Book description
Build a resilient cloud architecture to tackle data disasters with ease
About This Book
- Get a firm grip on cloud data security and governance principles, irrespective of your cloud platform
- Filled with practical examples to ensure you secure your cloud environment efficiently
- This step-by-step guide will teach you the techniques and methodologies of cloud data governance
Who This Book Is For
If you are a cloud security professional who wants to ensure cloud security and data governance no matter the environment, then this book is for you. A basic understanding of working on any cloud platform would be beneficial.
What You Will Learn
- Configure your firewall and Network ACL
- Protect your system against DDOS attacks and application-level attacks
- Explore Cryptography and Data Security for your Cloud
- Get to grips with the configuration management tools to automate your security tasks
- Perform vulnerability scanning with the help of industry-standard tools
- Get to know about Central Log Management
In Detail
Modern day businesses and enterprises are moving to the cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and to get access toon-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud requires transferring control over organizational assets to the cloud provider, and there is achance those assets could be mismanaged. Therefore, as a cloud security professional, you need to be on your toes and armed with techniques to help businesses minimize the risk, and to free management from worrying about misuse of business data.
This book starts with the basics of cloud security and gives you and understanding of various policies, governance, and compliance challenges in the cloud. This will lay a strong foundation before you dive deep into understanding what it takes to design a secure network infrastructure and an architecture application using various security services in the cloud environment.
You will be able to automate security tasks such as server hardening with Ansible and perform automation services such as Monit, that will monitor other security daemons and take appropriate actions in-case those security daemons are stopped maliciously. In short, this book has everything you need to secure your cloud environment with industry-adopted best practices to develop security, highly available, and fault tolerant architecture for organizations.
Style and approach
This book follows a step-by-step, practical approach to secure your applications and data when they are located remotely.
Publisher resources
Table of contents
- Preface
-
The Fundamentals of Cloud Security
- Getting started
- Service models
- Deployment models
- Cloud security
- Why is cloud security considered hard?
- Virtualization – cloud's best friend
- Enterprise virtualization with oVirt
- Service Level Agreement
- Business Continuity Planning – Disaster Recovery (BCP/DR)
- Policies and governance in cloud
- Audit challenges in the cloud
- Implementation challenges for controls on CSP side
- Vulnerability assessment and penetration testing in the cloud
- Summary
- Defense in Depth Approach
-
Designing Defensive Network Infrastructure
- Why do we need cryptography?
- The TCP/IP model
- Firewalls
- Application layer security
- The IPS functionality
- A web application firewall
- Network segmentation
- Accessing management
- Virtual Private Network
- Installation of OpenVPN
- Approaching private hosted zones for DNS
- Summary
-
Server Hardening
- The basic principle of host-based security
- Keeping systems up-to-date
- Partitioning and LUKS
- LUKS
- Access control list
- SELinux
- Hardening system services and applications
- Pluggable authentication modules
- System auditing with auditd
- Hosted Based Intrusion Detection System
- The hardened image approach
- Summary
-
Cryptography Network Security
- Introduction to cryptography
- Types of cryptography
- Message authentication codes
- Hardware security modules
- Key management service
- Envelope encryption
- Credential management system with KMS
- Asymmetric key encryption
- Digital signatures
- SSL/TLS
- Perfect forward secrecy
- Online certificate status protocol
- OCSP stapling
- AWS certificate manager
- Summary
- Automation in Security
- Vulnerability, Pentest, and Patch Management
- Security Logging and Monitoring
- First Responder
- Best Practices
Product information
- Title: Enterprise Cloud Security and Governance
- Author(s):
- Release date: December 2017
- Publisher(s): Packt Publishing
- ISBN: 9781788299558
You might also like
book
Cloud Security Handbook
A comprehensive reference guide to securing the basic building blocks of cloud services, with actual examples …
book
Systems Performance: Enterprise and the Cloud
The Complete Guide to Optimizing Systems Performance Written by the winner of the 2013 LISA Award …
book
Cybersecurity Risk Management
Cybersecurity Risk Management In Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, veteran …
book
Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the …