What This Book Covers
Chapter 1, Core Cloud Concepts, introduces the most relevant cloud computing characteristics and concepts with regard to cloud service models, cloud deployment models, and the different types of stakeholders in cloud computing.
Chapter 2, Cloud Reference Architecture, covers the cloud reference architecture, cloud service models, cloud deployment models, and cloud capabilities. We will also introduce the shared considerations for cloud deployments and the impact of new and emerging technologies on the evolution of cloud computing.
Chapter 3, Top Threats and Essential Cloud Security Concepts and Controls, describes the common threats to cloud deployments and attack vectors. We will introduce the control frameworks and control types necessary to secure data, network, and virtualization layers for cloud computing.
Chapter 4, Design Principles for Secure Cloud Computing, focuses on the service model security considerations.
Chapter 5, How to Evaluate Your Cloud Service Provider, discusses how to review and understand key cloud service contractual documents from the perspective of cloud service consumers. We will provide the best practices on how to evaluate your CSP based on a set of criteria.
Chapter 6, Cloud Data Security Concepts and Architectures, describes cloud data concepts, cloud data storage architectures, data security, data classification, and cloud data security technologies. We will review the stages of the cloud data life cycle in cloud environments, from creation to safe destruction practices.
Chapter 7, Data Governance Essentials, reviews the most important concepts of governance oversight for data life cycle phases in the cloud environment. We will introduce the concepts of Information Rights Management (IRM) and best practices for auditability, traceability, and accountability when it comes to data use in cloud environments.
Chapter 8, Essential Infrastructure and Platform Components for a Secure Data Center, reviews key cloud infrastructure and platform components and the best practices for the secure design of the logical, physical, and environmental components of a modern data center.
Chapter 9, Analyzing Risks, identifies the top risks to the physical, logical, and virtual environments as a cloud consumer and provider. We will discuss how to analyze, assess, and address the risk with safeguards and countermeasures.
Chapter 10, Security Control Implementation, provides an overview of the key concepts of the selection, planning, and implementation of security controls in cloud environments.
Chapter 11, Planning for the Worst-Case Scenario – Business Continuity and Disaster Recovery, discusses how organizations are preparing to withstand disasters and business disruptions to be able to continue the delivery of products and services within acceptable time frames.
Chapter 12, Application Security, reviews development basics, the challenges organizations face, and the common cloud vulnerabilities for web applications.
Chapter 13, Secure Software Development Life Cycle, is dedicated to educating you on the Secure Software Development Life Cycle (S-SDLC), including coverage of topics such as defining requirements, what methodology to use to apply the S-SDLC, threat modeling, and secure coding.
Chapter 14, Assurance, Validation, and Verification in Security, describes key processes as they relate to functional testing, profiling security testing methodologies, QA, and other solutions.
Chapter 15, Application-Centric Cloud Architecture, reviews the important specifics of traditional cloud application architecture, with a focus on essential security components such as WAF, DAM, API gateways, cryptography, sandboxing, and securing virtualized applications.
Chapter 16, IAM Design, focuses on Identity and Access Management (IAM) solutions, which are critical elements of securing organizations. This chapter covers identity providers, federated identities, secrets management, and other important IAM solutions.
Chapter 17, Cloud Physical and Logical Infrastructure (Operationalization and Maintenance), reviews the key physical and logical infrastructure configuration requirements for cloud environments. We will also provide an overview of the most common configurations and controls for operational and maintenance activities for physical and logical infrastructures.
Chapter 18, International Operational Controls and Standards, reviews the leading industry standards for Information Technology Service Management (ITSM).
Chapter 19, Digital Forensics, discusses forensic data collection methodologies, evidence management, and other key concepts for the collection, acquisition, and preservation of digital evidence.
Chapter 20, Managing Communications, covers the best practices for the communication channels and procedures that need to be set up if an organization intends to be resilient against impacts of all types. We will review the most common communication channels with vendors, customers, regulators, partners, and other stakeholders.
Chapter 21, Security Operations Center Management, covers the best practices for establishing the primary requirements of a security operations center and how they are informed by the business mission, regulatory and legal requirements, and service offerings. We will review a wide range of tools related to monitoring and logging that are necessary for effective security operations center management.
Chapter 22, Legal Challenges and the Cloud, discusses compliance with legal and contractual requirements. The chapter covers in detail the policies, standards, guidelines, baselines, and procedures that frame decision-making, as well as the roles that delineate authority levels (e.g., shareholders, stakeholders, senior management, service consumers, and service providers).
Chapter 23, Privacy and the Cloud, discusses privacy regulations and country-specific legislation related to PII and PHI. We will review key jurisdictional differences in data privacy.
Chapter 24, Cloud Audit Processes and Methodologies, reviews the most common ways to conduct audits of IT systems, covering the audit process, the methodologies, and the required adaptations for a cloud environment.
