O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cloud Security Automation

Book Description

Secure public and private cloud workloads with this comprehensive learning guide.

About This Book

  • Take your cloud security functions to the next level by automation
  • Learn to automate your security functions on AWS and OpenStack
  • Practical approach towards securing your workloads efficiently

Who This Book Is For

This book is targeted at DevOps Engineers, Security professionals, or any stakeholders responsible for securing cloud workloads. Prior experience with AWS or OpenStack will be an advantage.

What You Will Learn

  • Define security for public and private cloud services
  • Address the security concerns of your cloud
  • Understand Identity and Access Management
  • Get acquainted with cloud storage and network security
  • Improve and optimize public and private cloud security
  • Automate cloud security
  • Understand the security compliance requirements of your cloud

In Detail

Security issues are still a major concern for all IT organizations. For many enterprises, the move to cloud computing has raised concerns for security, but when applications are architected with focus on security, cloud platforms can be made just as secure as on-premises platforms. Cloud instances can be kept secure by employing security automation that helps make your data meet your organization's security policy.

This book starts with the basics of why cloud security is important and how automation can be the most effective way of controlling cloud security. You will then delve deeper into the AWS cloud environment and its security services by dealing with security functions such as Identity and Access Management and will also learn how these services can be automated. Moving forward, you will come across aspects such as cloud storage and data security, automating cloud deployments, and so on. Then, you'll work with OpenStack security modules and learn how private cloud security functions can be automated for better time- and cost-effectiveness. Toward the end of the book, you will gain an understanding of the security compliance requirements for your Cloud.

By the end of this book, you will have hands-on experience of automating your cloud security and governance.

Style and approach

This book follows a step-by-step, practical approach to help automate and secure your cloud account structure in an Amazon Web Services (AWS) and OpenStack environment.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Cloud Security Automation
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
    5. Disclaimer
  6. Introduction to Cloud Security
    1. Types of cloud
      1. Public cloud
      2. Private cloud
      3. Hybrid cloud
      4. Software as a Service
      5. Platform as a Service
      6. Infrastructure as a Service
    2. Cloud security
      1. Confidentiality
      2. Integrity
      3. Availability
      4. Authentication
      5. Authorization
      6. Auditing
    3. Shared responsibility model
      1. Shared responsibility model for infrastructure 
      2. Shared responsibility model for container service
      3. Shared responsibility model for abstract services
    4. Key concern areas of cloud security
      1. Infrastructure level
      2. User access level 
      3. Storage and data level 
      4. Application access level
      5. Network level
      6. Logging and monitoring level
    5. Summary
  7. Understanding the World of Cloud Automation
    1. What is DevOps?
      1. Why do we need automation?
    2. Infrastructure as Code
      1. Configuration management
    3. Automate deployment – AWS OpsWorks
    4. Quick recap
    5. Summary
  8. Identity and Access Management in the Cloud
    1. IAM features
    2. How does AWS work in IAM?
      1. Anatomy of IAM users, groups, roles, and policies 
        1. IAM users
        2. IAM groups
        3. IAM roles
        4. IAM policies
      2. Access right delegation using IAM 
        1. Temporary credentials
        2. Cross-account access
        3. Identity federation
      3. IAM best practices
    3. Other security options in AWS
      1. AWS Certificate Manager
      2. WAF and Shield
      3. Cloud hardware security module
      4. Cognito
      5. Amazon Macie
      6. AWS Inspector
      7. AWS GuardDuty
    4. Quick recap
    5. Summary
  9. Cloud Network Security
    1. Virtual private cloud
      1. NACL
      2. Security group
    2. VPN connection
    3. Direct Connect
    4. DNS security
      1. CDN-level security
    5. Logging and monitoring
      1. CloudTrail
      2. CloudWatch
    6. Quick recap
    7. Summary
  10. Cloud Storage and Data Security
    1. EBS
      1. Fault tolerance at EBS
        1. RAID 0
        2. RAID 1
      2. Encryption in EBS
    2. S3
      1. Security in S3
    3. AWS Glacier 
      1. Security in AWS Glacier
    4. EFS 
      1. Security in EFS
    5. Storage gateway
      1. Security in the storage gateway
    6. AWS Snowball
      1. Security in Snowball
    7. A quick recap
    8. Summary
  11. Cloud Platform Security
    1. RDS
      1. Security in RDS
        1. Using security groups
        2. Using IAM
        3. Using SSL to encrypt database connections
      2. Security best practices for AWS RDS 
      3. Back up and restore database
      4. Monitoring of RDS
    2. AWS Redshift 
      1. Security in Redshift
    3. AWS DynamoDB
      1. Security in DynamoDB
    4. ElastiCache 
      1. Securing ElastiCache
        1. VPC-level security
        2. Authentication and access control
        3. Authenticating with Redis authentication
        4. Data encryption
        5. Data-in-transit encryption
        6. Data-at-rest encryption
    5. AWS ECS
      1. Securing ECS
    6. SQS
      1. Securing SQS
    7. Let's have a recap
    8. Summary
  12. Private Cloud Security
    1. Securing hypervisor
      1. Securing  KVM
      2. Securing XenServer
      3. Securing ESXi
      4. Securing compute 
    2. IAM
      1. Authentication
      2. Authentication methods – internal and external
      3. Authorization
      4. Policy, tokens, and domains
      5. Federated identity
    3. Horizon – OpenStack dashboard service
    4. Cinder – OpenStack block storage
    5. Glance – OpenStack image storage
    6. Manila – OpenStack shared file storage
    7. Neutron – OpenStack network
    8. Swift – OpenStack object storage
    9. Message queue 
    10. Database services
    11. Data privacy and security for tenants
    12. Security for instances
    13. Quick recap
    14. Summary
  13. Automating Cloud Security
    1. Infrastructure as Code
    2. CI/CD
    3. Monitoring
    4. Summary
  14. Cloud Compliance
    1. Cloud security compliance
      1. Security compliance – ISMS
      2. Security compliance – PCI DSS
    2. Quick recap
    3. Summary
  15. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think