Cloud Security For Dummies

Häftad, Engelska, 2022

329 kr

Beställningsvara. Skickas inom 7-10 vardagar. Fri frakt för medlemmar vid köp för minst 249 kr.

Embrace the cloud and kick hackers to the curb with this accessible guide on cloud security Cloud technology has changed the way we approach technology. It’s also given rise to a new set of security challenges caused by bad actors who seek to exploit vulnerabilities in a digital infrastructure. You can put the kibosh on these hackers and their dirty deeds by hardening the walls that protect your data. Using the practical techniques discussed in Cloud Security For Dummies, you’ll mitigate the risk of a data breach by building security into your network from the bottom-up. Learn how to set your security policies to balance ease-of-use and data protection and work with tools provided by vendors trusted around the world. This book offers step-by-step demonstrations of how to: Establish effective security protocols for your cloud application, network, and infrastructure Manage and use the security tools provided by different cloud vendors Deliver security audits that reveal hidden flaws in your security setup and ensure compliance with regulatory frameworks As firms around the world continue to expand their use of cloud technology, the cloud is becoming a bigger and bigger part of our lives. You can help safeguard this critical component of modern IT architecture with the straightforward strategies and hands-on techniques discussed in this book.

Produktinformation

Utgivningsdatum2022-05-05
Mått191 x 239 x 38 mm
Vikt499 g
FormatHäftad
SpråkEngelska
Antal sidor384
FörlagJohn Wiley & Sons Inc
ISBN9781119790464

Tillhör följande kategorier

Nätverk och kommunikation inom Data och IT

Ted Coombs is a direct descendant of King Edward of England, a former world record holder for most miles roller skated in a day, and a longtime technology guru and author. He’s written over a dozen technology books on a wide array of topics ranging from database programming to building an internet site. Along the way he helped create early artificial intelligence tools and served as cybersecurity professional focused on computer forensics.

