Practical cloud security : a guide for secure design and deployment / Chris Dotson
By: Dotson, Chris [author].
Publisher: Sebastopol, CA : O'Reilly Media, ©2019Edition: First edition.Description: xii, 196 pages: illustrations; 23 cm.Content type: text Media type: unmediated Carrier type: volumeISBN: 9781492037514.Subject(s): Cloud computing -- Security measures | Computer networks -- Security measures | Computer networks -- Access controlGenre/Form: Print books.| Current location | Call number | Status | Date due | Barcode | Item holds |
|---|---|---|---|---|---|
| On Shelf | QA76.585 .D687 2019 (Browse shelf) | Available | AU00000000014279 |
Description based on print version record.
Includes bibliographical references and index
Intro; Copyright; Table of Contents; Preface; Conventions Used in This Book; O'Reilly Online Learning Platform; How to Contact Us; Acknowledgments; Chapter 1. Principles and Concepts; Least Privilege; Defense in Depth; Threat Actors, Diagrams, and Trust Boundaries; Cloud Delivery Models; The Cloud Shared Responsibility Model; Risk Management; Chapter 2. Data Asset Management and Protection; Data Identification and Classification; Example Data Classification Levels; Relevant Industry or Regulatory Requirements; Data Asset Management in the Cloud; Tagging Cloud Resources Protecting Data in the CloudTokenization; Encryption; Summary; Chapter 3. Cloud Asset Management and Protection; Differences from Traditional IT; Types of Cloud Assets; Compute Assets; Storage Assets; Network Assets; Asset Management Pipeline; Procurement Leaks; Processing Leaks; Tooling Leaks; Findings Leaks; Tagging Cloud Assets; Summary; Chapter 4. Identity and Access Management; Differences from Traditional IT; Life Cycle for Identity and Access; Request; Approve; Create, Delete, Grant, or Revoke; Authentication; Cloud IAM Identities; Business-to-Consumer and Business-to-Employee Multi-Factor AuthenticationPasswords and API Keys; Shared IDs; Federated Identity; Single Sign-On; Instance Metadata and Identity Documents; Secrets Management; Authorization; Centralized Authorization; Roles; Revalidate; Putting It All Together in the Sample Application; Summary; Chapter 5. Vulnerability Management; Differences from Traditional IT; Vulnerable Areas; Data Access; Application; Middleware; Operating System; Network; Virtualized Infrastructure; Physical Infrastructure; Finding and Fixing Vulnerabilities; Network Vulnerability Scanners Agentless Scanners and Configuration ManagementAgent-Based Scanners and Configuration Management; Cloud Provider Security Management Tools; Container Scanners; Dynamic Application Scanners (DAST); Static Application Scanners (SAST); Software Composition Analysis Scanners (SCA); Interactive Application Scanners (IAST); Runtime Application Self-Protection Scanners (RASP); Manual Code Reviews; Penetration Tests; User Reports; Example Tools for Vulnerability and Configuration Management; Risk Management Processes; Vulnerability Management Metrics; Tool Coverage; Mean Time to Remediate Systems/Applications with Open VulnerabilitiesPercentage of False Positives; Percentage of False Negatives; Vulnerability Recurrence Rate; Change Management; Putting It All Together in the Sample Application; Summary; Chapter 6. Network Security; Differences from Traditional IT; Concepts and Definitions; Whitelists and Blacklists; DMZs; Proxies; Software-Defined Networking; Network Features Virtualization; Overlay Networks and Encapsulation; Virtual Private Clouds; Network Address Translation; IPv6; Putting It All Together in the Sample Application; Encryption in Motion
This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.