Book description
With the rise of the cloud, every aspect of IT has been shaken to its core. The fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable. This practical book provides recipes for AWS, Azure, and GCP to help you enhance the security of your own cloud native systems.
Based on his hard-earned experience working with some of the world's biggest enterprises and rapidly iterating startups, consultant Josh Armitage covers the trade-offs that security professionals, developers, and infrastructure gurus need to make when working with different cloud providers. Each recipe discusses these inherent compromises, as well as where clouds have similarities and where they're fundamentally different.
- Learn how the cloud provides security superior to what was achievable in an on-premises world
- Understand the principles and mental models that enable you to make optimal trade-offs as part of your solution
- Learn how to implement existing solutions that are robust and secure, and devise design solutions to new and interesting problems
- Deal with security challenges and solutions both horizontally and vertically within your business
Publisher resources
Table of contents
- Preface
- 1. Security in the Modern Organization
-
2. Setting Up Accounts and Users
- 2.1. Scalable Project Structures on GCP
- 2.2. Scalable Account Structures on AWS
- 2.3. Scalable Subscription Structures on Azure
- 2.4. Region Locking on GCP
- 2.5. Region Locking on AWS
- 2.6. Region Locking on Azure
- 2.7. Centralizing Users on GCP
- 2.8. Centralizing Users on AWS
- 2.9. Centralizing Users on Azure
-
3. Getting Security Visibility at Scale
- 3.1. Building a Cloud Native Security Operations Center on GCP
- 3.2. Building a Cloud Native Security Operations Center on AWS
- 3.3. Building a Cloud Native Security Operations Center on Azure
- 3.4. Centralizing Logs on GCP
- 3.5. Centralizing Logs on AWS
- 3.6. Centralizing Logs on Azure
- 3.7. Log Anomaly Alerting on GCP
- 3.8. Log Anomaly Alerting on AWS
- 3.9. Log Anomaly Alerting on Azure
- 3.10. Building an Infrastructure Registry on GCP
- 3.11. Building an Infrastructure Registry on AWS
- 3.12. Building an Infrastructure Registry on Azure
-
4. Protecting Your Data
- 4.1. Encrypting Data at Rest on GCP
- 4.2. Encrypting Data at Rest on AWS
- 4.3. Encrypting Data at Rest on Azure
- 4.4. Encrypting Data on GCP with Your Own Keys
- 4.5. Encrypting Data on AWS with Your Own Keys
- 4.6. Encrypting Data on Azure with Your Own Keys
- 4.7. Enforcing In-Transit Data Encryption on GCP
- 4.8. Enforcing In-Transit Data Encryption on AWS
- 4.9. Enforcing In-Transit Data Encryption on Azure
- 4.10. Preventing Data Loss on GCP
- 4.11. Preventing Data Loss on AWS
- 4.12. Preventing Data Loss on Azure
-
5. Secure Networking
- 5.1. Networking Foundations on GCP
- 5.2. Networking Foundations on AWS
- 5.3. Networking Foundations on Azure
- 5.4. Enabling External Access on GCP
- 5.5. Enabling External Access on AWS
- 5.6. Enabling External Access on Azure
- 5.7. Allowing Access to Internal Resources on GCP
- 5.8. Allowing Access to Internal Resources on AWS
- 5.9. Allowing Access to Internal Resources on Azure
- 5.10. Controlling External Network Connectivity on GCP
- 5.11. Controlling External Network Connectivity on AWS
- 5.12. Controlling External Network Connectivity on Azure
- 5.13. Private Application Access on GCP
- 5.14. Private Application Access on AWS
- 5.15. Private Application Access on Azure
-
6. Infrastructure as Code
- 6.1. Building Secure Infrastructure Defaults on GCP
- 6.2. Building Secure Infrastructure Defaults on AWS
- 6.3. Building Secure Infrastructure Defaults on Azure
- 6.4. Functions as a Service on GCP
- 6.5. Functions as a Service on AWS
- 6.6. Functions as a Service on Azure
- 6.7. Robust Deployment on GCP
- 6.8. Robust Deployment on AWS
- 6.9. Robust Deployment on Azure
- 6.10. Deployment at Scale on GCP
- 6.11. Deployment at Scale on AWS
- 6.12. Deployment at Scale on Azure
-
7. Compliance as Code
- 7.1. Labeling Resources on GCP
- 7.2. Tagging Resources on AWS
- 7.3. Tagging Resources on Azure
- 7.4. Detecting Noncompliant Infrastructure on GCP
- 7.5. Detecting Noncompliant Infrastructure on AWS
- 7.6. Detecting Noncompliant Infrastructure on Azure
- 7.7. Preventing Noncompliant Infrastructure on GCP
- 7.8. Preventing Noncompliant Infrastructure on AWS
- 7.9. Preventing Noncompliant Infrastructure on Azure
- 7.10. Remediating Noncompliant Infrastructure on GCP
- 7.11. Remediating Noncompliant Infrastructure on AWS
- 7.12. Remediating Noncompliant Infrastructure on Azure
-
8. Providing Internal Security Services
- 8.1. Protecting Security Assets and Controls on GCP
- 8.2. Protecting Security Assets and Controls on AWS
- 8.3. Protecting Security Assets and Controls on Azure
- 8.4. Understanding Machine Status at Scale on GCP
- 8.5. Understanding Machine Status at Scale on AWS
- 8.6. Understanding Machine Status at Scale on Azure
- 8.7. Patching at Scale on GCP
- 8.8. Patching at Scale on AWS
- 8.9. Patching at Scale on Azure
- 8.10. Data Backup on GCP
- 8.11. Data Backup on AWS
- 8.12. Data Backup on Azure
- 9. Enabling Teams
- 10. Security in the Future
- 11. Terraform Primer
- Index
- About the Author
Product information
- Title: Cloud Native Security Cookbook
- Author(s):
- Release date: April 2022
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781098106300
You might also like
book
Cloud Native Security
Explore the latest and most comprehensive guide to securing your Cloud Native technology stack Cloud Native …
book
Cloud Native Application Security
Cloud native applications do more than just run on a different platform. The entire scope of …
book
Practical Cloud Native Security with Falco
As more and more organizations migrate their applications to the cloud, cloud native computing has become …
book
Cloud Native Infrastructure with Azure
The cloud is becoming the de facto home for companies ranging from enterprises to startups. Moving …