Introduction 1About This Book 2Foolish Assumptions 3Icons Used in This Book 3Beyond the Book 3Where to Go from Here 4Part 1: Getting Started with Cloud Security 5Chapter 1: Clouds Aren’t Bulletproof 7Knowing Your Business 8Discovering the company jewels 8Initiating your plan 8Automating the discovery process 8Knowing Your SLA Agreements with Service Providers 10Where is the security? 10Knowing your part 11Building Your Team 11Finding the right people 12Including stakeholders 12Creating a Risk Management Plan 13Identifying the risks 14Assessing the consequences of disaster 15Pointing fingers at the right people 15Disaster planning 16When Security Is Your Responsibility 17Determining which assets to protect 17Knowing your possible threat level 20Van Gogh with it (paint a picture of your scenario) 21Setting up a risk assessment database 22Avoiding Security Work with the Help of the Cloud 24Having someone else ensure physical security 25Making sure providers have controls to separate customer data 25Recognizing that cloud service providers can offer better security 25Chapter 2: Getting Down to Business 27Negotiating the Shared Responsibility Model 28Coloring inside the lines 29Learning what to expect from a data center 29Taking responsibility for your 75 percent 31SaaS, PaaS, IaaS, AaaA! 31SaaS 31SaaS security 32PaaS 32PaaS security 33IaaS 33IaaS security 34FaaS 34SaaS, PaaS, IaaS, FaaS responsibilities 34Managing Your Environment 35Restricting access 36Assessing supply chain risk 36Managing virtual devices 38Application auditing 38Managing Security for Devices Not Under Your Control 39Inventorying devices 39Using a CASB solution 40Applying Security Patches 41Looking Ahead 42Chapter 3: Storing Data in the Cloud 43Dealing with the Data Silo Dilemma 44Cataloging Your Data 45Selecting a data catalog software package 46Three steps to building a data catalog 46Controlling data access 47Working with labels 49Developing label-based security 50Applying sensitivity levels 50Assessing impact to critical functions 50Working with Sample Classification Systems 51Tokenizing Sensitive Data 54Defining data tokens 54Isolating your tokenization system 55Accessing a token system 55Segmenting Data 56Anonymizing Data 56Encrypting Data in Motion, in Use, and at Rest 58Securing data in motion 59Encrypting stored data 59Protecting data in use by applications 60Creating Data Access Security Levels 60Controlling User Access 61Restricting IP access 61Limiting device access 62Building the border wall and other geofencing techniques 63Getting rid of stale data 64Chapter 4: Developing Secure Software 65Turbocharging Development 65No more waterfalls 66CI/CD: Continuous integration/continuous delivery 68Shifting left and adding security in development 68Tackling security sooner rather than later 69Putting security controls in place first 70Circling back 70Implementing DevSecOps 71Automating Testing during Development 71Using static and dynamic code analysis 72Taking steps in automation 73Leveraging software composition analysis 74Proving the job has been done right 76Logging and monitoring 76Ensuring data accountability, data assurance, and data dependability 77Running Your Applications 78Taking advantage of cloud agnostic integration 79Recognizing the down sides of cloud agnostic development 80Getting started down the cloud agnostic path 81Like DevOps but for Data 82Testing, 1-2-3 84Is this thing working? 85Working well with others 85Baking in trust 85DevSecOps for DataOps 86Considering data security 87Ending data siloes 88Developing your data store 89Meeting the Challenges of DataSecOps 90Understanding That No Cloud Is Perfect 92Chapter 5: Restricting Access 95Determining the Level of Access Required 95Catching flies with honey 96Determining roles 97Auditing user requirements 97Understanding Least Privilege Policy 98Granting just-in-time privileges 99The need-to-know strategy 99Granting access to trusted employees 99Restricting access to contractors 100Implementing Authentication 101Multifactor authentication (Or, who’s calling me now?) 101Authenticating with API keys 102Using Firebase authentication 102Employing OAuth 103Google and Facebook authentication methods 103Introducing the Alphabet Soup of Compliance 104Global compliance 104Complying with PCI 105Complying with GDPR 106HIPAA compliance 107Government compliance 109Compliance in general 110Maintaining Compliance and CSPM 110Discovering and remediating threats with CSPM applications 112Automating Compliance 113Integrating with DevOps 113Controlling Access to the Cloud 114Using a cloud access security broker (CASB) 115Middleware protection systems 117Getting Certified 121ISO 27001 Compliance 121SOC 2 compliance 122PCI certification 124Part 2: Acceptance 125Chapter 6: Managing Cloud Resources 127Defending Your Cloud Resources from Attack 128Living in a Virtual World 129Moving to virtualization 130Addressing VM security concerns 130Using containers 131Securing Cloud Resources with Patch Management 132Patching VMs and containers 133Implementing patch management 133Keeping Your Cloud Assets Straight in Your Mind 134Keeping Tabs with Logs 136Using Google Cloud Management software 136Using AWS log management 137Using Azure log management 139Working with third-party log management software 139Logging containers 140Building Your Own Defenses 141Creating your development team 141Using open-source security 142Protecting your containers 143Protecting your codebase 143Chapter 7: The Role of AIOps in Cloud Security 145Taking the AIOps Route 146Detecting the problem 148Using dynamic thresholds 149Catching attacks early in the Cyber Kill chain 149Prioritizing incidents 150Assigning tasks 150Diagnosing the root problem 151Reducing time to MTTR 151Spotting transitory problems 152Digging into the past 152Solving the problem 153Achieving resolution 154Automating security responses 154Continually improving 155Making Things Visible 155Implementing resource discovery 155Automating discovery 156Managing