Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag United Kingdom
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Argentina
Country selected
country flag Austria
Country selected
country flag Belgium
Country selected
country flag Bulgaria
Country selected
country flag Chile
Country selected
country flag Colombia
Country selected
country flag Cyprus
Country selected
country flag Czechia
Country selected
country flag Denmark
Country selected
country flag Ecuador
Country selected
country flag Egypt
Country selected
country flag Estonia
Country selected
country flag Finland
Country selected
country flag Greece
Country selected
country flag Hungary
Country selected
country flag Indonesia
Country selected
country flag Ireland
Country selected
country flag Italy
Country selected
country flag Japan
Country selected
country flag Latvia
Country selected
country flag Lithuania
Country selected
country flag Luxembourg
Country selected
country flag Malaysia
Country selected
country flag Malta
Country selected
country flag Mexico
Country selected
country flag Netherlands
Country selected
country flag New Zealand
Country selected
country flag Norway
Country selected
country flag Philippines
Country selected
country flag Poland
Country selected
country flag Portugal
Country selected
country flag Romania
Country selected
country flag Singapore
Country selected
country flag Slovakia
Country selected
country flag Slovenia
Country selected
country flag South Africa
Country selected
country flag South Korea
Country selected
country flag Sweden
Country selected
country flag Switzerland
Country selected
country flag Taiwan
Country selected
country flag Thailand
Country selected
country flag Turkey
Country selected
country flag Ukraine
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Home > Cloud & Networking > Cloud Computing > Cloud Security Handbook
Cloud Security Handbook
Cloud Security Handbook

Cloud Security Handbook: Find out how to effectively secure cloud environments using AWS, Azure, and GCP

Arrow left icon
Profile Icon Eyal Estrin
Arrow right icon
€35.99
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (4 Ratings)
Paperback Apr 2022 456 pages 1st Edition
eBook
€19.99 €28.99
Paperback
€35.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Eyal Estrin
Arrow right icon
€35.99
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (4 Ratings)
Paperback Apr 2022 456 pages 1st Edition
eBook
€19.99 €28.99
Paperback
€35.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€19.99 €28.99
Paperback
€35.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Cloud Security Handbook

Chapter 1: Introduction to Cloud Security

This book, Cloud Security Techniques and Best Practices, is meant for various audiences. You could be taking your first steps working with cloud services, or you could be coming from an IT perspective and want to know about various compute and storage services and how to configure them securely. Or, you might be working in information security and want to know the various authentication, encryption, and audit services and how to configure them securely, or you might be working with architecture and want to know how to design large-scale environments in the cloud in a secure way.

Reading this book will allow you to make the most of cloud services while focusing on security aspects. Before discussing cloud services in more detail, let me share my opinion regarding cloud services.

The world of IT is changing. For decades, organizations used to purchase physical hardware, install operating systems, and deploy software. This routine required a lot of ongoing maintenance (for patch deployment, backup, monitoring, and so on).

The cloud introduced a new paradigm – that is, the ability to consume managed services to achieve the same goal of running software (from file servers to Enterprise Resource Planning (ERP) or Customer Relationship Management (CRM) products), while using the expertise of the hyper-scale cloud providers.

Some well-known use cases of cloud computing are as follows:

  • Netflix – one of the largest video streaming services world-wide. It uses AWS to run its media streaming services:

https://aws.amazon.com/solutions/case-studies/netflix-case-study

  • Mercedes-Benz – one of the most famous automotive brands. It uses Azure to run its research and development:

https://customers.microsoft.com/en-us/story/784791-mercedes-benz-r-and-d-creates-container-driven-cars-powered-by-microsoft-azure

  • Home Depot – the largest home improvement retailer in the United States. It uses Google Cloud to run its online stores:

https://cloud.google.com/customers/featured/the-home-depot

In this book, we will compare various aspects of cloud computing (from fundamental services such as compute, storage, and networking, to compliance management and best practices for building and maintaining large-scale environments in a secure way), while reviewing the different alternatives offered by Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

It does not matter which organization you are coming from – this book will allow you to have a better understanding of how to achieve security in any of the large hyper-scale cloud providers.

You do not have to read everything – simply find out which cloud provider is common at your workplace or which cloud provider you wish to focus on, and feel free to skip the rest.

In this chapter, we will cover the following topics:

  • Why we need security
  • Cloud service models
  • Cloud deployment models
  • The shared responsibility model

Technical requirements

This chapter is an introduction to cloud security, so there are no technical requirements.

