You're reading from Cloud Security Handbook Find out how to effectively secure cloud environments using AWS, Azure, and GCP

Product type Paperback

Published in Apr 2022

Publisher Packt

ISBN-13 9781800569195

Length 456 pages

Edition 1st Edition

Tools

AWS

Concepts

Cloud Computing

Author (1):

Eyal Estrin

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1: Securing Infrastructure Cloud Services

2. Chapter 1: Introduction to Cloud Security FREE CHAPTER

3. Chapter 2: Securing Compute Services

4. Chapter 3: Securing Storage Services

5. Chapter 4: Securing Networking Services

6. Section 2: Deep Dive into IAM, Auditing, and Encryption

7. Chapter 5: Effective Strategies to Implement IAM Solutions

8. Chapter 6: Monitoring and Auditing Your Cloud Environments

9. Chapter 7: Applying Encryption in Cloud Services

10. Section 3: Threats and Compliance Management

11. Chapter 8: Understanding Common Security Threats to Cloud Services

12. Chapter 9: Handling Compliance and Regulation

13. Chapter 10: Engaging with Cloud Providers

14. Section 4: Advanced Use of Cloud Services

15. Chapter 11: Managing Hybrid Clouds

16. Chapter 12: Managing Multi-Cloud Environments

17. Chapter 13:Security in Large-Scale Environments

18. Other Books You May Enjoy

Best practices for using encryption at rest

The idea behind encryption at rest is to protect data once it has been saved into storage or a database or has been accessed by an untrusted third party.

Object storage encryption

When you're encrypting object storage, each file (or object) is encrypted separately.

Encryption/decryption process

The following workflow explains the process of extracting an encrypted object from object storage:

The DEK is stored near the object itself, and the object metadata specifies which encryption key version to use.
The entire DEK is wrapped with a KEK.
The KEK is stored inside a key-managed service.
When a request for accessing an object is made, the authorized service (or application) sends a request to the key managed service to locate the KEK and to decrypt the specific DEK.
The decrypted DEK is sent via a TLS/SSL channel from the KMS to the object storage. The object itself is decrypted using the decrypted...

The rest of the chapter is locked

You're reading from Cloud Security Handbook Find out how to effectively secure cloud environments using AWS, Azure, and GCP

Table of Contents (19) Chapters

Best practices for using encryption at rest

Object storage encryption

Encryption/decryption process

Authors (1)

Personalised recommendations for you

You're reading from Cloud Security Handbook Find out how to effectively secure cloud environments using AWS, Azure, and GCP

Table of Contents (19) Chapters

Best practices for using encryption at rest

Object storage encryption

Encryption/decryption process

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you