Cloud Security For Dummies
- Length: 384 pages
- Edition: 1
- Language: English
- Publisher: For Dummies
- Publication Date: 2022-03-09
- ISBN-10: 1119790468
- ISBN-13: 9781119790464
- Sales Rank: #289660 (See Top 100 Books)
Embrace the cloud and kick hackers to the curb with this accessible guide on cloud security
Cloud technology has changed the way we approach technology. It’s also given rise to a new set of security challenges caused by bad actors who seek to exploit vulnerabilities in a digital infrastructure. You can put the kibosh on these hackers and their dirty deeds by hardening the walls that protect your data.
Using the practical techniques discussed in Cloud Security For Dummies, you’ll mitigate the risk of a data breach by building security into your network from the bottom-up. Learn how to set your security policies to balance ease-of-use and data protection and work with tools provided by vendors trusted around the world.
This book offers step-by-step demonstrations of how to:
- Establish effective security protocols for your cloud application, network, and infrastructure
- Manage and use the security tools provided by different cloud vendors
- Deliver security audits that reveal hidden flaws in your security setup and ensure compliance with regulatory frameworks
As firms around the world continue to expand their use of cloud technology, the cloud is becoming a bigger and bigger part of our lives. You can help safeguard this critical component of modern IT architecture with the straightforward strategies and hands-on techniques discussed in this book.
Title Page Copyright Page Table of Contents Introduction About This Book Foolish Assumptions Icons Used in This Book Beyond the Book Where to Go from Here Part 1 Getting Started with Cloud Security Chapter 1 Clouds Aren’t Bulletproof Knowing Your Business Discovering the company jewels Initiating your plan Automating the discovery process Knowing Your SLA Agreements with Service Providers Where is the security? Knowing your part Building Your Team Finding the right people Including stakeholders Creating a Risk Management Plan Identifying the risks Assessing the consequences of disaster Pointing fingers at the right people Disaster planning When Security Is Your Responsibility Determining which assets to protect Knowing your possible threat level Van Gogh with it (paint a picture of your scenario) Setting up a risk assessment database Avoiding Security Work with the Help of the Cloud Having someone else ensure physical security Making sure providers have controls to separate customer data Recognizing that cloud service providers can offer better security Chapter 2 Getting Down to Business Negotiating the Shared Responsibility Model Coloring inside the lines Learning what to expect from a data center Taking responsibility for your 75 percent SaaS, PaaS, IaaS, AaaA! SaaS SaaS security PaaS PaaS security IaaS IaaS security FaaS SaaS, PaaS, IaaS, FaaS responsibilities Managing Your Environment Restricting access Assessing supply chain risk Managing virtual devices Application auditing Managing Security for Devices Not Under Your Control Inventorying devices Using a CASB solution Applying Security Patches Looking Ahead Chapter 3 Storing Data in the Cloud Dealing with the Data Silo Dilemma Cataloging Your Data Selecting a data catalog software package Three steps to building a data catalog Controlling data access Working with labels Developing label-based security Applying sensitivity levels Assessing impact to critical functions Working with Sample Classification Systems Tokenizing Sensitive Data Defining data tokens Isolating your tokenization system Accessing a token system Segmenting Data Anonymizing Data Encrypting Data in Motion, in Use, and at Rest Securing data in motion Encrypting stored data Protecting data in use by applications Creating Data Access Security Levels Controlling User Access Restricting IP access Limiting device access Building the border wall and other geofencing techniques Getting rid of stale data Chapter 4 Developing Secure Software Turbocharging Development No more waterfalls CI/CD: Continuous integration/continuous delivery Shifting left and adding security in development Tackling security sooner rather than later Putting security controls in place first Circling back Implementing DevSecOps Automating Testing during Development Using static and dynamic code analysis Taking steps in automation Leveraging software composition analysis Proving the job has been done right Logging and monitoring Ensuring data accountability, data assurance, and data dependability Running Your Applications Taking advantage of cloud agnostic integration Recognizing the down sides of cloud agnostic development Getting started down the cloud agnostic path Like DevOps but for Data Testing, 1-2-3 Is this thing working? Working well with others Baking in trust DevSecOps for DataOps Considering data security Ending data siloes Developing your data store Meeting the Challenges of DataSecOps Understanding That No Cloud Is Perfect Chapter 5 Restricting Access Determining the Level of Access Required Catching flies with honey Determining roles Auditing user requirements Understanding Least Privilege Policy Granting just-in-time privileges The need-to-know strategy Granting access to trusted employees Restricting access to contractors Implementing Authentication Multifactor authentication (Or, who’s calling me now?) Authenticating with API keys Using Firebase authentication Employing OAuth Google and Facebook authentication methods Introducing the Alphabet Soup of Compliance Global compliance Complying with PCI Complying with GDPR HIPAA compliance Government compliance Compliance in general Maintaining Compliance and CSPM Discovering and remediating threats with CSPM applications Automating Compliance Integrating with DevOps Controlling Access to the Cloud Using a cloud access security broker (CASB) Middleware protection systems Getting Certified ISO 27001 Compliance SOC 2 compliance PCI certification Part 2 Acceptance Chapter 6 Managing Cloud Resources Defending Your Cloud Resources from Attack Living in a Virtual World Moving to virtualization Addressing VM security concerns Using containers Securing Cloud Resources with Patch Management Patching VMs and containers Implementing patch management Keeping Your Cloud Assets Straight in Your Mind Keeping Tabs with Logs Using Google Cloud Management software Using AWS log management Using Azure log management Working with third-party log management software Logging containers Building Your Own Defenses Creating your development team Using open-source security Protecting your containers Protecting your codebase Chapter 7 The Role of AIOps in Cloud Security Taking the AIOps Route Detecting the problem Using dynamic thresholds Catching attacks early in the Cyber Kill chain Prioritizing incidents Assigning tasks Diagnosing the root problem Reducing time to MTTR Spotting transitory problems Digging into the past Solving the problem Achieving resolution Automating security responses Continually improving Making Things Visible Implementing resource discovery Automating discovery Managing Resources, CMDB-Style Seeing potential impacts Adding configuration items Employing CSDM Using AIOps Gaining insights Examining a wireless networking use case Using Splunk to Manage Clouds Observability Alerts Splunk and AIOps Predictive analytics Adaptive thresholding Views of everything Deep Dive in Splunk Event Analytics in Splunk Splunk On-Call Phantom Putting ServiceNow Through Its Paces AIOps require an overhead view React to problems Gauge system health Automation makes it all happen Getting the Job Done with IT Service Management How ITSM is different Performance analytics Changing Your Team A (Not So Final) Word Chapter 8 Implementing Zero Trust Making the Shift from Perimeter Security Examining the Foundations of Zero Trust Philosophy Two-way authentication Endpoint device management End-to-end encryption Policy based access Accountability Least privilege Network access control and beyond CSPM risk automation Dealing with Zero Trust Challenges Choose a roadmap Take a simple, step-by-step approach Keep in mind some challenges you face in implementing zero trust Chapter 9 Dealing with Hybrid Cloud Environments Public Clouds Make Pretty Sunsets Controlling your environment Optimizing for speed Managing security Private Clouds for Those Special Needs Wrapping Your Mind around Hybrid Cloud Options Hybrid storage solution Tiered data storage Gauging the Advantages of the Hybrid Cloud Setup It’s scalable The costs You maintain control The need for speed Overcoming data silos Compliance Struggling with Hybrid Challenges Handling a larger attack surface Data leakage Data transport times Complexity Risks to your service level agreements Overcoming Hybrid Challenges Asset management SAM HAM IT asset management Latency issues On the Move: Migrating to a Hybrid Cloud Data migration readiness Making a plan Picking the right cloud service Using a migration calendar Making it happen Dealing with compatibility issues Using a Package HPE Hybrid Cloud Solution Amazon Web Services Microsoft Azure Chapter 10 Data Loss and Disaster Recovery Linking Email with Data Loss Data loss from malware The nefarious ransomware Ransomware and the cloud Crafting Data Loss Prevention Strategies Backing up your data Tiered backups Minimizing Cloud Data Loss Why Cloud DLP? Cloud access security brokers Recovering from Disaster Recovery planning Business continuity RTO and RPO Coming up with the recovery plan itself Chaos Engineering Practical chaos engineering Listing what could go wrong Seeing how bad it can get Attaining resiliency Part 3 Business as Usual Chapter 11 Using Cloud Security Services Customizing Your Data Protection Validating Your Cloud Multifactor authentication One-time passwords Managing file transfers HSM: Hardware Security Modules for the Big Kids Looking at HSM cryptography Managing keys with an HSM Building in tamper resistance Using HSMs to manage your own keys Meeting financial data security requirements with HSMs DNSSEC OpenDNSSEC Evaluating HSM products Looking at cloud HSMs KMS: Key Management Services for Everyone Else SSH compliance The encryption-key lifecycle Setting Up Crypto Service Gateways Chapter 12 When Things Go Wrong Finding Your Focus Stealing Data Landing, expanding, and exfiltrating Offboarding employees Preventing the Preventable and Managing Employee Security Navigating Cloud Native Breaches Minimizing employee error Guarding against insider data thefts Preventing employee data spillage Cleaning up after the spill Chapter 13 Security Frameworks Looking at Common Frameworks COBIT SABSA Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) Federal Risk and Authorization Management Program (FEDRAMP) Personal Information Protection and Electronic Documents Act (PIPEDA) Payment Card Industry — Data Security Standard (PCI–DSS) GLBA SCF DFARS 252.204-7012/ NIST 800-171 ISO/IEC 27000 Series CIS Critical Security Controls CIS Benchmarks Common Criteria FDA regulations on electronic records and signatures ITIL Introducing SASE Architecture The sassy side of SASE Sassy makeup The Cloud Native Application Protection Platform Working with CWPP Advantages of CWPP Managing with CSPM NIST Risk Management Framework Federal Information Security Modernization Act Cybersecurity Strategy and Implementation Plan Chapter 14 Security Consortiums Doing the Right Thing Membership in the Cloud Security Alliance Company membership Individual membership Getting that Stamp of Approval CCSK Certification CISA: Certified Security Information Systems Auditor CRISC: Certified Risk and Information Systems Control CCAK: Certificate of Cloud Auditing Knowledge Advanced Cloud Security Practitioner GDPR Lead Auditor and Consultant Information Security Alliances, Groups, and Consortiums Words for the Road Part 4 The Part of Tens Chapter 15 Ten Steps to Better Cloud Security Scoping Out the Dangers Inspiring the Right People to Do the Right Thing Keeping Configuration Management on the Straight and Narrow Adopting AIOps Getting on board with DataOps Befriending Zero Trust Keeping the Barn Door Closed Complying with Compliance Mandates Joining the Cloud Security Club Preparing for the Future Chapter 16 Cloud Security Solutions Checkpoint CloudGuard CloudPassage Halo Threat Stack Cloud Security Platform Symantec Cloud Workload Protection Datadog Monitoring Software Azure AD Palo Alto Prisma Fortinet Cloud Security ServiceNow AIOps Lacework Index EULA
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.