Cloud Security Handbook For Architects

A comprehensive guide to secure your future on Cloud KEY FEATURES ● Learn traditional security concepts in the cloud and compare data asset management with on-premises. ● Understand data asset management in the cloud and on-premises. ● Learn about adopting a DevSecOps strategy for scalability and flexibility of cloud infrastructure. ● Choose the right security solutions and design and implement native cloud controls. DESCRIPTION Cloud platforms face unique security issues and opportunities because of their evolving designs and API-driven automation. We will learn cloud-specific strategies for securing platforms such as AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure, and others. The book will help you implement data asset management, identity and access management, network security, vulnerability management, incident response, and compliance in your cloud environment. This book helps cybersecurity teams strengthen their security posture by mitigating cyber risk when "targets" shift to the cloud. The book will assist you in identifying security issues and show you how to achieve best-in-class cloud security. It also includes new cybersecurity best practices for daily, weekly, and monthly processes that you can combine with your other daily IT and security operations to meet NIST criteria. This book teaches how to leverage cloud computing by addressing the shared responsibility paradigm required to meet PCI-DSS, ISO 27001/2, and other standards. It will help you choose the right cloud security stack for your ecosystem. Moving forward, we will discuss the architecture and framework, building blocks of native cloud security controls, adoption of required security compliance, and the right culture to adopt this new paradigm shift in the ecosystem. Towards the end, we will talk about the maturity path of cloud security, along with recommendations and best practices relating to some real-life experiences. WHAT WILL YOU LEARN ● Understand the critical role of Identity and Access Management (IAM) in cloud environments. ● Address different types of security vulnerabilities in the cloud. ● Develop and apply effective incident response strategies for detecting, responding to, and recovering from security incidents. ● Establish a robust and secure security system by selecting appropriate security solutions for your cloud ecosystem. ● Ensure compliance with relevant regulations and requirements throughout your cloud journey. ● Explore container technologies and microservices design in the context of cloud security. WHO IS THIS BOOK FOR? The primary audience for this book will be the people who are directly or indirectly responsible for the cybersecurity and cloud security of the organization. This includes consultants, advisors, influencers, and those in decision-making roles who are focused on strengthening the cloud security of the organization. This book will also benefit the supporting staff, operations, and implementation teams as it will help them understand and enlighten the real picture of cloud security. The right audience includes but is not limited to Chief Information Officer (CIO), Chief Information Security Officer (CISO), Chief Technology Officer (CTO), Chief Risk Officer (CRO), Cloud Architect, Cloud Security Architect, and security practice team. TABLE OF CONTENTS SECTION I: Overview and Need to Transform to Cloud Landscape 1. Evolution of Cloud Computing and its Impact on Security 2. Understanding the Core Principles of Cloud Security and its Importance 3. Cloud Landscape Assessment and Choosing the Solution for Your Enterprise SECTION II: Building Blocks of Cloud Security Framework and Adoption Path 4. Cloud Security Architecture and Implementation Framework 5. Native Cloud Security Controls and Building Blocks 6. Examine Regulatory Compliance and Adoption path for Cloud 7. Creating and Enforcing Effective Security Policies SECTION III: Maturity Path 8. Leveraging Cloud-based Security Solutions for Security-as-a-Service 9. Cloud Security Recommendations and Best Practices

A comprehensive reference guide to securing the basic building blocks of cloud services, with actual examples for leveraging Azure, AWS, and GCP built-in services and capabilities Key FeaturesDiscover practical techniques for implementing cloud securityLearn how to secure your data and core cloud infrastructure to suit your business needsImplement encryption, detect cloud threats and misconfiguration, and achieve compliance in the cloudBook Description Securing resources in the cloud is challenging, given that each provider has different mechanisms and processes. Cloud Security Handbook helps you to understand how to embed security best practices in each of the infrastructure building blocks that exist in public clouds. This book will enable information security and cloud engineers to recognize the risks involved in public cloud and find out how to implement security controls as they design, build, and maintain environments in the cloud. You'll begin by learning about the shared responsibility model, cloud service models, and cloud deployment models, before getting to grips with the fundamentals of compute, storage, networking, identity management, encryption, and more. Next, you'll explore common threats and discover how to stay in compliance in cloud environments. As you make progress, you'll implement security in small-scale cloud environments through to production-ready large-scale environments, including hybrid clouds and multi-cloud environments. This book not only focuses on cloud services in general, but it also provides actual examples for using AWS, Azure, and GCP built-in services and capabilities. By the end of this cloud security book, you'll have gained a solid understanding of how to implement security in cloud environments effectively. What you will learnSecure compute, storage, and networking services in the cloudGet to grips with identity management in the cloudAudit and monitor cloud services from a security point of viewIdentify common threats and implement encryption solutions in cloud servicesMaintain security and compliance in the cloudImplement security in hybrid and multi-cloud environmentsDesign and maintain security in a large-scale cloud environmentWho this book is for This book is for IT or information security personnel taking their first steps in the public cloud or migrating existing environments to the cloud. Cloud engineers, cloud architects, or cloud security professionals maintaining production environments in the cloud will also benefit from this book. Prior experience of deploying virtual machines, using storage services, and networking will help you to get the most out of this book.

Did you know that the most common cloud security threats happen because of cloud service misconfigurations, not outside attacks? If you did not, you are not alone. In the on-premises world, cybersecurity risks were limited to the organization’s network, but in the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding advent of DevOps methodology, security is now the responsibility of everyone who is part of the application development life cycle, not just the security specialists. Applying the clear and pragmatic recommendations given in this book, you can reduce the cloud applications security risks in your organization. This is the book that every Azure solution architect, developer, and IT professional should have on hand when they begin their journey learning about Azure security. It demystifies the multitude of security controls and offers numerous guidelines for Azure, curtailing hours of learning fatigue and confusion. Throughout the book you will learn how to secure your applications using Azure’s native security controls. After reading this book, you will know which security guardrails are available, how effective they are, and what will be the cost of implementing them. The scenarios in this book are real and come from securing enterprise applications and infrastructure running on Azure. What You Will Learn Remediate security risks of Azure applications by implementing the right security controls at the right time Achieve a level of security and stay secure across your Azure environment by setting guardrails to automate secure configurations Protect the most common reference workloads according to security best practices Design secure access control solutions for your Azure administrative access, as well as Azure application access Who This Book Is For Cloud security architects, cloud application developers, and cloud solution architects who work with Azure. It is also a valuable resource for those IT professionals responsible for securing Azure workloads in the enterprise.

Learn how security architecture processes may be used to derive security controls to manage the risks associated with the Cloud.

With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up. Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. Chris Dotson—an IBM senior technical staff member—shows you how to establish data asset management, identity and access management, vulnerability management, network security, and incident response in your cloud environment.

For cloud users and providers alike, security is an everyday concern, yet there are very few books covering cloud security as a main subject. This book will help address this information gap from an Information Technology solution and usage-centric view of cloud infrastructure security. The book highlights the fundamental technology components necessary to build and enable trusted clouds. Here also is an explanation of the security and compliance challenges organizations face as they migrate mission-critical applications to the cloud, and how trusted clouds, that have their integrity rooted in hardware, can address these challenges. This book provides: Use cases and solution reference architectures to enable infrastructure integrity and the creation of trusted pools leveraging Intel Trusted Execution Technology (TXT). Trusted geo-location management in the cloud, enabling workload and data location compliance and boundary control usages in the cloud. OpenStack-based reference architecture of tenant-controlled virtual machine and workload protection in the cloud. A reference design to enable secure hybrid clouds for a cloud bursting use case, providing infrastructure visibility and control to organizations. "A valuable guide to the next generation of cloud security and hardware based root of trust. More than an explanation of the what and how, is the explanation of why. And why you can’t afford to ignore it!" —Vince Lubsey, Vice President, Product Development, Virtustream Inc. " Raghu provides a valuable reference for the new 'inside out' approach, where trust in hardware, software, and privileged users is never assumed—but instead measured, attested, and limited according to least privilege principles." —John Skinner, Vice President, HyTrust Inc. "Traditional parameter based defenses are in sufficient in the cloud. Raghu's book addresses this problem head-on by highlighting unique usage models to enable trusted infrastructure in this open environment. A must read if you are exposed in cloud." —Nikhil Sharma, Sr. Director of Cloud Solutions, Office of CTO, EMC Corporation

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure. Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking. Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services Discover which security management frameworks and standards are relevant for the cloud Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider Examine security delivered as a service-a different facet of cloud security

Securing Cloud Services – A pragmatic guide gives an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud. Manage the risks associated with Cloud computing – buy this book today!