With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.
Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. IBM Distinguished Engineer Chris Dotson shows you how to establish data asset management, identity and access management (IAM), vulnerability management, network security, and incident response in your cloud environment.
• Learn the latest threats and challenges in the cloud security space
• Manage cloud providers that store or process data or deliver administrative control
• Learn how standard principles and concepts—such as least privilege and defense in depth—apply in the cloud
• Understand the critical role played by IAM in the cloud
• Use best tactics for detecting, responding, and recovering from the most common security incidents
• Manage various types of vulnerabilities, especially those common in multicloud or hybrid cloud architectures
• Examine privileged access management in cloud environments
Author(s): Chris Dotson
Edition: 2
Publisher: O'Reilly Media
Year: 2023
Language: English
Commentary: Publisher's PDF
Pages: 228
City: Sebastopol, CA
Tags: Cloud Computing; Security; Network Security; Incident Response; Access Management; Vulnerability Management; Asset Management; Zero Trust Networks; Access Control; Authentication; Data Asset Management
Cover
Copyright
Table of Contents
Preface
Who Should Read This Book
Navigating This Book
What’s New in the Second Edition
Conventions Used in This Book
O’Reilly Online Learning Platform
How to Contact Us
Acknowledgments
Chapter 1. Principles and Concepts
Least Privilege
Defense in Depth
Zero Trust
Threat Actors, Diagrams, and Trust Boundaries
Cloud Service Delivery Models
The Cloud Shared Responsibility Model
Risk Management
Conclusion
Exercises
Chapter 2. Data Asset Management and Protection
Data Identification and Classification
Example Data Classification Levels
Relevant Industry or Regulatory Requirements
Data Asset Management in the Cloud
Tagging Cloud Resources
Protecting Data in the Cloud
Tokenization
Encryption
Conclusion
Exercises
Chapter 3. Cloud Asset Management and Protection
Differences from Traditional IT
Types of Cloud Assets
Compute Assets
Storage Assets
Network Assets
Asset Management Pipeline
Procurement Leaks
Processing Leaks
Tooling Leaks
Findings Leaks
Tagging Cloud Assets
Conclusion
Exercises
Chapter 4. Identity and Access Management
Differences from Traditional IT
Life Cycle for Identity and Access
Request
Approve
Create, Delete, Grant, or Revoke
Authentication
Cloud IAM Identities
Business-to-Consumer and Business-to-Employee
Multi-Factor Authentication
Passwords, Passphrases, and API Keys
Shared IDs
Federated Identity
Single Sign-On
Instance Metadata and Identity Documents
Secrets Management
Authorization
Centralized Authorization
Roles
Revalidate
Putting It All Together in the Sample Application
Conclusion
Exercises
Chapter 5. Vulnerability Management
Differences from Traditional IT
Vulnerable Areas
Data Access
Application
Middleware
Operating System
Network
Virtualized Infrastructure
Physical Infrastructure
Finding and Fixing Vulnerabilities
Network Vulnerability Scanners
Agentless Scanners and Configuration Management Systems
Agent-Based Scanners and Configuration Management Systems
Cloud Workload Protection Platforms
Container Scanners
Dynamic Application Scanners (DAST)
Static Application Scanners (SAST)
Software Composition Analysis Tools (SCA)
Interactive Application Scanners (IAST)
Runtime Application Self-Protection Scanners (RASP)
Manual Code Reviews
Penetration Tests
User Reports
Example Tools for Vulnerability and Configuration Management
Risk Management Processes
Vulnerability Management Metrics
Tool Coverage
Mean Time to Remediate
Systems/Applications with Open Vulnerabilities
Percentage of False Positives
Percentage of False Negatives
Vulnerability Recurrence Rate
Change Management
Putting It All Together in the Sample Application
Conclusion
Exercises
Chapter 6. Network Security
Differences from Traditional IT
Concepts and Definitions
Zero Trust Networking
Allowlists and Denylists
DMZs
Proxies
Software-Defined Networking
Network Functions Virtualization
Overlay Networks and Encapsulation
Virtual Private Clouds
Network Address Translation
IPv6
Network Defense in Action in the Sample Application
Encryption in Motion
Firewalls and Network Segmentation
Allowing Administrative Access
Network Defense Tools
Egress Filtering
Data Loss Prevention
Conclusion
Exercises
Chapter 7. Detecting, Responding to, and Recovering from Security Incidents
Differences from Traditional IT
What to Watch
Privileged User Access
Logs from Defensive Tooling
Cloud Service Logs and Metrics
Operating System Logs and Metrics
Middleware Logs
Secrets Server
Your Application
How to Watch
Aggregation and Retention
Parsing Logs
Searching and Correlation
Alerting and Automated Response
Security Information and Event Managers
Threat Hunting
Preparing for an Incident
Team
Plans
Tools
Responding to an Incident
Cyber Kill Chains and MITRE ATT&CK
The OODA Loop
Cloud Forensics
Blocking Unauthorized Access
Stopping Data Exfiltration and Command and Control
Recovery
Redeploying IT Systems
Notifications
Lessons Learned
Example Metrics
Example Tools for Detection, Response, and Recovery
Detection and Response in a Sample Application
Monitoring the Protective Systems
Monitoring the Application
Monitoring the Administrators
Understanding the Auditing Infrastructure
Conclusion
Exercises
Appendix. Exercise Solutions
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Index
About the Author
Colophon
