Cloud Native Security Cookbook

Cloud Native Security Cookbook

by Josh Armitage
Released April 2022
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098106300

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

With the rise of the cloud, every aspect of IT has been shaken to its core. The fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable. This practical book provides recipes for AWS, Azure, and GCP to help you enhance the security of your own cloud native systems.

Based on his hard-earned experience working with some of the world's biggest enterprises and rapidly iterating startups, consultant Josh Armitage covers the trade-offs that security professionals, developers, and infrastructure gurus need to make when working with different cloud providers. Each recipe discusses these inherent compromises, as well as where clouds have similarities and where they're fundamentally different.

  • Learn how the cloud provides security superior to what was achievable in an on-premises world
  • Understand the principles and mental models that enable you to make optimal trade-offs as part of your solution
  • Learn how to implement existing solutions that are robust and secure, and devise design solutions to new and interesting problems
  • Deal with security challenges and solutions both horizontally and vertically within your business

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Who This Book Is For
    2. How This Book Is Organized
    3. What You Need to Use This Book
    4. Conventions Used in This Book
    5. Using Code Examples
    6. O’Reilly Online Learning
    7. How to Contact Us
    8. Acknowledgments
  2. 1. Security in the Modern Organization
    1. 1.1. Why Security Is Critical
    2. 1.2. What Is Meant by Cloud Native Security?
    3. 1.3. Where Security Fits in the Modern Organization
    4. 1.4. The Purpose of Modern Security
    5. 1.5. DevSecOps
    6. 1.6. How to Measure the Impact of Security
    7. 1.7. The Principles of Security
  3. 2. Setting Up Accounts and Users
    1. 2.1. Scalable Project Structures on GCP
    2. 2.2. Scalable Account Structures on AWS
    3. 2.3. Scalable Subscription Structures on Azure
    4. 2.4. Region Locking on GCP
    5. 2.5. Region Locking on AWS
    6. 2.6. Region Locking on Azure
    7. 2.7. Centralizing Users on GCP
    8. 2.8. Centralizing Users on AWS
    9. 2.9. Centralizing Users on Azure
  4. 3. Getting Security Visibility at Scale
    1. 3.1. Building a Cloud Native Security Operations Center on GCP
    2. 3.2. Building a Cloud Native Security Operations Center on AWS
    3. 3.3. Building a Cloud Native Security Operations Center on Azure
    4. 3.4. Centralizing Logs on GCP
    5. 3.5. Centralizing Logs on AWS
    6. 3.6. Centralizing Logs on Azure
    7. 3.7. Log Anomaly Alerting on GCP
    8. 3.8. Log Anomaly Alerting on AWS
    9. 3.9. Log Anomaly Alerting on Azure
    10. 3.10. Building an Infrastructure Registry on GCP
    11. 3.11. Building an Infrastructure Registry on AWS
    12. 3.12. Building an Infrastructure Registry on Azure
  5. 4. Protecting Your Data
    1. 4.1. Encrypting Data at Rest on GCP
    2. 4.2. Encrypting Data at Rest on AWS
    3. 4.3. Encrypting Data at Rest on Azure
    4. 4.4. Encrypting Data on GCP with Your Own Keys
    5. 4.5. Encrypting Data on AWS with Your Own Keys
    6. 4.6. Encrypting Data on Azure with Your Own Keys
    7. 4.7. Enforcing In-Transit Data Encryption on GCP
    8. 4.8. Enforcing In-Transit Data Encryption on AWS
    9. 4.9. Enforcing In-Transit Data Encryption on Azure
    10. 4.10. Preventing Data Loss on GCP
