E-Book, Englisch, 482 Seiten
Estrin Cloud Security Handbook
2. Auflage 2025
ISBN: 978-1-83620-000-0
Verlag: De Gruyter
Format: EPUB
Kopierschutz: 0 - No protection
Effectively secure cloud environments using AWS, Azure, and GCP
E-Book, Englisch, 482 Seiten
ISBN: 978-1-83620-000-0
Verlag: De Gruyter
Format: EPUB
Kopierschutz: 0 - No protection
Securing cloud resources is no easy task-each provider has its unique set of tools, processes, and challenges, demanding specialized expertise. This book cuts through the complexity, delivering practical guidance on embedding security best practices across the core infrastructure components of AWS, Azure, and GCP. It equips information security professionals and cloud engineers with the skills to identify risks and implement robust security controls throughout the design, deployment, and maintenance of public cloud environments.
Starting with the shared responsibility model, cloud service models, and deployment models, this book helps you get to grips with fundamental concepts such as compute, storage, networking, identity management, and encryption. You'll then explore common threats and compliance requirements for cloud environments. As you progress, you'll implement security strategies across deployments ranging from small-scale environments to enterprise-grade production systems, including hybrid and multi-cloud setups.
This edition expands on emerging topics like GenAI service security and DevSecOps, with hands-on examples leveraging built-in security features of AWS, Azure, and GCP.
By the end of this book, you'll confidently secure any cloud environment with a comprehensive understanding of cloud security principles.
Autoren/Hrsg.
Weitere Infos & Material
Preface
provides complete coverage of security aspects when designing, building, and maintaining environments in the cloud. This book is filled with best practices to help you smoothly transition to the public cloud while keeping your environments secure. You do not have to read everything – simply find out which cloud provider is most widely used at your workplace, or which cloud provider you wish to focus on, and feel free to skip the rest.
Who this book is for
This book is designed for IT and information security professionals who are beginning their journey into the public cloud or transitioning existing environments to the cloud. Additionally, DevOps practitioners, cloud engineers, and cloud architects responsible for managing production environments in the cloud will find this book valuable.
What this book covers
, , provides a comprehensive overview of cloud security concepts, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), private cloud, public cloud, hybrid cloud, multi-cloud, and the Shared Responsibility Model. This chapter, along with the others in the book, will equip you with the knowledge needed to implement security measures across different cloud environments.
, , explains how Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) set up virtual machines. It also discusses the best ways to keep these virtual machines secure.
, , explains how AWS, Azure, and GCP use containers and Kubernetes. It also shares the best practices for keeping these technologies secure.
, , explains how AWS, Azure, and GCP use Function as a Service (FaaS). It also outlines the best practices for keeping these serverless services secure.
, , explains how AWS, Azure, and GCP handle different types of storage, including object storage, block storage, and file storage, as well as Container Storage Interface (CSI). It also discusses the best practices for keeping these storage services secure.
, , explains how AWS, Azure, and GCP set up virtual networking, DNS services, and VPN services. It also discusses the best practices for keeping these services secure.
, , explains how AWS, Azure, and GCP provide protection against DDoS attacks and use web application firewalls. It also covers the best practices for keeping these services secure.
, , explains how AWS, Azure, and GCP use Generative AI services. It also discusses the best practices for keeping these services secure.
, , explains how AWS, Azure, and GCP use Identity and Access Management (IAM) systems, cloud-based IAM services, and directory services. It also discusses how to secure these services effectively.
, , explains how AWS, Azure, and GCP set up audit tools. It covers how to control access to cloud service provider support engineers, detect and respond to threats, manage cloud-native Security Information and Event Management (SIEM) systems, and ensure the security of these monitoring and auditing services.
, , explains when to use two types of encryption in cloud environments: symmetric (using one key) and asymmetric (using two keys). It also describes the different options for managing encryption keys and secrets in AWS, Azure, and GCP. The chapter covers best practices for keeping data secure when it is moving between places (encryption in transit) and when it is stored (encryption at rest), as well as how to secure data in use.
, , explains the typical security risks in public cloud environments. It describes how to identify these threats and discusses ways to protect against them using built-in security services from AWS, Azure, and GCP.
, , guides you through the process of selecting the right cloud service provider by exploring essential aspects such as understanding cloud provider questionnaires, deciphering SOC reports, identifying critical contractual agreement elements, and learning how to perform effective penetration testing in cloud environments. The chapter provides comprehensive insights into making informed decisions when partnering with cloud service providers, ensuring that organizations can evaluate, negotiate, and secure their cloud infrastructure strategically.
, , explains how to set up key features such as IAM, network architecture, storage services, and compute services in hybrid cloud environments. It also discusses the best practices for securing these hybrid setups, helping organizations effectively manage and protect their resources across both on-premises and cloud platforms.
, , explains how to handle important topics such as IAM, network architecture, data security, cost management, and various management practices such as Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), patch and configuration management, and monitoring and auditing in multi-cloud settings. This chapter provides guidance on effectively managing and securing resources spread across multiple cloud platforms.
, , offers a comprehensive overview of DevSecOps, explaining it as a collaborative approach that integrates security practices throughout the software development life cycle. The chapter explores DevSecOps as a cultural transformation, demonstrating how to incorporate security measures into Continuous Integration and Continuous Deployment (CI/CD) pipelines. It also highlights specific DevSecOps services from major cloud providers such as AWS, Azure, and GCP, and showcases open source tools that can be integrated into development workflows to enhance security.
, , explores how to manage security in complex cloud setups across AWS, Microsoft Azure, and GCP. The chapter explains key concepts such as Landing Zones, Infrastructure as Code (IaC), and policy as code, and provides practical guidance on implementing security best practices for managing large-scale cloud environments.
To get the most out of this book
| Software/hardware covered in the book | Operating system requirements |
| An up-to-date web browser | Windows, macOS, or Linux |
| Credentials to access the AWS, Azure, and GCP web consoles |
Download the example code files
Check out this book's GitHub repository for updates and errata related to the book: https://github.com/PacktPublishing/Cloud-Security-Handbook.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out.
Conventions used
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and X handles. For example: “Execute the terraform graph command.”
Any command-line input or output is written as follows:
aws ec2 enable-ebs-encryption-by-default --region...