Cloud Native Security Cookbook: Recipes for a Secure Cloud
With the rise of the cloud, every aspect of IT has been shaken to its core. The fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable. This practical book provides recipes for AWS, Azure, and GCP to help you enhance the security of your own cloud native systems.

Based on his hard-earned experience working with some of the world's biggest enterprises and rapidly iterating startups, consultant Josh Armitage covers the trade-offs that security professionals, developers, and infrastructure gurus need to make when working with different cloud providers. Each recipe discusses these inherent compromises, as well as where clouds have similarities and where they're fundamentally different.

  • Learn how the cloud provides security superior to what was achievable in an on-premises world
  • Understand the principles and mental models that enable you to make optimal trade-offs as part of your solution
  • Learn how to implement existing solutions that are robust and secure, and devise design solutions to new and interesting problems
  • Deal with security challenges and solutions both horizontally and vertically within your business
1140530177
Cloud Native Security Cookbook: Recipes for a Secure Cloud
With the rise of the cloud, every aspect of IT has been shaken to its core. The fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable. This practical book provides recipes for AWS, Azure, and GCP to help you enhance the security of your own cloud native systems.

Based on his hard-earned experience working with some of the world's biggest enterprises and rapidly iterating startups, consultant Josh Armitage covers the trade-offs that security professionals, developers, and infrastructure gurus need to make when working with different cloud providers. Each recipe discusses these inherent compromises, as well as where clouds have similarities and where they're fundamentally different.

  • Learn how the cloud provides security superior to what was achievable in an on-premises world
  • Understand the principles and mental models that enable you to make optimal trade-offs as part of your solution
  • Learn how to implement existing solutions that are robust and secure, and devise design solutions to new and interesting problems
  • Deal with security challenges and solutions both horizontally and vertically within your business
65.99 In Stock
Cloud Native Security Cookbook: Recipes for a Secure Cloud

Cloud Native Security Cookbook: Recipes for a Secure Cloud

by Josh Armitage
Cloud Native Security Cookbook: Recipes for a Secure Cloud
Add to Wishlist
Cloud Native Security Cookbook: Recipes for a Secure Cloud

Cloud Native Security Cookbook: Recipes for a Secure Cloud

by Josh Armitage

Overview

With the rise of the cloud, every aspect of IT has been shaken to its core. The fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable. This practical book provides recipes for AWS, Azure, and GCP to help you enhance the security of your own cloud native systems.

Based on his hard-earned experience working with some of the world's biggest enterprises and rapidly iterating startups, consultant Josh Armitage covers the trade-offs that security professionals, developers, and infrastructure gurus need to make when working with different cloud providers. Each recipe discusses these inherent compromises, as well as where clouds have similarities and where they're fundamentally different.

  • Learn how the cloud provides security superior to what was achievable in an on-premises world
  • Understand the principles and mental models that enable you to make optimal trade-offs as part of your solution
  • Learn how to implement existing solutions that are robust and secure, and devise design solutions to new and interesting problems
  • Deal with security challenges and solutions both horizontally and vertically within your business

Product Details

ISBN-13: 9781098106300
Publisher: O'Reilly Media, Incorporated
Publication date: 05/31/2022
Pages: 515
Product dimensions: 7.00(w) x 9.19(h) x (d)

About the Author

Known for a booming voice and a severely lacking sense of humour, Josh has been plying his trade as a consultant to enterprises and startups for a number of years. With a wide and deep technology expertise that includes writing production assembly on mainframes and operating a globally distributed machine learning system, he has seen security from many angles. Now focusing on cloud native technologies, lean software development and taking teams on DevSecOps transformations he uses happiness as his true north metric for measuring impact.

Table of Contents

Preface vii

1 Security in the Modern Organization 1

1.1 Why Security Is Critical 1

1.2 What Is Meant by Cloud Native Security? 3

1.3 Where Security Fits in the Modern Organization 5

1.4 The Purpose of Modern Security 7

1.5 DevSecOps 7

1.6 How to Measure the Impact of Security 12

1.7 The Principles of Security 14

2 Setting Up Accounts and Users 19

2.1 Scalable Project Structures on GCP 19

2.2 Scalable Account Structures on AWS 27

2.3 Scalable Subscription Structures on Azure 35

2.4 Region Locking on GCP 40

2.5 Region Locking on AWS 43

2.6 Region Locking on Azure 47

2.7 Centralizing Users on GCP 49

2.8 Centralizing Users on AWS 54

2.9 Centralizing Users on Azure 58

3 Getting Security Visibility at Scale 63

3.1 Building a Cloud Native Security Operations Center on GCP 64

3.2 Building a Cloud Native Security Operations Center on AWS 71

3.3 Building a Cloud Native Security Operations Center on Azure 75

3.4 Centralizing Logs on GCP 78

3.5 Centralizing Logs on AWS 82

3.6 Centralizing Logs on Azure 88

3.7 Log Anomaly Alerting on GCP 94

3.8 Log Anomaly Alerting on AWS 98

3.9 Log Anomaly Alerting on Azure 102

3.10 Building an Infrastructure Registry on GCP 106

3.11 Building an Infrastructure Registry on AWS 110

3.12 Building an Infrastructure Registry on Azure 118

4 Protecting Your Data 123

4.1 Encrypting Data at Rest on GCP 124

4.2 Encrypting Data at Rest on AWS 129

4.3 Encrypting Data at Rest on Azure 137

4.4 Encrypting Data on GCP with Your Own Keys 143

4.5 Encrypting Data on AWS with Your Own Keys 147

4.6 Encrypting Data on Azure with Your Own Keys 151

4.7 Enforcing In-Transit Data Encryption on GCP 156

4.8 Enforcing In-Transit Data Encryption on AWS 160

4.9 Enforcing In-Transit Data Encryption on Azure 162

4.10 Preventing Data Loss on GCP 165

4.11 Preventing Data Loss on AWS 170

4.12 Preventing Data Loss on Azure 174

5 Secure Networking 181

5.1 Networking Foundations on GCP 182

5.2 Networking Foundations on AWS 188

5.3 Networking Foundations on Azure 195

5.4 Enabling External Access on GCP 203

5.5 Enabling External Access on AWS 208

5.6 Enabling External Access on Azure 214

5.7 Allowing Access to Internal Resources on GCP 219

5.8 Allowing Access to Internal Resources on AWS 225

5.9 Allowing Access to Internal Resources on Azure 231

5.10 Controlling External Network Connectivity on GCP 236

5.11 Controlling External Network Connectivity on AWS 243

5.12 Controlling External Network Connectivity on Azure 251

5.13 Private Application Access on GCP 257

5.14 Private Application Access on AWS 265

5.15 Private Application Access on Azure 272

6 Infrastructure as Code 277

6.1 Building Secure Infrastructure Defaults on GCP 278

6.2 Building Secure Infrastructure Defaults on AWS 282

6.3 Building Secure Infrastructure Defaults on Azure 288

6.4 Functions as a Service on GCP 294

6.5 Functions as a Service on AWS 299

6.6 Functions as a Service on Azure 303

6.7 Robust Deployment on GCP 309

6.8 Robust Deployment on AWS 314

6.9 Robust Deployment on Azure 322

6.10 Deployment at Scale on GCP 329

6.11 Deployment at Scale on AWS 331

6.12 Deployment at Scale on Azure 336

7 Compliance as Code 341

7.1 Labeling Resources on GCP 342

7.2 Tagging Resources on AWS 347

7.3 Tagging Resources on Azure 352

7.4 Detecting Noncompliant Infrastructure on GCP 357

7.5 Detecting Noncompliant Infrastructure on AWS 364

7.6 Detecting Noncompliant Infrastructure on Azure 369

7.7 Preventing Noncompliant Infrastructure on GCP 375

7.8 Preventing Noncompliant Infrastructure on AWS 379

7.9 Preventing Noncompliant Infrastructure on Azure 383

7.10 Remediating Noncompliant Infrastructure on GCP 388

7.11 Remediating Noncompliant Infrastructure on AWS 396

7.12 Remediating Noncompliant Infrastructure on Azure 400

8 Providing Internal Security Services 407

8.1 Protecting Security Assets and Controls on GCP 408

8.2 Protecting Security Assets and Controls on AWS 412

8.3 Protecting Security Assets and Controls on Azure 417

8.4 Understanding Machine Status at Scale on GCP 422

8.5 Understanding Machine Status at Scale on AWS 426

8.6 Understanding Machine Status at Scale on Azure 430

8.7 Patching at Scale on GCP 435

8.8 Patching at Scale on AWS 439

8.9 Patching at Scale on Azure 442

8.10 Data Backup on GCP 447

8.11 Data Backup on AWS 451

8.12 Data Backup on Azure 456

9 Enabling Teams 461

9.1 Enabling Project Sharing on GCP 462

9.2 Enabling Account Sharing on AWS 465

9.3 Enabling Resource Group Sharing on Azure 468

9.4 Application Security Scanning on GCP 472

9.5 Application Security Scanning on AWS 475

9.6 Application Security Scanning on Azure 479

10 Security in the Future 483

10.1 The Infinite Game 484

10.2 Building Capability 485

10.3 Building Situational Awareness 486

10.4 Conclusion 488

11 Terraform Primer 489

11.1 Authenticating with GCP 490

11.2 Authenticating with AWS 490

11.3 Authenticating with Azure 490

Index 491

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Parallel, Distributed, and Supercomputing
Computers
Computers - General & Miscellaneous
Parallel, Distributed, and Supercomputing

Customer Reviews