    11. 4.11. Preventing Data Loss on AWS
    12. 4.12. Preventing Data Loss on Azure
  6. 5. Secure Networking
    1. 5.1. Networking Foundations on GCP
    2. 5.2. Networking Foundations on AWS
    3. 5.3. Networking Foundations on Azure
    4. 5.4. Enabling External Access on GCP
    5. 5.5. Enabling External Access on AWS
    6. 5.6. Enabling External Access on Azure
    7. 5.7. Allowing Access to Internal Resources on GCP
    8. 5.8. Allowing Access to Internal Resources on AWS
    9. 5.9. Allowing Access to Internal Resources on Azure
    10. 5.10. Controlling External Network Connectivity on GCP
    11. 5.11. Controlling External Network Connectivity on AWS
    12. 5.12. Controlling External Network Connectivity on Azure
    13. 5.13. Private Application Access on GCP
    14. 5.14. Private Application Access on AWS
    15. 5.15. Private Application Access on Azure
  7. 6. Infrastructure as Code
    1. 6.1. Building Secure Infrastructure Defaults on GCP
    2. 6.2. Building Secure Infrastructure Defaults on AWS
    3. 6.3. Building Secure Infrastructure Defaults on Azure
    4. 6.4. Functions as a Service on GCP
    5. 6.5. Functions as a Service on AWS
    6. 6.6. Functions as a Service on Azure
    7. 6.7. Robust Deployment on GCP
    8. 6.8. Robust Deployment on AWS
    9. 6.9. Robust Deployment on Azure
    10. 6.10. Deployment at Scale on GCP
    11. 6.11. Deployment at Scale on AWS
    12. 6.12. Deployment at Scale on Azure
  8. 7. Compliance as Code
    1. 7.1. Labeling Resources on GCP
    2. 7.2. Tagging Resources on AWS
    3. 7.3. Tagging Resources on Azure
    4. 7.4. Detecting Noncompliant Infrastructure on GCP
    5. 7.5. Detecting Noncompliant Infrastructure on AWS
    6. 7.6. Detecting Noncompliant Infrastructure on Azure
    7. 7.7. Preventing Noncompliant Infrastructure on GCP
    8. 7.8. Preventing Noncompliant Infrastructure on AWS
    9. 7.9. Preventing Noncompliant Infrastructure on Azure
    10. 7.10. Remediating Noncompliant Infrastructure on GCP
    11. 7.11. Remediating Noncompliant Infrastructure on AWS
    12. 7.12. Remediating Noncompliant Infrastructure on Azure
  9. 8. Providing Internal Security Services
    1. 8.1. Protecting Security Assets and Controls on GCP
    2. 8.2. Protecting Security Assets and Controls on AWS
    3. 8.3. Protecting Security Assets and Controls on Azure
    4. 8.4. Understanding Machine Status at Scale on GCP
    5. 8.5. Understanding Machine Status at Scale on AWS
    6. 8.6. Understanding Machine Status at Scale on Azure
    7. 8.7. Patching at Scale on GCP
    8. 8.8. Patching at Scale on AWS
    9. 8.9. Patching at Scale on Azure
    10. 8.10. Data Backup on GCP
    11. 8.11. Data Backup on AWS
    12. 8.12. Data Backup on Azure
  10. 9. Enabling Teams
    1. 9.1. Enabling Project Sharing on GCP
    2. 9.2. Enabling Account Sharing on AWS
    3. 9.3. Enabling Resource Group Sharing on Azure
    4. 9.4. Application Security Scanning on GCP
    5. 9.5. Application Security Scanning on AWS
    6. 9.6. Application Security Scanning on Azure
  11. 10. Security in the Future
    1. 10.1. The Infinite Game
    2. 10.2. Building Capability
    3. 10.3. Building Situational Awareness
    4. 10.4. Conclusion
  12. 11. Terraform Primer
    1. 11.1. Authenticating with GCP
    2. 11.2. Authenticating with AWS
    3. 11.3. Authenticating with Azure
  13. Index
  14. About the Author

Product information

  • Title: Cloud Native Security Cookbook
  • Author(s): Josh Armitage
  • Release date: April 2022
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098106300