Resources, CMDB-Style 157Seeing potential impacts 157Adding configuration items 158Employing CSDM 158Using AIOps 159Gaining insights 159Examining a wireless networking use case 159Using Splunk to Manage Clouds 161Observability 161Alerts 162Splunk and AIOps 163Predictive analytics 163Adaptive thresholding 163Views of everything 164Deep Dive in Splunk 164Event Analytics in Splunk 164Splunk On-Call 165Phantom 166Putting ServiceNow Through Its Paces 167AIOps require an overhead view 167React to problems 167Gauge system health 168Automation makes it all happen 169Getting the Job Done with IT Service Management 170How ITSM is different 170Performance analytics 170Changing Your Team 171A (Not So Final) Word 172Chapter 8: Implementing Zero Trust 173Making the Shift from Perimeter Security 174Examining the Foundations of Zero Trust Philosophy 175Two-way authentication 175Endpoint device management 176End-to-end encryption 177Policy based access 179Accountability 181Least privilege 182Network access control and beyond 182CSPM risk automation 184Dealing with Zero Trust Challenges 185Choose a roadmap 186Take a simple, step-by-step approach 186Keep in mind some challenges you face in implementing zero trust 190Chapter 9: Dealing with Hybrid Cloud Environments 195Public Clouds Make Pretty Sunsets 196Controlling your environment 197Optimizing for speed 197Managing security 198Private Clouds for Those Special Needs 199Wrapping Your Mind around Hybrid Cloud Options 200Hybrid storage solution 201Tiered data storage 202Gauging the Advantages of the Hybrid Cloud Setup 203It’s scalable 203The costs 203You maintain control 203The need for speed 204Overcoming data silos 204Compliance 206Struggling with Hybrid Challenges 207Handling a larger attack surface 207Data leakage 207Data transport times 208Complexity 208Risks to your service level agreements 208Overcoming Hybrid Challenges 209Asset management 209SAM 210HAM 211IT asset management 211Latency issues 212On the Move: Migrating to a Hybrid Cloud 213Data migration readiness 213Making a plan 213Picking the right cloud service 214Using a migration calendar 215Making it happen 215Dealing with compatibility issues 215Using a Package 216HPE Hybrid Cloud Solution 216Amazon Web Services 216Microsoft Azure 217Chapter 10: Data Loss and Disaster Recovery 219Linking Email with Data Loss 220Data loss from malware 221The nefarious ransomware 222Ransomware and the cloud 223Crafting Data Loss Prevention Strategies 224Backing up your data 226Tiered backups 226Minimizing Cloud Data Loss 229Why Cloud DLP? 229Cloud access security brokers 229Recovering from Disaster 232Recovery planning 232Business continuity 232RTO and RPO 233Coming up with the recovery plan itself 233Chaos Engineering 235Practical chaos engineering 236Listing what could go wrong 238Seeing how bad it can get 239Attaining resiliency 239Part 3: Business as Usual 241Chapter 11: Using Cloud Security Services 243Customizing Your Data Protection 244Validating Your Cloud 244Multifactor authentication 245One-time passwords 245Managing file transfers 250HSM: Hardware Security Modules for the Big Kids 251Looking at HSM cryptography 252Managing keys with an HSM 253Building in tamper resistance 255Using HSMs to manage your own keys 255Meeting financial data security requirements with HSMs 256DNSSEC 256OpenDNSSEC 257Evaluating HSM products 258Looking at cloud HSMs 259KMS: Key Management Services for Everyone Else 259SSH compliance 260The encryption-key lifecycle 262Setting Up Crypto Service Gateways 263Chapter 12: When Things Go Wrong 265Finding Your Focus 265Stealing Data 101 266Landing, expanding, and exfiltrating 267Offboarding employees 273Preventing the Preventable and Managing Employee Security 276Navigating Cloud Native Breaches 280Minimizing employee error 281Guarding against insider data thefts 283Preventing employee data spillage 284Cleaning up after the spill 285Chapter 13: Security Frameworks 289Looking at Common Frameworks 290COBIT 290SABSA 291Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) 292Federal Risk and Authorization Management Program (FEDRAMP) 292Personal Information Protection and Electronic Documents Act (PIPEDA) 293Payment Card Industry — Data Security Standard (PCI–DSS) 293GLBA 293SCF 294DFARS 252.204-7012/ NIST 800-171 294ISO/IEC 27000 Series 295CIS Critical Security Controls 295CIS Benchmarks 295Common Criteria 296FDA regulations on electronic records and signatures 296ITIL 297Introducing SASE Architecture 298The sassy side of SASE 299Sassy makeup 300The Cloud Native Application Protection Platform 303Working with CWPP 304Managing with CSPM 305NIST Risk Management Framework 305Federal Information Security Modernization Act 306Cybersecurity Strategy and Implementation Plan 307Chapter 14: Security Consortiums 311Doing the Right Thing 311Membership in the Cloud Security Alliance 313Company membership 314Individual membership 315Getting that Stamp of Approval 317CCSK Certification 317CISA: Certified Security Information Systems Auditor 317CRISC: Certified Risk and Information Systems Control 318CCAK: Certificate of Cloud Auditing Knowledge 318Advanced Cloud Security Practitioner 318GDPR Lead Auditor and Consultant 319Information Security Alliances, Groups, and Consortiums 319Words for the Road 321Part 4: The Part of Tens 323Chapter 15: Ten Steps to Better Cloud Security 325Scoping Out the Dangers 326Inspiring the Right People to Do the Right Thing 327Keeping Configuration Management on the Straight and Narrow 328Adopting AIOps 329Getting on board with DataOps 330Befriending Zero Trust 330Keeping the Barn Door Closed 331Complying with Compliance Mandates 332Joining the Cloud Security Club 333Preparing for the Future 333Chapter 16: Cloud Security Solutions 335Checkpoint CloudGuard 335CloudPassage Halo 336Threat Stack Cloud Security Platform 336Symantec Cloud Workload Protection 336Datadog Monitoring Software 337Azure AD 338Palo Alto Prisma 338Fortinet Cloud Security 338ServiceNow AIOps 339Lacework 340Index 341