What is a cloud service?

As part of this introduction, let's define the terminology to make sure we are all on the same page.

The National Institute of Standards and Technology (NIST) defines cloud as a technology that has the following five characteristics:

  • On-demand self-service: Imagine you wish to open a blog and you need compute resources. Instead of purchasing hardware and waiting for the vendor to ship it to your office and having to deploy software, the easier alternative can be a self-service portal, where you can select a pre-installed operating system and content management system that you can deploy within a few minutes by yourself.
  • Broad network access: Consider having enough network access (the type that large Internet Service Providers (ISPs) have) to serve millions of end users with your application.
  • Resource pooling: Consider having thousands of computers, running in a large server farm, and being able to maximize their use (from CPU, memory, and storage capacity), instead of having a single server running 10% of its CPU utilization.
  • Rapid elasticity: Consider having the ability to increase and decrease the amount of compute resources (from a single server to thousands of servers, and then back to a single server), all according to your application or service needs.
  • Measured service: Consider having the ability to pay for only the resources you consumed and being able to generate a billing report that shows which resources have been used and how much you must pay for the resources.

Further details relating to the NIST definition can be found at the following link:

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

What are the cloud deployment models?

Now that we understand what the cloud characteristics are, let's talk about cloud deployment models:

  • Private cloud: An infrastructure deployed and maintained by a single organization. Let's say we are a large financial organization (such as a bank or insurance organization), we would like to serve various departments in our organization (from HR, IT, sales, and so on), and we might have regulatory requirements to keep customers' data on-premises – a private cloud can be a suitable solution.
  • Public cloud: An infrastructure deployed and maintained by a service provider for serving multiple customers and organizations, mostly accessible over the internet. Naturally, this book will focus on the public cloud model, with reference to various services offered by AWS, Azure, and GCP.
  • Hybrid cloud: A combination of a private cloud (or on-premises cloud) and at least one public cloud infrastructure. I like to consider the hybrid cloud as an extension of the local data center. We should not consider this extension as something separate, and we should protect it the same way we protect our local data center.
  • Multi-cloud: A scenario where our organization is either using multiple managed services (see the definition of SaaS in the next section) or using multiple public cloud infrastructure (see the definitions of IaaS and PaaS in the next section).

What are the cloud service models?

An essential part of understanding clouds is understanding the three cloud service models:

  • Infrastructure as a Service (IaaS): This is the most fundamental service model, where a customer can select the virtual machine size (in terms of the amount of CPU and memory), select a pre-configured operating system, and deploy software inside the virtual machine instance according to business needs (services such as Amazon EC2, Azure Virtual Machines, and Google Compute Engine).
  • Platform as a Service (PaaS): This type of service model varies from managed database services to managed application services (where a customer can import code and run it inside a managed environment) and more (services such as AWS Elastic Beanstalk, Azure Web Apps, and Google App Engine).
  • Software as a Service (SaaS): This is the most widely used service model – a fully managed software environment where, as a customer, you usually open a web browser, log in to an application, and consume services. These could be messaging services, ERP, CRM, business analytics, and more (services such as Microsoft Office 365, Google Workspaces, Salesforce CRM, SAP SuccessFactors, and Oracle Cloud HCM).

Understanding the cloud service models will allow you to understand your role as a customer, explained later in the What is the shared responsibility model? section.

Why we need security

As mentioned previously, we can see clear benefits of using cloud services that enable our business to focus on what brings us value (from conducting research in a pharmaceutical lab, to selling products on a retail site, and so on).

But what about security? And, specifically, cloud security?

Why should our organization focus on the overhead called information security (and, in the context of this book, cloud security)?

The cloud has changed the paradigm of organizations controlling their data on-premises (from HR data to customers' data) and investing money in maintaining data centers, servers, storage, network equipment, and the application tier.

Using public clouds has changed the way organizations look at information security (in the context of this book, cloud security).

The following are a few common examples of the difference between on-premises data solutions and the cloud:

Table 1.1 – Differences between on-premises data solutions and the cloud

Table 1.1 – Differences between on-premises data solutions and the cloud

Organizations are often unwilling to migrate to a public cloud for security reasons because the physical servers are located outside of the organization's direct control, and sometimes even outside their physical geography.

