Security Architecture for Hybrid Cloud

Security Architecture for Hybrid Cloud

by Mark Buckwell, Stefaan Van daele, Carsten Horst
Released July 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098157777

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

As the transformation to hybrid multicloud accelerates, businesses require a structured approach to securing their workloads. Adopting zero trust principles demands a systematic set of practices to deliver secure solutions. Regulated businesses, in particular, demand rigor in the architectural process to ensure the effectiveness of security controls and continued protection.

This book provides the first comprehensive method for hybrid multicloud security, integrating proven architectural techniques to deliver a comprehensive end-to-end security method with compliance, threat modeling, and zero trust practices. This method ensures repeatability and consistency in the development of secure solution architectures.

Architects will learn how to effectively identify threats and implement countermeasures through a combination of techniques, work products, and a demonstrative case study to reinforce learning. You'll examine:

  • The importance of developing a solution architecture that integrates security for clear communication
  • Roles that security architects perform and how the techniques relate to nonsecurity subject matter experts
  • How security solution architecture is related to design thinking, enterprise security architecture, and engineering
  • How architects can integrate security into a solution architecture for applications and infrastructure using a consistent end-to-end set of practices
  • How to apply architectural thinking to the development of new security solutions

About the authors

Mark Buckwell is a cloud security architect at IBM with 30 years of information security experience.

Carsten Horst with more than 20 years of experience in Cybersecurity is a certified security architect and Associate Partner at IBM.

Stefaan Van daele has 25 years experience in Cybersecurity and is a Level 3 certified security architect at IBM.

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Audience
    2. Contents of This Book
    3. Conventions Used in This Book
    4. Using Figure and Table Examples
    5. O’Reilly Online Learning
    6. How to Contact Us
    7. Acknowledgments
      1. Acknowledgments from Mark Buckwell
      2. Acknowledgments from Stefaan Van daele
      3. Acknowledgments from Carsten Horst
  2. I. Concepts
  3. 1. Introduction
    1. Foundational Security Techniques
      1. Data-Centric Security
      2. Secure by Design with Threat Modeling
      3. Zero Trust Architecture
      4. Compliance Management
      5. Users of the Security Techniques
    2. Architect Roles for Security
      1. Security Architect
      2. Infrastructure and Application Architect
      3. Security Champion
    3. Book Structure
      1. Artifact Framework
      2. Artifact Dependency Diagram
      3. Case Study
      4. Book Organization
      5. Solution Architecture Decomposition
      6. Method Techniques
    4. Summary
    5. Further Reading
    6. Exercises
  4. 2. Architecture Concepts
    1. From Design Thinking to Compliance
      1. Design Thinking and Consulting Practices
      2. Transitioning to Architectural Thinking
      3. Transitioning to Engineering
      4. Operational Thinking
      5. Enterprise Context
      6. Compliance
      7. Waterfall to Agile Delivery
      8. Security Architecture in Agile
    2. Enterprise and Solution Architecture
      1. Enterprise Architecture
      2. Solution Architecture
    3. Zero Trust Architecture
      1. Core Architecture Components
      2. Architectural Thinking Integration
      3. Zero Trust Solutions
    4. Technique: Enterprise Security Architecture
      1. Security Processes or Services?
      2. Enterprise Architecture Decomposition
      3. Security Services Responsibilities
      4. Cloud Controls Mapping
      5. Security Service Design
    5. Summary
    6. Exercises
  5. II. Plan
  6. 3. Enterprise Context
    1. Chapter Artifacts
    2. External Context
      1. Laws and Regulations
      2. Industry or Expert Organization Best Practices
      3. Corporate Expectations
      4. Consumer Expectations
      5. Threat Landscape
      6. Cybersecurity Vulnerabilities
    3. Internal Context
      1. Business and Information Systems Strategy
      2. Current IT Environment and Security Control Plane
      3. Policies, Practices, and Standards
      4. Risk Management
      5. Enterprise Architecture
      6. Guiding Principles
      7. Architecture Patterns and Automation
      8. Enterprise Processes
    4. Summary
    5. Exercises
  7. 4. Requirements and Constraints
    1. Chapter Artifacts
    2. Requirements Concepts
      1. Functional Requirements
      2. Non-Functional Requirements
      3. Constraints
      4. Specifying Quality Requirements
      5. Prioritizing Requirements
    3. Specifying Functional Requirements
      1. Use Cases
      2. Journey Maps
      3. User Stories
      4. Swimlane Diagrams
      5. Separation of Duties Matrices
    4. Case Study: Process Definition
    5. Specifying Non-Functional Requirements
      1. Sources of Non-Functional Requirements
      2. Non-Functional Requirement Dependencies
      3. Documenting Non-Functional Requirements
      4. Improving Requirement Specification
    6. Case Study: Specifying a Requirements Catalog
      1. Identifying Security Requirements
      2. Elaborating Security Requirements
      3. Rewriting Security Requirements
    7. Requirements Traceability
    8. Summary
    9. Exercises
  8. III. Design
  9. 5. System Context
    1. Chapter Artifacts
    2. Data Protection
      1. Value of Data
      2. Data Security Lifecycle
      3. Metadata
      4. Zero Trust and Data Flows
    3. System Context Diagram
      1. System and Security Architect Roles
      2. System Context Concepts
      3. Business and IT Context
    4. Case Study: System Context Diagram
      1. Identifying Human Actors
      2. Identifying System Actors
      3. Documenting the System Context
    5. Information Asset Register
      1. Data Classification
      2. Actor Use Case and Data
    6. Summary
    7. Exercises
  10. 6. Application Security
    1. Chapter Artifacts
    2. Functional Viewpoint
    3. Component Architecture
      1. Component Architecture Diagram
      2. Sequence Diagram
      3. Collaboration Diagram
      4. Data Flow Diagram
      5. Component Architectural Thinking Process
    4. Case Study: Component Architecture
    5. Security Concepts
    6. Threat Modeling
      1. Identify Boundaries
      2. Identify Assets
      3. Identify Threat Actors
      4. Identify Threats
      5. Identify Controls
      6. Prioritization of Controls
      7. Threat Modeling Tools
    7. Case Study: Threat Model
    8. Summary
    9. Exercises
  11. 7. Shared Responsibilities
    1. Chapter Artifacts
    2. Cloud Computing Concepts
      1. Cloud Computing Benefits
      2. Cloud Service Models
      3. Cloud Computing Platforms
      4. Cloud Security Responsibilities
      5. Landing Zones
      6. Hybrid Cloud Architecture
      7. Using the Hybrid Cloud Architecture Diagram
    3. Shared Responsibilities Model
      1. Shared Responsibilities Stack Diagram
      2. Cloud Service Provider Responsibilities
      3. Cloud User Responsibilities
      4. Cloud Security Policy Responsibility
    4. Case Study: Shared Responsibility Model
      1. Identifying PaaS Services
      2. Identifying SaaS Services
      3. Identifying the Compute Platforms
      4. Identifying Environments
      5. Documenting a Shared Responsibilities Stack Diagram
    5. Summary
    6. Exercises
  12. 8. Infrastructure Security
    1. Chapter Artifacts
    2. Deployment Viewpoint
      1. Deployment Architecture
      2. Deployment Architecture Diagram
      3. Deployment Architecture and Supporting Documentation
      4. Architecting Infrastructure Security
      5. Network Segmentation
    3. Case Study: Deployment Architecture Diagram
    4. Zero Trust-Based Security Infrastructure
      1. Network-Based Solutions
      2. Service Mesh Solutions
      3. Endpoint-Based Solutions
      4. Identity and Access Management
      5. Architecting Zero Trust Practices
    5. Case Study: Zero Trust
    6. Cloud Architecture
      1. Organizing Cloud Security
      2. Cloud Architecture Diagram
      3. High Availability
    7. Case Study: Cloud Architecture Diagram
    8. Summary
    9. Exercises
  13. 9. Architecture Patterns and Decisions
    1. Chapter Artifacts
    2. Architecture Patterns
      1. Solution Architecture Patterns
      2. Solution Design Patterns
    3. Deployable Architecture
      1. A Distributed Version Control System
      2. Continuous Integration/Continuous Delivery (CI/CD) Pipeline
      3. Infrastructure as Code Toolchain
      4. Using a Deployable Architecture
    4. Architectural Decisions
      1. Documenting Architectural Decision Records
      2. Forms of Architectural Decision
      3. Managing Architectural Decisions
    5. Case Study: Architectural Decision
    6. Summary
    7. Exercises
  14. IV. Build
  15. 10. Secure Development and Assurance
    1. Chapter Artifacts
    2. The Software Development Lifecycle
    3. From DevOps to DevSecOps
      1. Design
      2. Develop
      3. Build and Package
      4. Deploy, Test, and Release
      5. Operate and Monitor
    4. Security Assurance
    5. Cloud Security Operating Model
    6. Risks, Assumptions, Issues, and Dependencies
    7. Case Study: RAID Log
    8. Summary
    9. Exercises
  16. V. Run
  17. 11. Security Operations
    1. Chapter Artifacts
    2. Shared Responsibilities
    3. Defining Processes, Procedures, and Work Instructions
    4. Case Study: Vulnerability Management Service
      1. Process Definition
      2. Procedures and Work Instructions Definition
    5. Case Study: Deployment Architecture Update
    6. Threat Detection Use Case
    7. Case Study: Threat Detection Use Case
    8. Incident Response Runbook
    9. Case Study: Incident Response Runbook
    10. Threat Traceability Matrix
    11. Summary
    12. Exercises
  18. VI. Close
  19. 12. Closing Thoughts
    1. Getting Started
      1. Don’t Forget the Basics
      2. Minimum Viable Artifacts
      3. Iterate for Maturity
      4. Get the Balance Right
      5. Security Silos
    2. Artificial Intelligence in Security Architecture
      1. AI for Security
      2. Securing AI
    3. Summary
    4. Go Learn, Practice, and Share
    5. Exercises
  20. A. Case Study
    1. Clean Air Guildford Case Study
  21. B. Artifact Mapping
  22. C. Exercise Solutions
    1. Chapter 1. Introduction
    2. Chapter 2. Architecture Concepts
    3. Chapter 3. Enterprise Context
    4. Chapter 4. Requirements and Constraints
    5. Chapter 5. System Context
    6. Chapter 6. Application Security
    7. Chapter 7. Shared Responsibilities
    8. Chapter 8. Infrastructure Security
    9. Chapter 9. Architecture Patterns and Decisions
    10. Chapter 10. Secure Development and Assurance
    11. Chapter 11. Security Operations
    12. Chapter 12. Closing Thoughts
  23. Index
  24. About the Authors

Product information

  • Title: Security Architecture for Hybrid Cloud
  • Author(s): Mark Buckwell, Stefaan Van daele, Carsten Horst
  • Release date: July 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098157777