14 Defining Security Policies

Whatever we do in the cloud needs to be secure. Cloud providers only provide tools. You need to define how to use these tools. In order to determine what these tools should do, you need to think about what type of assets you want to protect and how you need to protect them. There are quite a number of security baselines—for example, the baseline as defined by the Center for Internet Security (CIS), which provides guidelines.

In this chapter, we will learn what a security framework is and why it’s important as a starting point for security policies. We will discover what we need to protect in our cloud environments. Next, we will look at the globally adopted CIS benchmark for Azure, AWS, GCP, Alibaba Cloud, and OCI ...

Get Multi-Cloud Strategy for Cloud Architects - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Multi-Cloud Strategy for Cloud Architects - Second Edition by Jeroen Mulder

14

Defining Security Policies

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly