book

Practical Cloud Security

Name: Practical Cloud Security
Author: Chris Dotson
ISBN: 9781492037514

by Chris Dotson

March 2019

Intermediate to advanced

193 pages

5h 46m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Conventions Used in This BookO’Reilly Online Learning PlatformHow to Contact UsAcknowledgments
1. Principles and Concepts
Least PrivilegeDefense in DepthThreat Actors, Diagrams, and Trust BoundariesCloud Delivery ModelsThe Cloud Shared Responsibility ModelRisk Management
2. Data Asset Management and Protection
Data Identification and ClassificationExample Data Classification LevelsRelevant Industry or Regulatory RequirementsData Asset Management in the CloudTagging Cloud ResourcesProtecting Data in the CloudTokenizationEncryptionSummary
3. Cloud Asset Management and Protection
Differences from Traditional ITTypes of Cloud AssetsCompute AssetsStorage AssetsNetwork AssetsAsset Management PipelineProcurement LeaksProcessing LeaksTooling LeaksFindings LeaksTagging Cloud AssetsSummary
4. Identity and Access Management
Differences from Traditional ITLife Cycle for Identity and AccessRequestApproveCreate, Delete, Grant, or RevokeAuthenticationCloud IAM IdentitiesBusiness-to-Consumer and Business-to-EmployeeMulti-Factor AuthenticationPasswords and API KeysShared IDsFederated IdentitySingle Sign-OnInstance Metadata and Identity DocumentsSecrets ManagementAuthorizationCentralized AuthorizationRolesRevalidatePutting It All Together in the Sample ApplicationSummary
5. Vulnerability Management
Differences from Traditional ITVulnerable AreasData AccessApplicationMiddlewareOperating SystemNetworkVirtualized InfrastructurePhysical InfrastructureFinding and Fixing VulnerabilitiesNetwork Vulnerability ScannersAgentless Scanners and Configuration ManagementAgent-Based Scanners and Configuration ManagementCloud Provider Security Management ToolsContainer ScannersDynamic Application Scanners (DAST)Static Application Scanners (SAST)Software Composition Analysis Scanners (SCA)Interactive Application Scanners (IAST)Runtime Application Self-Protection Scanners (RASP)Manual Code ReviewsPenetration TestsUser ReportsExample Tools for Vulnerability and Configuration ManagementRisk Management ProcessesVulnerability Management MetricsTool CoverageMean Time to RemediateSystems/Applications with Open VulnerabilitiesPercentage of False PositivesPercentage of False NegativesVulnerability Recurrence RateChange ManagementPutting It All Together in the Sample ApplicationSummary
6. Network Security
Differences from Traditional ITConcepts and DefinitionsWhitelists and BlacklistsDMZsProxiesSoftware-Defined NetworkingNetwork Features VirtualizationOverlay Networks and EncapsulationVirtual Private CloudsNetwork Address TranslationIPv6Putting It All Together in the Sample ApplicationEncryption in MotionFirewalls and Network SegmentationAllowing Administrative AccessWeb Application Firewalls and RASPAnti-DDoSIntrusion Detection and Prevention SystemsEgress FilteringData Loss PreventionSummary
7. Detecting, Responding to, and Recovering from Security Incidents
Differences from Traditional ITWhat to WatchPrivileged User AccessLogs from Defensive ToolingCloud Service Logs and MetricsOperating System Logs and MetricsMiddleware LogsSecrets ServerYour ApplicationHow to WatchAggregation and RetentionParsing LogsSearching and CorrelationAlerting and Automated ResponseSecurity Information and Event ManagersThreat HuntingPreparing for an IncidentTeamPlansToolsResponding to an IncidentCyber Kill ChainsThe OODA LoopCloud ForensicsBlocking Unauthorized AccessStopping Data Exfiltration and Command and ControlRecoveryRedeploying IT SystemsNotificationsLessons LearnedExample MetricsExample Tools for Detection, Response, and RecoveryPutting It All Together in the Sample ApplicationMonitoring the Protective SystemsMonitoring the ApplicationMonitoring the AdministratorsUnderstanding the Auditing InfrastructureSummary
Index

Overview

With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.

Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. Chris Dotson—an IBM senior technical staff member—shows you how to establish data asset management, identity and access management, vulnerability management, network security, and incident response in your cloud environment.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492037507Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills