Planning – Disaster Recovery (BCP/DR)
Icon
Policies and governance in cloud
Icon
Audit challenges in the cloud
Icon
Implementation challenges for controls on CSP side
Icon
Vulnerability assessment and penetration testing in the cloud
Icon
Summary
2
Defense in Depth Approach
Icon
Defense in Depth Approach
Icon
The CIA triad
Icon
Introducing Defense in Depth
Icon
Summary
3
Designing Defensive Network Infrastructure
Icon
Designing Defensive Network Infrastructure
Icon
Why do we need cryptography?
Icon
The TCP/IP model
Icon
Firewalls
Icon
Application layer security
Icon
The IPS functionality
Icon
A web application firewall
Icon
Network segmentation
Icon
Accessing management
Icon
Virtual Private Network
Icon
Installation of OpenVPN
Icon
Approaching private hosted zones for DNS
Icon
Summary
4
Server Hardening
Icon
Server Hardening
Icon
The basic principle of host-based security
Icon
Keeping systems up-to-date
Icon
Partitioning and LUKS
Icon
LUKS
Icon
Access control list
Icon
SELinux
Icon
Hardening system services and applications
Icon
Pluggable authentication modules
Icon
System auditing with auditd
Icon
Hosted Based Intrusion Detection System
Icon
The hardened image approach
Icon
Summary
5
Cryptography Network Security
Icon
Cryptography Network Security
Icon
Introduction to cryptography
Icon
Types of cryptography
Icon
Message authentication codes
Icon
Hardware security modules
Icon
Key management service
Icon
Envelope encryption
Icon
Credential management system with KMS
Icon
Asymmetric key encryption
Icon
Digital signatures
Icon
SSL/TLS
Icon
Perfect forward secrecy
Icon
Online certificate status protocol
Icon
OCSP stapling
Icon
AWS certificate manager
Icon
Summary
6
Automation in Security
Icon
Automation in Security
Icon
Configuration management
Icon
Attaining the desired state with Ansible pull
Icon
Terraform
Icon
AWS Lambda
Icon
Summary
7
Vulnerability, Pentest, and Patch Management
Icon
Vulnerability, Pentest, and Patch Management
Icon
Introduction to vulnerability assessment
Icon
Understanding risks
Icon
Risk mitigation
Icon
Best practices
Icon
Patch management
Icon
Organizing servers in groups
Icon
Introduction to Docker
Icon
Summary
8
Security Logging and Monitoring
Icon
Security Logging and Monitoring
Icon
Continuous security and monitoring
Icon
Choosing the right log monitoring tool
Icon
Security Incident and Event Management
Icon
Log monitoring is reactive in nature
Icon
Summary
9
First Responder
Icon
First Responder
Icon
Real world use case
Icon
Understanding the incident
Icon
Holding unexpected simulation
Icon
Summary
10
Best Practices
Icon
Best Practices
Icon
Cloud readiness
Icon
Network readiness
Icon
Server readiness
Icon
Bonus points
Icon
Summary

Cloud security

Now that we have covered the basics of the cloud computing environment, we can go ahead and start with the security aspect pertaining to cloud environments. Cloud security is generally considered a challenge and there are special certifications such as Certificate of Cloud Security Knowledge (CCSK) being released that are specific to cloud security-based knowledge.

The real reason why cloud security is a different challenge is because of the loss of control of the backend infrastructure and things related to the visibility of the underlying network. The scope of controls associated with the cloud platform differs depending on the service model being used.

The following diagram denotes how the scope would vary:

If we look at the preceding diagram, the responsibility of the consumer and security will vary differently depending upon the model that is being chosen. Let's look at an overview based on this aspect:

  • In a SaaS-based model, the Cloud Provider is responsible for Infrastructure, Intermediary Layer, and partial part of Application Layer; however, it is the Cloud Consumer who is responsible for data stored in the Application and its associated configuration
  • In a PaaS-based model, the Cloud Provider is responsible for Infrastructure and certain aspects of Intermediary Layer, while the Cloud Consumer is responsible for the Application and its associated security along with certain aspects of Intermediary Layer
  • In an IaaS-based model, the Cloud Provider is responsible for the underlying backend Infrastructure such as the virtualization layer, backend switches, hardware, and others while the Cloud Consumer is responsible for all the other aspects except server security, firewalls, and routing configurations
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Enterprise Cloud Security and Governance
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon