Cloud Security Fundamentals
Published byO'Reilly Media, Inc.
The cloud is fast proving to be one of the most significant evolutions in computing and IT since the advent of the internet itself. It’s changing the way companies and organizations of all types and sizes conduct business in a manner that few other innovations over the past decade or more have done. But as much as the cloud has brought about a revolution in how we work, shop, socialize, and consume entertainment, it is also a target-rich environment for bad actors looking to steal data or simply wreak havoc for its own sake. Barely a day goes by that there’s not a story in the news of yet another data breach, and for companies today, these types of episodes can destroy reputations and entire businesses. This mean that to stay competitive and safeguard some of your company's most valuable assets—its data—you need to ensure that you and your cloud provider are proactive in defending against threats to your cloud-based infrastructure.
In this learning path designed for intermediate-level IT architects and security engineers, your host, IBM Distinguished Engineer and executive security architect for IBM Cloud, Chris Dotson, teaches you what you and your organization need to do to protect your cloud assets. You’ll learn how to keep track of a diverse array of components and applications, check authentication and authorization, manage vulnerabilities at all levels, and control network access. You’ll examine how to go about doing this with today’s popular cloud providers. Each cloud provider and application is different, and no set of preventative controls can be the perfect one-size-fits-all answer to these threats, so you’ll also learn how to watch for and recognize problems and more effectively respond to them when they do arise. When you’ve completed this learning path, you’ll know the basics of cloud security as well as the right questions to ask to protect and defend your specific environments.
What you’ll learn—and how you can apply it
- How security responsibility is shared in the cloud between the provider and the consumer
- Different methods for protecting your data in the cloud, such as classification, encryption, and tokenization
- How to keep track of the many different types of cloud assets you might have, such as virtual machines, storage volumes, and more
- How to track identities and manage access
- How to manage vulnerabilities at all layers of the stack, from software you write to third-party libraries
- How to keep your networks secure using a perimeter and internal segmentation model
- How to see when something is going wrong and respond to it
This learning path is for you because…
- You're an IT architect or developer moving to the cloud
- You're an IT security professional tasked with keeping your teams safe in the cloud
- General knowledge of computing concepts, such as storage and virtual machines
- General knowledge of networking, including IP addresses, subnetting, and firewalls
- If you’re new to IT architecture or IT security, you might need some additional introductory courses prior to this one
Materials or downloads needed in advance:
- A useful, open source textbook: Problem Solving with Algorithms and Data Structures using Python
- Verizon's 2019 Data Breach Investigations Report
- Threat Modeling: Designing for Security , by Adam Shostack is a very good read for anyone who wants more in-depth information on threat modeling
- Applied Cryptography by Bruce Schneier is the definitive reference for anyone who would like to dig deep into cryptography
- The online documentation for the different cloud providers is the best, most up-to-date resource for determining how to do exactly what you want to do with that provider; this course teaches you to ask the right questions, but in most cases it doesn’t give step-by-step instructions on how to do it, because those would quickly become obsolete