Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Cloud Security Handbook
  • Table Of Contents Toc
Cloud Security Handbook

Cloud Security Handbook - Second Edition

By : Eyal Estrin
5 (1)
Buy this Book
close
close
Cloud Security Handbook

Cloud Security Handbook

5 (1)
By: Eyal Estrin
Buy this Book

Overview of this book

Securing cloud resources is no easy task—each provider has its unique set of tools, processes, and challenges, demanding specialized expertise. This book cuts through the complexity, delivering practical guidance on embedding security best practices across the core infrastructure components of AWS, Azure, and GCP. It equips information security professionals and cloud engineers with the skills to identify risks and implement robust security controls throughout the design, deployment, and maintenance of public cloud environments. Starting with the shared responsibility model, cloud service models, and deployment models, this book helps you get to grips with fundamental concepts such as compute, storage, networking, identity management, and encryption. You’ll then explore common threats and compliance requirements for cloud environments. As you progress, you'll implement security strategies across deployments ranging from small-scale environments to enterprise-grade production systems, including hybrid and multi-cloud setups. This edition expands on emerging topics like GenAI service security and DevSecOps, with hands-on examples leveraging built-in security features of AWS, Azure, and GCP. By the end of this book, you'll confidently secure any cloud environment with a comprehensive understanding of cloud security principles.
Table of Contents (24 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Icon
Share your thoughts
Icon
Download a free PDF copy of this book
Lock Free Chapter
1
Part 1:Securing Infrastructure Cloud Services
Icon
Part 1:Securing Infrastructure Cloud Services
2
Chapter 1: Introduction to Cloud Security
Icon
Chapter 1: Introduction to Cloud Security
Icon
What is a cloud service?
Icon
What are the cloud deployment models?
Icon
What are the most common cloud service models?
Icon
Why we need security
Icon
What is the shared responsibility model?
Icon
Command-line tools
Icon
Summary
3
Chapter 2: Securing Compute Services – Virtual Machines
Icon
Chapter 2: Securing Compute Services – Virtual Machines
Icon
Securing VMs
Icon
Fundamental best practices for securing VMs
Icon
Best practices for authentication
Icon
Best practices for securing network access to an instance
Icon
Best practices for conducting patch management
Icon
Best practices for securing backups
Icon
Summary
4
Chapter 3: Securing Compute Services – Containers and Kubernetes
Icon
Chapter 3: Securing Compute Services – Containers and Kubernetes
Icon
Securing containers
Icon
Securing Kubernetes
Icon
Securing non-Kubernetes workloads
Icon
Summary
5
Chapter 4: Securing Compute Services – Serverless and FaaS
chevron up
Icon
Chapter 4: Securing Compute Services – Serverless and FaaS
Icon
Securing serverless/FaaS
Icon
High-level recommendations for securing FaaS
Icon
Best practices for IAM in FaaS
Icon
Best practices for data protection in FaaS
Icon
Best practices for auditing and security monitoring in FaaS
Icon
Best practices for compliance in FaaS
Icon
Summary
6
Chapter 5: Securing Storage Services
Icon
Chapter 5: Securing Storage Services
Icon
Securing object storage
Icon
Securing block storage
Icon
Securing file storage
Icon
Securing the Container Storage Interface
Icon
Summary
7
Chapter 6: Securing Networking Services – Part 1
Icon
Chapter 6: Securing Networking Services – Part 1
Icon
Securing virtual networking
Icon
Securing DNS services
Icon
Securing VPN services
Icon
Securing Zero Trust services
Icon
Summary
8
Chapter 7: Securing Networking Services – Part 2
Icon
Chapter 7: Securing Networking Services – Part 2
Icon
Using DDoS protection services
Icon
Using WAF services
Icon
Summary
9
Chapter 8: Securing Generative AI Services
Icon
Chapter 8: Securing Generative AI Services
Icon
Introduction to GenAI
Icon
Introduction to managed GenAI services
Icon
Best practices for IAM in GenAI services
Icon
Best practices for data protection in GenAI services
Icon
Best practices for auditing and security monitoring in GenAI services
Icon
Summary
10
Part 2: Deep Dive into IAM, Auditing, and Encryption
Icon
Part 2: Deep Dive into IAM, Auditing, and Encryption
11
Chapter 9: Effective Strategies for Implementing IAM Solutions
Icon
Chapter 9: Effective Strategies for Implementing IAM Solutions
Icon
Introduction to IAM
Icon
Securing cloud-based IAM services
Icon
Securing directory services
Icon
Summary
12
Chapter 10: Auditing and Threat Management in Cloud Environments
Icon
Chapter 10: Auditing and Threat Management in Cloud Environments
Icon
Maintaining audit trails
Icon
Controlling access to CSP support engineers
Icon
Conducting threat detection and response
Icon
Managing cloud-native SIEM
Icon
Summary
13
Chapter 11: Applying Encryption in Cloud Services
Icon
Chapter 11: Applying Encryption in Cloud Services
Icon
Introduction to encryption
Icon
Best practices for using encryption in transit
Icon
Encryption at rest
Icon
Best practices for deploying KMSs
Icon
Best practices for deploying secrets management services
Icon
Encryption in use
Icon
Summary
14
Part 3: Threat and Vendor Management
Icon
Part 3: Threat and Vendor Management
15
Chapter 12: Understanding Common Security Threats to Cloud Services
Icon
Chapter 12: Understanding Common Security Threats to Cloud Services
Icon
Data breaches in cloud services
Icon
Misconfigurations in cloud services
Icon
Insufficient IAM, secrets, and key management
Icon
Account hijacking in cloud services
Icon
Insider threats in cloud services
Icon
Insecure APIs in cloud services
Icon
The abuse of cloud services
Icon
The MITRE ATT&CK framework
Icon
Summary
16
Chapter 13: Engaging with Cloud Providers
Icon
Chapter 13: Engaging with Cloud Providers
Icon
Choosing a cloud provider
Icon
What is a cloud provider questionnaire?
Icon
What are SOC reports?
Icon
Tips for contracts with cloud providers
Icon
Conducting penetration testing in cloud environments
Icon
Summary
17
Part 4: Advanced Use of Cloud Services
Icon
Part 4: Advanced Use of Cloud Services
18
Chapter 14: Managing Hybrid Clouds
Icon
Chapter 14: Managing Hybrid Clouds
Icon
Hybrid cloud strategy
Icon
Identity management over hybrid cloud environments
Icon
Network architecture for hybrid cloud environments
Icon
Storage services for hybrid cloud environments
Icon
Computing services for hybrid cloud environments
Icon
Securing hybrid cloud environments
Icon
Summary
19
Chapter 15: Managing Multi-Cloud Environments
Icon
Chapter 15: Managing Multi-Cloud Environments
Icon
Multi-cloud strategy
Icon
IAM over multi-cloud environments
Icon
Network architecture for multi-cloud environments
Icon
Data security in multi-cloud environments
Icon
Cost management in multi-cloud environments
Icon
CSPM
Icon
CIEM
Icon
Patch and configuration management in multi-cloud environments
Icon
The monitoring and auditing of multi-cloud environments
Icon
Summary
20
Chapter 16: Implementing DevSecOps
Icon
Chapter 16: Implementing DevSecOps
Icon
Introduction to DevSecOps
Icon
DevSecOps best practices – people
Icon
DevSecOps best practices – processes
Icon
DevSecOps best practices – technology
Icon
Summary
21
Chapter 17: Security in Large-Scale Environments
Icon
Chapter 17: Security in Large-Scale Environments
Icon
Managing governance and policies at a large scale
Icon
Automation using IaC and PaC
Icon
Summary
Icon
What is next?
22
Index
Icon
Index
Icon
Why subscribe?
23
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share your thoughts
Icon
Download a free PDF copy of this book

Securing Compute Services – Serverless and FaaS

In the previous chapter, we learned about security in containers and Kubernetes.

This chapter will cover serverless computing or function as a service (FaaS) and provide you with best practices on how to securely deploy and manage each of them.

Although there are many cloud-managed services (such as object storage, API gateways, load balancers, etc.) that are considered serverless, in this section, I will present the most common serverless computing services/FaaS. Following that, we are going to see what the best practices are for securing common FaaS deployments from AWS, Azure, and GCP. For each of these platforms, we will review best practices for securing FaaS from different angles (from IAM to network access, auditing, monitoring, and finally compliance).

In this chapter, we will cover the following topics:

  • High-level recommendations for securing FaaS
  • Best practices for identity and access management in...
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Cloud Security Handbook
End of Section 5
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon