book

Security Architecture for Hybrid Cloud

by Mark Buckwell, Stefaan Van daele, Carsten Horst

July 2024

Intermediate to advanced

476 pages

12h 37m

English

O'Reilly Media, Inc.

Audio summary available

Read now

Unlock full access

Includes

Quizzes

Preface
AudienceContents of This BookConventions Used in This BookUsing Figure and Table ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgmentsAcknowledgments from Mark BuckwellAcknowledgments from Stefaan Van daeleAcknowledgments from Carsten Horst
I. Concepts
1. Introduction
Foundational Security TechniquesData-Centric SecuritySecure by Design with Threat ModelingZero Trust ArchitectureCompliance ManagementUsers of the Security TechniquesArchitect Roles for SecuritySecurity ArchitectInfrastructure and Application ArchitectSecurity ChampionBook StructureArtifact FrameworkArtifact Dependency DiagramCase StudyBook OrganizationSolution Architecture DecompositionMethod TechniquesSummaryFurther ReadingExercises
2. Architecture Concepts
From Design Thinking to ComplianceDesign Thinking and Consulting PracticesTransitioning to Architectural ThinkingTransitioning to EngineeringOperational ThinkingEnterprise ContextComplianceWaterfall to Agile DeliverySecurity Architecture in AgileEnterprise and Solution ArchitectureEnterprise ArchitectureSolution ArchitectureZero Trust ArchitectureCore Architecture ComponentsArchitectural Thinking IntegrationZero Trust SolutionsTechnique: Enterprise Security ArchitectureSecurity Processes or Services?Enterprise Architecture DecompositionSecurity Services ResponsibilitiesCloud Controls MappingSecurity Service DesignSummaryExercises
II. Plan
3. Enterprise Context
Chapter ArtifactsExternal ContextLaws and RegulationsIndustry or Expert Organization Best PracticesCorporate ExpectationsConsumer ExpectationsThreat LandscapeCybersecurity VulnerabilitiesInternal ContextBusiness and Information Systems StrategyCurrent IT Environment and Security Control PlanePolicies, Practices, and StandardsRisk ManagementEnterprise ArchitectureGuiding PrinciplesArchitecture Patterns and AutomationEnterprise ProcessesSummaryExercises
4. Requirements and Constraints
Chapter ArtifactsRequirements ConceptsFunctional RequirementsNon-Functional RequirementsConstraintsSpecifying Quality RequirementsPrioritizing RequirementsSpecifying Functional RequirementsUse CasesJourney MapsUser StoriesSwimlane DiagramsSeparation of Duties MatricesCase Study: Process DefinitionSpecifying Non-Functional RequirementsSources of Non-Functional RequirementsNon-Functional Requirement DependenciesDocumenting Non-Functional RequirementsImproving Requirement SpecificationCase Study: Specifying a Requirements CatalogIdentifying Security RequirementsElaborating Security RequirementsRewriting Security RequirementsRequirements TraceabilitySummaryExercises
III. Design
5. System Context
Chapter ArtifactsData ProtectionValue of DataData Security LifecycleMetadataZero Trust and Data FlowsSystem Context DiagramSystem and Security Architect RolesSystem Context ConceptsBusiness and IT ContextCase Study: System Context DiagramIdentifying Human ActorsIdentifying System ActorsDocumenting the System ContextInformation Asset RegisterData ClassificationActor Use Case and DataSummaryExercises
6. Application Security
Chapter ArtifactsFunctional ViewpointComponent ArchitectureComponent Architecture DiagramSequence DiagramCollaboration DiagramData Flow DiagramComponent Architectural Thinking ProcessCase Study: Component ArchitectureSecurity ConceptsThreat ModelingIdentify BoundariesIdentify AssetsIdentify Threat ActorsIdentify ThreatsIdentify ControlsPrioritization of ControlsThreat Modeling ToolsCase Study: Threat ModelSummaryExercises

7. Shared Responsibilities
Chapter ArtifactsCloud Computing ConceptsCloud Computing BenefitsCloud Service ModelsCloud Computing PlatformsCloud Security ResponsibilitiesLanding ZonesHybrid Cloud ArchitectureUsing the Hybrid Cloud Architecture DiagramShared Responsibilities ModelShared Responsibilities Stack DiagramCloud Service Provider ResponsibilitiesCloud User ResponsibilitiesCloud Security Policy ResponsibilityCase Study: Shared Responsibility ModelIdentifying PaaS ServicesIdentifying SaaS ServicesIdentifying the Compute PlatformsIdentifying EnvironmentsDocumenting a Shared Responsibilities Stack DiagramSummaryExercises
8. Infrastructure Security
Chapter ArtifactsDeployment ViewpointDeployment ArchitectureDeployment Architecture DiagramDeployment Architecture and Supporting DocumentationArchitecting Infrastructure SecurityNetwork SegmentationCase Study: Deployment Architecture DiagramZero Trust-Based Security InfrastructureNetwork-Based SolutionsService Mesh SolutionsEndpoint-Based SolutionsIdentity and Access ManagementArchitecting Zero Trust PracticesCase Study: Zero TrustCloud ArchitectureOrganizing Cloud SecurityCloud Architecture DiagramHigh AvailabilityCase Study: Cloud Architecture DiagramSummaryExercises
9. Architecture Patterns and Decisions
Chapter ArtifactsArchitecture PatternsSolution Architecture PatternsSolution Design PatternsDeployable ArchitectureA Distributed Version Control SystemContinuous Integration/Continuous Delivery (CI/CD) PipelineInfrastructure as Code ToolchainUsing a Deployable ArchitectureArchitectural DecisionsDocumenting Architectural Decision RecordsForms of Architectural DecisionManaging Architectural DecisionsCase Study: Architectural DecisionSummaryExercises
IV. Build
10. Secure Development and Assurance
Chapter ArtifactsThe Software Development LifecycleFrom DevOps to DevSecOpsDesignDevelopBuild and PackageDeploy, Test, and ReleaseOperate and MonitorSecurity AssuranceCloud Security Operating ModelRisks, Assumptions, Issues, and DependenciesCase Study: RAID LogSummaryExercises
V. Run
11. Security Operations
Chapter ArtifactsShared ResponsibilitiesDefining Processes, Procedures, and Work InstructionsCase Study: Vulnerability Management ServiceProcess DefinitionProcedures and Work Instructions DefinitionCase Study: Deployment Architecture UpdateThreat Detection Use CaseCase Study: Threat Detection Use CaseIncident Response RunbookCase Study: Incident Response RunbookThreat Traceability MatrixSummaryExercises
VI. Close
12. Closing Thoughts
Getting StartedDon’t Forget the BasicsMinimum Viable ArtifactsIterate for MaturityGet the Balance RightSecurity SilosArtificial Intelligence in Security ArchitectureAI for SecuritySecuring AISummaryGo Learn, Practice, and ShareExercises
A. Case Study
Clean Air Guildford Case Study
B. Artifact Mapping
C. Exercise Solutions
Chapter 1. IntroductionChapter 2. Architecture ConceptsChapter 3. Enterprise ContextChapter 4. Requirements and ConstraintsChapter 5. System ContextChapter 6. Application SecurityChapter 7. Shared ResponsibilitiesChapter 8. Infrastructure SecurityChapter 9. Architecture Patterns and DecisionsChapter 10. Secure Development and AssuranceChapter 11. Security OperationsChapter 12. Closing Thoughts
Index
About the Authors

Overview

As the transformation to hybrid multicloud accelerates, businesses require a structured approach to securing their workloads. Adopting zero trust principles demands a systematic set of practices to deliver secure solutions. Regulated businesses, in particular, demand rigor in the architectural process to ensure the effectiveness of security controls and continued protection.

This book provides the first comprehensive method for hybrid multicloud security, integrating proven architectural techniques to deliver a comprehensive end-to-end security method with compliance, threat modeling, and zero trust practices. This method ensures repeatability and consistency in the development of secure solution architectures.

Architects will learn how to effectively identify threats and implement countermeasures through a combination of techniques, work products, and a demonstrative case study to reinforce learning. You'll examine:

The importance of developing a solution architecture that integrates security for clear communication
Roles that security architects perform and how the techniques relate to nonsecurity subject matter experts
How security solution architecture is related to design thinking, enterprise security architecture, and engineering
How architects can integrate security into a solution architecture for applications and infrastructure using a consistent end-to-end set of practices
How to apply architectural thinking to the development of new security solutions

About the authors

Mark Buckwell is a cloud security architect at IBM with 30 years of information security experience.

Carsten Horst with more than 20 years of experience in Cybersecurity is a certified security architect and Associate Partner at IBM.

Stefaan Van daele has 25 years experience in Cybersecurity and is a Level 3 certified security architect at IBM.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098157760Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills