Cloud Security Handbook provides complete coverage of security aspects when designing, building, and maintaining environments in the cloud. This book is filled with best practices to help you smoothly transition to the public cloud, while keeping your environments secure. You do not have to read everything – simply find out which cloud provider is common at your workplace, or which cloud provider you wish to focus on, and feel free to skip the rest.
Who this book is for
This book is for IT or information security personnel taking their first steps in the public cloud or migrating existing environments to the cloud. DevOps professionals, cloud engineers, or cloud architects maintaining product
What this book covers
Chapter 1, Introduction to Cloud Security, in order to give you a solid understanding of cloud security, helps you to understand concepts such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), private cloud, public cloud, hybrid cloud, multi-cloud, and the Shared Responsibility Model. This and the rest of the chapters in this book will allow you to understand how to implement security in various cloud environments.
Chapter 2, Securing Compute Services, covers how Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) implement virtual machines, managed databases, containers, Kubernetes, and serverless architectures, and what the best practices for securing those services are.
Chapter 3, Securing Storage Services, covers how AWS, Microsoft Azure, and GCP implement object storage, block storage, and managed file storage, and what the best practices for securing those services are.
Chapter 4, Securing Network Services, covers how AWS, Microsoft Azure, and GCP implement virtual networks, security groups, DNS services, CDN, VPN services, DDoS protection services, and web application firewalls, and what the best practices for securing those services are.
Chapter 5, Effective Strategies to Implement IAM Solutions, covers how AWS, Microsoft Azure, and GCP implement directory services, how these cloud providers implement identity and access management for modern cloud applications, how to implement multifactor authentication, and how to secure all these services
Chapter 6, Monitoring and Auditing of Your Cloud Environment, covers how AWS, Microsoft Azure, and GCP implement audit mechanisms, how to detect threats in automated and large-scale environments, and how to capture network traffic for troubleshooting and security incident detection (digital forensics).
Chapter 7, Applying Encryption in Cloud Services, covers when to use symmetric and asymmetric encryption in a cloud environment, what the various alternatives for key management services in AWS, Azure, and GCP are, what the alternatives and best practices for storing secrets in code are, and how to implement encryption in traffic and encryption at rest on the AWS, Azure, and GCP cloud services.
Chapter 8, Understanding Common Security Threats to Cloud Computing, covers what the common security threats in public cloud environments are, how to detect those threats, and what the countermeasures to mitigate such threats using built-in services in AWS, Azure, and GCP are.
Chapter 9, Handling Compliance and Regulation, covers what the common security standards related to cloud environments are, what the different levels of Security Operations Center (SOC) are, and how to use cloud services to comply with the European data privacy regulation, GDPR.
Chapter 10, Engaging with Cloud Providers, covers how to conduct a risk assessment in a public cloud environment, what the important questions to ask a cloud provider prior to the engagement phase are, and what important topics to embed inside a contractual agreement with the cloud provider.
Chapter 11, Managing Hybrid Clouds, covers how to implement common features such as identity and access management, patch management, vulnerability management, configuration management, monitoring, and network security aspects in hybrid cloud environments.
Chapter 12, Managing Multi-Cloud Environments, covers how to implement common topics such as identity and access management, patch management, vulnerability management, configuration management, monitoring, and network security aspects in multi-cloud environments.
Chapter 13, Security in Large-Scale Environments, covers what the common Infrastructure as a Code (IaC) alternatives are, how to implement patch management in a centralized manner, how to control configuration and compliance management, and how to detect vulnerabilities in cloud environments (managed services and sample tools) in a large production environment