Here are a few questions often asked by organizations' management:

  • Are my servers going to behave the same as if they were on-premises?
  • How do I protect my servers outside my data center from a data breach?
  • How do I know the cloud provider will not have access to my data?
  • Do my employees have enough knowledge to work in new environments such as the public cloud?

Perhaps the most obvious question asked is – is the public cloud secure enough to store my data?

From my personal experience, the answer is yes.

By design, the hyper-scale cloud providers invest billions of dollars protecting their data centers, building secure services, investing in employee training, and locating security incidents and remediating them fast. This is all with much higher investment, attention, and expertise than most organizations can dedicate to protecting their local data centers.

The reason for this is simple – if a security breach happens to one of the hyper-scale cloud providers, their customers' trust will be breached, and the cloud providers will run out of business.

At the end of the day, cloud security enables our organization to achieve (among other things) the following:

  • Decreased attack surface: Using central authentication, data encryption, DDoS protection services, and more
  • Compliance with regulation: Deploying environments according to best practices
  • Standardization and best practices: Enforcing security using automated tools and services

Reading this book will allow you to have a better understanding of various methods to secure your cloud environments – most of them using the cloud vendor's built-in services and capabilities.

What is the shared responsibility model?

When speaking about cloud security and cloud service models (IaaS/PaaS/SaaS), the thing that we all hear about is the shared responsibility model, which tries to draw a line between the cloud provider and the customer's responsibilities regarding security.

As you can see in the following diagram, the cloud provider is always responsible for the lower layers – from the physical security of their data centers, through networking, storage, host servers, and the virtualization layers:

Figure 1.1 – The shared responsibility model

Figure 1.1 – The shared responsibility model

Above the virtualization layer is where the responsibility begins to change.

When working with IaaS, we, as the customers, can select a pre-installed image of an operating system (with or without additional software installed inside the image), deploy our applications, and manage permissions to access our data.

When working with PaaS, we, as the customers, may have the ability to control code in a managed environment (services such as AWS Elastic Beanstalk, Azure Web Apps, and Google App Engine) and manage permissions to access our data.

When working with SaaS, we, as the customers, received a fully managed service, and all we can do is manage permissions to access our data.

In the next sections, we will look at how the various cloud providers (AWS, Azure, and GCP) look at the shared responsibility model from their own perspective.

For more information on the shared responsibility model, you can check the following link: https://tutorials4sharepoint.wordpress.com/2020/04/24/shared-responsibility-model/.

AWS and the shared responsibility model

Looking at the shared responsibility model from AWS's point of view, we can see the clear distinction between AWS's responsibility for the security of the cloud (physical hardware and the lower layers such as host servers, storage, database, and network) and the customer's responsibility for security in the cloud (everything the customer controls – operating system, data encryption, network firewall rules, and customer data). The following diagram depicts AWS and the shared responsibility model:

Figure 1.2 – AWS and the shared responsibility model

Figure 1.2 – AWS and the shared responsibility model

As a customer of AWS, reading this book will allow you to gain the essential knowledge and best practices for using common AWS services (including compute, storage, networking, authentication, and so on) in a secure way.

More information on the AWS shared responsibility model can be found at the following link: https://aws.amazon.com/blogs/industries/applying-the-aws-shared-responsibility-model-to-your-gxp-solution/.

Azure and the shared responsibility model

Looking at the shared responsibility model from Azure's point of view, we can see the distinction between Azure's responsibility for its data centers (physical layers) and the customer's responsibility at the top layers (identities, devices, and customers' data). In the middle layers (operating system, network controls, and applications) the responsibility changes between Azure and the customers, according to various service types. The following diagram depicts Azure and the shared responsibility model:

Figure 1.3 – Azure and the shared responsibility model

Figure 1.3 – Azure and the shared responsibility model

As a customer of Azure, reading this book will allow you to gain the essential knowledge and best practices for using common Azure services (including compute, storage, networking, authentication, and others) in a secure way.

More information on the Azure shared responsibility model can be found at the following link: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility.

GCP and the shared responsibility model

Looking at the shared responsibility model from GCP's point of view, we can see that Google would like to emphasize that it builds its own hardware, which enables the company to control the hardware, boot, and kernel of its platform, including the storage layer encryption, network equipment, and logging of everything that Google is responsible for.

When looking at things that the customer is responsible for we can see a lot more layers, including everything from the guest operating system, network security rules, authentication, identity, and web application security, to things such as deployment, usage, access policies, and content (customers' data). The following diagram depicts GCP and the shared responsibility model:

Figure 1.4 – GCP and the shared responsibility model

Figure 1.4 – GCP and the shared responsibility model

As a customer of GCP, reading this book will allow you to gain the essential knowledge and best practices for using common GCP services (including compute, storage, networking, authentication, and more) in a secure way.

More information about the GCP shared responsibility model can be found at the following link: https://services.google.com/fh/files/misc/google-cloud-security-foundations-guide.pdf.

As a customer, understanding the shared responsibility model allows you, at any given time, to understand which layers are under the cloud vendor's responsibility and which layers are under the customer's responsibility.

Command-line tools

One of the things that makes cloud environments so robust is the ability to control almost anything using the Application Programming Interface (API) or using the command line.

Most mature cloud providers have already published and maintain their own Command-Line Interface (CLI) to allow customers to perform actions in an easy and standard way.

An alternative to using the command line to interact with the cloud provider's API is using a Software Developer Kit (SDK) – a method to control actions (from deploying a virtual machine to encrypting storage), query information from a service (checking whether auditing is enabled for my customers logging into my web application), and more.

Since this book doesn't require previous development experience, I will provide examples for performing actions using the command-line tools.

During various chapters of this book, I will provide you with examples of commands that will allow you to easily implement the various security controls over AWS, Azure, and GCP.

I highly recommend that you become familiar with those tools.

AWS CLI

AWS CLI can be installed on Windows (64 bit), Linux (both x86 and ARM processors), macOS, and even inside a Docker container.

The AWS CLI documentation explains how to install the tool and provides a detailed explanation of how to use it.

The documentation can be found at https://aws.amazon.com/cli.

Azure CLI

Azure CLI can be installed on Windows, Linux (Ubuntu, Debian, RHEL, CentOS, Fedora, openSUSE), and macOS.

The Azure CLI documentation explains how to install the tool and provides a detailed explanation of how to use it.

The documentation can be found at https://docs.microsoft.com/en-us/cli/azure.

Google Cloud SDK

The Google command-line tool (gcloud CLI) can be installed on Windows, Linux (Ubuntu, Debian, RHEL, CentOS, Fedora), and macOS.

The Google Cloud SDK documentation explains how to install the tool and provides a detailed explanation of how to use it.

The documentation can be found at https://cloud.google.com/sdk.

Summary

In the first chapter of this book, we learned the definition of a cloud, the different cloud deployment models, and the different cloud service models.

We also learned what the shared cloud responsibility model is, and how AWS, Azure, and GCP look at this concept from their own point of view.

Lastly, we had a short introduction to the AWS, Azure, and GCP built-in command-line tools, and, during the next chapters, I will provide you with examples of how to implement various tasks using the command-line tools.

This introduction will be referred to in the following chapters, where we will dive deeper into the best practices for securing cloud services using (in most cases) the cloud providers' built-in capabilities.

Securing cloud environments can be challenging, depending on your previous knowledge in IT or information security or cloud services in general.

Reading this book will assist you in gaining the necessary knowledge of how to secure cloud environments, regardless of your role in the organization or your previous experience.

In the next chapter, we will review the various compute services in the cloud (including virtual machines, managed databases, container services, and finally serverless services).

Left arrow icon

Page 1 of 9

Right arrow icon

Key benefits

  • Discover practical techniques for implementing cloud security
  • Learn how to secure your data and core cloud infrastructure to suit your business needs
  • Implement encryption, detect cloud threats and misconfiguration, and achieve compliance in the cloud

Description

Securing resources in the cloud is challenging, given that each provider has different mechanisms and processes. Cloud Security Handbook helps you to understand how to embed security best practices in each of the infrastructure building blocks that exist in public clouds. This book will enable information security and cloud engineers to recognize the risks involved in public cloud and find out how to implement security controls as they design, build, and maintain environments in the cloud. You'll begin by learning about the shared responsibility model, cloud service models, and cloud deployment models, before getting to grips with the fundamentals of compute, storage, networking, identity management, encryption, and more. Next, you'll explore common threats and discover how to stay in compliance in cloud environments. As you make progress, you'll implement security in small-scale cloud environments through to production-ready large-scale environments, including hybrid clouds and multi-cloud environments. This book not only focuses on cloud services in general, but it also provides actual examples for using AWS, Azure, and GCP built-in services and capabilities. By the end of this cloud security book, you'll have gained a solid understanding of how to implement security in cloud environments effectively.

Who is this book for?

This book is for IT or information security personnel taking their first steps in the public cloud or migrating existing environments to the cloud. Cloud engineers, cloud architects, or cloud security professionals maintaining production environments in the cloud will also benefit from this book. Prior experience of deploying virtual machines, using storage services, and networking will help you to get the most out of this book.

What you will learn

  • Secure compute, storage, and networking services in the cloud
  • Get to grips with identity management in the cloud
  • Audit and monitor cloud services from a security point of view
  • Identify common threats and implement encryption solutions in cloud services
  • Maintain security and compliance in the cloud
  • Implement security in hybrid and multi-cloud environments
  • Design and maintain security in a large-scale cloud environment
Estimated delivery fee Deliver to Netherlands

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 14, 2022
Length: 456 pages
Edition : 1st
Language : English
ISBN-13 : 9781800569195
Category :
Cloud & Networking
Concepts :
Cloud Computing
Tools :
AWS

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Estimated delivery fee Deliver to Netherlands

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Publication date : Apr 14, 2022
Length: 456 pages
Edition : 1st
Language : English
ISBN-13 : 9781800569195
Category :
Cloud & Networking
Concepts :
Cloud Computing
Tools :
AWS

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
START FREE TRIAL
BUY NOW
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW

Frequently bought together

Network Protocols for Security Professionals
Network Protocols for Security Professionals
Read more
Oct 2022 580 pages
Full star icon 5 (1)
eBook
eBook
  • eBook eBook €20.99
  • Paperback Paperback €39.99
€20.99 €30.99
€39.99
Solutions Architect's Handbook
Solutions Architect's Handbook
Read more
Jan 2022 590 pages
Full star icon 4.4 (96)
eBook
eBook
  • eBook eBook €36.99
  • Paperback Paperback €67.99
  • Audiobook Audiobook €48.99
€36.99 €53.99
€67.99
€48.99
Cloud Security Handbook
Cloud Security Handbook
Read more
Apr 2022 456 pages
Full star icon 4 (4)
eBook
eBook
  • eBook eBook €19.99
  • Paperback Paperback €35.99
€19.99 €28.99
€35.99
Stars icon
Total 143.97
Network Protocols for Security Professionals
€39.99
Solutions Architect's Handbook
€67.99
Cloud Security Handbook
€35.99
Total 143.97 Stars icon

Table of Contents

18 Chapters
Section 1: Securing Infrastructure Cloud Services Chevron down icon Chevron up icon
Section 1: Securing Infrastructure Cloud Services
Chapter 1: Introduction to Cloud Security Chevron down icon Chevron up icon
Chapter 1: Introduction to Cloud Security
Technical requirements
What is a cloud service?
What are the cloud deployment models?
What are the cloud service models?
Why we need security
What is the shared responsibility model?
Command-line tools
Summary
Chapter 2: Securing Compute Services Chevron down icon Chevron up icon
Chapter 2: Securing Compute Services
Technical requirements
Securing VMs
Securing managed database services
Securing containers
Securing serverless/function as a service
Summary
Chapter 3: Securing Storage Services Chevron down icon Chevron up icon
Chapter 3: Securing Storage Services
Technical requirements
Securing object storage
Securing block storage
Securing file storage
Securing the CSI
Summary
Chapter 4: Securing Networking Services Chevron down icon Chevron up icon
Chapter 4: Securing Networking Services
Technical requirements
Securing virtual networking
Securing DNS services
Securing CDN services
Securing VPN services
Securing DDoS protection services
Securing WAF services
Summary
Section 2: Deep Dive into IAM, Auditing, and Encryption Chevron down icon Chevron up icon
Section 2: Deep Dive into IAM, Auditing, and Encryption
Chapter 5: Effective Strategies to Implement IAM Solutions Chevron down icon Chevron up icon
Chapter 5: Effective Strategies to Implement IAM Solutions
Technical requirements
Introduction to IAM
Failing to manage identities
Securing cloud-based IAM services
Securing directory services
Configuring MFA
Summary
Chapter 6: Monitoring and Auditing Your Cloud Environments Chevron down icon Chevron up icon
Chapter 6: Monitoring and Auditing Your Cloud Environments
Technical requirements
Conducting security monitoring and audit trails
Conducting threat detection and response
Conducting incident response and digital forensics
Summary
Chapter 7: Applying Encryption in Cloud Services Chevron down icon Chevron up icon
Chapter 7: Applying Encryption in Cloud Services
Technical requirements
Introduction to encryption
Best practices for deploying KMSes
Best practices for deploying secrets management services
Best practices for using encryption in transit
Best practices for using encryption at rest
Encryption in use
Summary
Section 3: Threats and Compliance Management Chevron down icon Chevron up icon
Section 3: Threats and Compliance Management
Chapter 8: Understanding Common Security Threats to Cloud Services Chevron down icon Chevron up icon
Chapter 8: Understanding Common Security Threats to Cloud Services
Technical requirements
The MITRE ATT&CK framework
Detecting and mitigating data breaches in cloud services
Detecting and mitigating misconfigurations in cloud services
Detecting and mitigating insufficient IAM and key management in cloud services
Detecting and mitigating account hijacking in cloud services
Detecting and mitigating insider threats in cloud services
Detecting and mitigating insecure APIs in cloud services
Detecting and mitigating the abuse of cloud services
Summary
Chapter 9: Handling Compliance and Regulation Chevron down icon Chevron up icon
Chapter 9: Handling Compliance and Regulation
Technical requirements
Compliance and the shared responsibility model
Introduction to compliance with regulatory requirements and industry best practices
What are the common ISO standards related to cloud computing?
What is a SOC report?
What is the CSA STAR program?
What is PCI DSS?
What is the GDPR?
What is HIPAA?
Summary
Chapter 10: Engaging with Cloud Providers Chevron down icon Chevron up icon
Chapter 10: Engaging with Cloud Providers
Technical requirements
Choosing a cloud provider
What is a cloud provider questionnaire?
Tips for contracts with cloud providers
Conducting penetration testing in cloud environments
Summary
Section 4: Advanced Use of Cloud Services Chevron down icon Chevron up icon
Section 4: Advanced Use of Cloud Services
Chapter 11: Managing Hybrid Clouds Chevron down icon Chevron up icon
Chapter 11: Managing Hybrid Clouds
Technical requirements
Hybrid cloud strategy
Identity management over hybrid cloud environments
Network architecture for hybrid cloud environments
Storage services for hybrid cloud environments
Compute services for hybrid cloud environments
Securing hybrid cloud environments
Summary
Chapter 12: Managing Multi-Cloud Environments Chevron down icon Chevron up icon
Chapter 12: Managing Multi-Cloud Environments
Technical requirements
Multi-cloud strategy
Identity management over multi-cloud environments
Network architecture for multi-cloud environments
Data security in multi-cloud environments
Cost management in multi-cloud environments
Cloud Security Posture Management (CSPM)
Cloud Infrastructure Entitlement Management (CIEM)
Patch and configuration management in multi-cloud environments
The monitoring and auditing of multi-cloud environments
Summary
Chapter 13:Security in Large-Scale Environments Chevron down icon Chevron up icon
Chapter 13:Security in Large-Scale Environments
Technical requirements
Managing governance and policies at a large scale
Automation using IaC
Security in large-scale cloud environments
Summary
What's next?
Why subscribe?
Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Recommendations for you

Left arrow icon
AWS for Solutions Architects
AWS for Solutions Architects
Read more
Apr 2023 692 pages
Full star icon 4.3 (64)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
Linux Kernel Programming
Linux Kernel Programming
Read more
Feb 2024 826 pages
Full star icon 4.8 (33)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €27.99
€20.98 €29.99
€27.99 €37.99
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
Read more
Sep 2023 472 pages
Full star icon 5 (180)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €37.99
€20.98 €29.99
€37.99
Microsoft Azure Fundamentals Certification and Beyond
Microsoft Azure Fundamentals Certification and Beyond
Read more
Jan 2024 284 pages
Full star icon 4.9 (28)
eBook
eBook
  • eBook eBook €17.99
  • Paperback Paperback €33.99
€17.99 €26.99
€33.99
Zabbix 7 IT Infrastructure Monitoring Cookbook
Zabbix 7 IT Infrastructure Monitoring Cookbook
Read more
Jul 2024 540 pages
Full star icon 5 (4)
eBook
eBook
  • eBook eBook €21.99
  • Paperback Paperback €38.99
€21.99 €31.99
€38.99
Mastering Terraform
Mastering Terraform
Read more
Jul 2024 494 pages
Full star icon 5 (17)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €37.99
€20.98 €29.99
€37.99
Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond
Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond
Read more
Sep 2024 824 pages
Full star icon 4.3 (3)
eBook
eBook
  • eBook eBook €29.99
  • Paperback Paperback €37.99
€29.99
€37.99
Kubernetes – An Enterprise Guide
Kubernetes – An Enterprise Guide
Read more
Aug 2024 682 pages
Full star icon 5 (11)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
Solutions Architect's Handbook
Solutions Architect's Handbook
Read more
Mar 2024 578 pages
Full star icon 4.7 (53)
eBook
eBook
  • eBook eBook €24.99
  • Paperback Paperback €44.99
€24.99 €35.99
€44.99
Managing Kubernetes Resources Using Helm
Managing Kubernetes Resources Using Helm
Read more
Sep 2022 310 pages
Full star icon 5 (3)
eBook
eBook
  • eBook eBook €21.99
  • Paperback Paperback €38.99
€21.99 €31.99
€38.99
Right arrow icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
(4 Ratings)
5 star 75%
4 star 0%
3 star 0%
2 star 0%
1 star 25%
Amazon Customer Oct 31, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Awesome product. Will definitely recommend this.
Amazon Verified review Amazon
Walter Lee Nov 11, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I am AWS and GCP security certified and still learn many good security tips and ideas from this book. This book is a collection of many best security practices for ALL 3 major clouds. It covers how to secure IAM, database, storage, networking, serverless, kubernetes, encryption, auditing, Compliance, Hybrid Clouds, ... etc. I like to compare all 3 major clouds side and side to find out their different ways to secure the similar cloud services. It has a lot of official cloud provider doc and best practice links, so we can refer to each cloud easily. I like Section 3 and 4 most because it talks about "Threats and ComplianceManagement" and "Advanced Use of Cloud Services", e.g. Managing Multi-Cloud Environments and Security in Large-Scale Environments. Recommend read.
Amazon Verified review Amazon
Eyal Zankel May 20, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book is a great source for studying and applying cloud security on all the leading cloud services. The author of the book does a great job integrating between his knowledge, explaining the basics and advanced items. Also including links and reference to articles for firther knowledge.The book is extremely recommended for Cyber Security specialists and beginners alike.
Amazon Verified review Amazon
ams1988 Sep 07, 2022
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
I purchased the Kindle version of this "book." The material is a stream of consciousness, mostly consisting of bullet points pointing to web pages. Chapters may have a paragraph, followed by pages of bullets and inane figures. It's as if the author simply pasted notes into a giant word file and sent it in. Truly astonishing that a publisher accepted this manuscript. At no point does the author convey any sense of mastery of the material, like most IT folks involved in cloud services they simply memorize things and do not understand the fundamental architecture. If you were looking to understand AWS IAM, look elsewhere.
Amazon Verified review Amazon

People who bought this also bought

Left arrow icon
AWS for Solutions Architects
AWS for Solutions Architects
Read more
Apr 2023 692 pages
Full star icon 4.3 (64)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
Ansible for Real-Life Automation
Ansible for Real-Life Automation
Read more
Sep 2022 480 pages
Full star icon 3.9 (7)
eBook
eBook
  • eBook eBook €17.99
  • Paperback Paperback €31.99
€17.99 €25.99
€31.99
Mastering Kubernetes
Mastering Kubernetes
Read more
Jun 2023 746 pages
Full star icon 4.5 (47)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
The Ultimate Docker Container Book
The Ultimate Docker Container Book
Read more
Aug 2023 626 pages
Full star icon 4.5 (11)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €37.99
€20.98 €29.99
€37.99
Mastering Ubuntu Server
Mastering Ubuntu Server
Read more
Sep 2022 584 pages
Full star icon 4.7 (40)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
Right arrow icon

About the author

Profile icon Eyal Estrin
Eyal Estrin
LinkedIn icon Github icon
Eyal Estrin is a cloud security architect who has been working with cloud services since 2015. He has been involved in the design and implementation of cloud environments from both the IT and security aspects. He has worked with AWS, Azure, and Google Cloud in a number of different organizations (in the banking, academia, and healthcare sectors). He has attained several top cloud security certifications – CCSP, CCSK, and AWS. He shares his knowledge through social media (LinkedIn, Twitter, Medium, and more) for the benefit of cloud experts around the world.
Read more
See other products by Eyal Estrin
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela