Cloud Security Fundamentals

Nyhet

Building the Foundations for Secure Cloud Platforms

Inbunden, Engelska, 2026

Av Jason Edwards, UK) Edwards, Jason (Birkbeck, University of London

1 739 kr

Kommande

Produktinformation

Utgivningsdatum2026-04-02
FormatInbunden
SpråkEngelska
Antal sidor464
FörlagJohn Wiley & Sons Inc
ISBN9781394377732

Tillhör följande kategorier

Karriärplanering inom Ekonomi och ledarskap
Nätverk och kommunikation inom Data och it
Företagsekonomi inom Ekonomi och ledarskap

Table of Contents DedicationAcknowledgementsPrefaceChapter 1: The Strategic Importance of Cloud Security. 3Cloud as the Default Operating Model 3Business Drivers and Return on Security Investment. 4Evolving Risk Landscape in Cloud Contexts. 8Misconceptions and Shared Responsibility Realities. 11Cloud Security as a Business Enabler. 14Strategic Alignment Between Security and Enterprise Goals. 17Conclusion. 20Recommendations. 20Chapter 2: Foundations of Cloud Computing. 23Historical Roots and Computing Paradigms. 23Core Cloud Service Models. 25Deployment Models. 28Enabling Technologies: APIs, Virtualization, Containers. 32Infrastructure as Code and Automation Foundations. 35Cloud Economic Models and Abstraction Layers. 38Cloud Provider Ecosystems and Market Differentiation. 41Conclusion. 45Recommendations. 45Chapter 3: The Modern Cloud Security Landscape. 48Emerging Threats in Cloud Environments. 48Cloud-Specific Vulnerabilities and Attack Vectors. 51Deep Dive: Shared Responsibility Model by Service Tier. 54Limitations of Legacy Security Models in Cloud Contexts. 58Security Investment Patterns and Innovation Drivers. 60Cloud Security Maturity and Adoption Models. 64Conclusion. 67Recommendations. 67Chapter 4: Secure Cloud Architecture and Design. 70Secure-by-Design Principles for Cloud Infrastructure. 70Identity, Trust Boundaries, and Access Zones. 73Resilience, Redundancy, and High Availability Design. 75Secure Networking and Micro-Segmentation Models. 78Data Flow Mapping, Isolation, and Asset Tiering. 82Avoiding Cloud Security Anti-Patterns. 84Compliance-Ready Architectural Planning. 88Conclusion. 91Recommendations. 91Chapter 5: Identity and Access Management (IAM) in the Cloud. 94Identity as the Security Perimeter. 94Authentication Protocols and Adaptive Techniques. 96Authorization Models: RBAC, ABAC, and Fine-Grained Access. 99Privileged Access Management (PAM) at Cloud Scale. 102Lifecycle Automation for Identity Provisioning and Decommissioning. 105Foundational IAM Architecture and Operational Best Practices. 110Conclusion. 113Recommendations. 113Chapter 6: Securing Data in Cloud Environments. 116Data Classification and Inventory Across Cloud Assets. 116Encryption in Transit, At Rest, and In Use. 118Key Management: HSMs, KMS, Rotation, and Escrow.. 121Data Residency, Sovereignty, and Jurisdictional Compliance. 125Backup, Archival, and Disaster Recovery for Data. 128Insert Table 6-2. 130Data Loss Prevention (DLP) and Leak Surface Reduction. 130Conclusion. 134Recommendations. 134Chapter 7: Monitoring, Detection, and Incident Management. 137Foundations of Logging and Security Telemetry in the Cloud. 137Threat Detection: Real-Time Event Correlation and Context. 139Security Monitoring Across Multi-Cloud Architectures. 143Incident Detection and Early Escalation Strategies. 146Automation and Orchestration in Incident Response. 149Metrics, KPIs, and Threat Intelligence Integration. 152Post-Incident Review and Root Cause Analysis. 155Conclusion. 158Recommendations. 158Chapter 8: Security Automation and DevSecOps. 161DevSecOps Principles and Security Integration Models. 161Secure CI/CD Pipeline Design and Control Points. 163Infrastructure as Code (IaC) Security and Policy as Code. 166Managing Secrets in Automated Development Workflows. 170Automating Compliance Validation in Build Pipelines. 172Governance Enforcement Through DevSecOps Tooling. 175Conclusion. 178Recommendations. 178Chapter 9: Advanced Architectures and Specialized Domains. 181Container Security and Kubernetes Hardening. 181Serverless and Event-Driven Architecture Security. 183API Security: Design, Authentication, and Rate Limiting. 187Supply Chain and Dependency Risk in Cloud Applications. 190Implementing Zero Trust in Cloud-Native Environments. 193Security for Edge, IoT, and Distributed Cloud Models. 196Resilience Engineering and Chaos Security Practices. 199Conclusion. 203Recommendations. 203Chapter 10: Cloud Governance, Risk, and Compliance (GRC) 206Foundations of Cloud Governance Structures. 206Enterprise Cloud Risk Management Frameworks. 210Mapping Regulatory Frameworks to Cloud Controls. 213Cloud Audit Preparedness and Evidence Collection. 216SaaS and Third-Party Governance Risk Strategies. 220Conclusion. 223Recommendations. 223Chapter 11: Cloud Hardening and Configuration Management. 226Core Principles of Secure Configuration and Hardening. 226Baseline Standards for Operating Systems and VMs. 229Container and Kubernetes Configuration Security. 232Hardening PaaS and Managed Cloud Services. 235Endpoint, Client, and Remote Access Configuration. 238Infrastructure as Code for Baseline Enforcement. 241Continuous Validation and Drift Detection Workflows. 245Conclusion. 248Recommendations. 249Chapter 12: Cloud Security Testing and Validation. 251Security Testing Methodologies in Cloud Contexts. 251Continuous Vulnerability Assessment and Remediation. 254Cloud-Aware Penetration Testing and Provider Constraints. 257Security Testing in DevSecOps Pipelines (SAST/DAST/IAST) 260External Testing, Bug Bounties, and Researcher Coordination. 263Purple Teaming, Simulated Attacks, and Threat-Informed Defense. 266Conclusion. 269Recommendations. 269Chapter 13: Secrets Management and Sensitive Asset Protection. 272Defining Secrets and Sensitive Credentials in the Cloud. 272Secure Secrets Lifecycle: Creation to Deletion. 275Centralized vs. Decentralized Secrets Management Models. 278Secrets Management in DevOps and CI/CD Workflows. 281Just-in-Time Access and Privileged Credential Rotation. 284Automating Secrets Management at Scale. 287Conclusion. 290Recommendations. 290Chapter 14: Cloud Network Security. 292Virtual Networking Foundations and Isolation Models. 292Network Segmentation, Routing, and Secure Zones. 295Cloud Firewall Configuration and Access Control Enforcement. 298Web Application Firewalls (WAF) and API Gateway Security. 302Secure Remote Access and Hybrid Connectivity Architectures. 305Traffic Logging, Packet Inspection, and Anomaly Detection. 309DDoS Protection, SDN, and Edge Network Security Techniques. 313Conclusion. 315Recommendations. 316Chapter 15: Identity Federation and Multi-Cloud Access Integration. 318Identity Federation Concepts and Cross-Domain Trust Models. 318Federation Protocols: SAML, OAuth, and OpenID Connect. 320Federation Architecture in Multi-Cloud and Hybrid Environments. 323Designing Secure and Scalable SSO Systems. 326Securing Federated Sessions, Assertions, and Tokens. 330Governance, Logging, and Compliance for Federated Access. 333Conclusion. 336Recommendations. 337Chapter 16: Serverless and Microservices Security. 339Core Concepts of Serverless and Microservices Architectures. 339Shared Responsibility in Serverless Execution Models. 342Authentication and Authorization Across Microservices. 345API Gateway Protection and Request Validation Techniques. 348Securing Events, Queues, and Triggers in Asynchronous Systems. 351Secrets and Data Handling in Ephemeral Execution Environments. 354Runtime Monitoring and Isolation for Distributed Workloads. 357Conclusion. 361Recommendations. 361Chapter 17: Data Privacy, Residency, and Protection Obligations. 364Privacy Fundamentals in Cloud Contexts. 364Data Residency, Localization, and Jurisdictional Compliance. 367Applying Privacy by Design in Cloud Architectures. 370Minimization, Pseudonymization, and Retention Strategies. 373Subject Access Requests and Erasure Protocols. 377Privacy Risk Assessment and Breach Notification Planning. 380Conclusion. 384Recommendations. 384Chapter 18: Cloud Compliance and Regulatory Readiness. 387Regulatory Scope and Interpretation for Cloud Services. 387Mapping Frameworks: FedRAMP, ISO 27017, CSA CCM, etc. 390Navigating Multi-Jurisdictional and Industry-Specific Regulations. 393Automated Compliance Monitoring and Control Validation. 396Evidence Collection, Documentation, and Control Traceability. 400Cloud Vendor Compliance Oversight and Attestation Review.. 403Strategic Compliance Roadmapping and Governance Alignment. 406Conclusions. 410Recommendations. 410Chapter 19: Cloud Risk Management and Enterprise Integration. 413Identifying and Categorizing Cloud Risk Vectors. 413Embedding Cloud Risk into Enterprise Risk Frameworks. 415Risk Quantification, Prioritization, and Response Planning. 418Third-Party, SaaS, and Supply Chain Risk Management. 421Shadow IT, Unmanaged Assets, and Risk Discovery Techniques. 425Conclusion. 428Recommendations. 428Chapter 20: Cloud Monitoring, Logging, and Detection. 431Principles of Observability in Cloud Infrastructure. 431Centralized Logging Strategies Across Providers. 433Real-Time Detection and Correlation with Native and Third-Party Tools. 436Cloud SIEM, SOAR, and Automation Integration. 439Behavioral Analytics and Anomaly Detection in Cloud Workloads. 442Alert Tuning, Prioritization, and False Positive Reduction. 445Maturity Models for Telemetry, Visibility, and Incident Readiness. 448Conclusions. 452Recommendations. 452Chapter 21: Cloud Security Metrics and Performance Reporting. 455Aligning Metrics with Business and Security Objectives. 455Operational and Technical Metrics for Cloud Security Operations. 457Compliance, Audit, and Control Effectiveness Indicators. 460Tracking Remediation, Drift, and Security Posture Trends. 463Maturity Models and Continuous Metrics Optimization. 466Conclusion. 469Recommendations. 469Chapter 22: Threat Intelligence and Attack Surface Management. 471Strategic Role of Threat Intelligence in Cloud Security. 471Discovering and Mapping the Cloud Attack Surface. 473Curating and Consuming External Intelligence Feeds. 476Threat Modeling, Attribution, and Prioritization. 479Integrating Threat Intelligence into Detection and Response. 482Monitoring Internal and External Attack Vectors Continuously. 485Collaborative Intelligence Sharing and Operational Integration. 488Conclusion. 492Recommendations. 492Chapter 23: Incident Response in Cloud Environments. 494Cloud-Aware Incident Response Planning and Governance. 494Role Definitions, Escalation Protocols, and Communication Plans. 497Detection, Validation, and Incident Categorization. 500Containment, Eradication, and Cloud-Scale Recovery. 503Forensic Considerations and Evidence Preservation. 506Post-Incident Review, Root Cause Analysis, and Corrective Actions. 509Integration of IR Playbooks with Cloud Automation and Orchestration. 512Conclusion. 515Recommendations. 516Chapter 24: Cloud Forensics and Legal Considerations. 519Foundations of Digital Forensics in Cloud Contexts. 519Forensic Readiness: Controls, Logging, and Preservation Practices. 521Integration of Forensics into Security Operations and IR. 525Jurisdiction, Chain of Custody, and Legal Admissibility. 528Collaborating with Cloud Providers During Investigations. 531Regulatory Expectations for Investigations and Reporting. 534Emerging Tools, Standards, and Future Forensic Models. 538Conclusion. 541Recommendations. 541Chapter 25: Disaster Recovery and Business Continuity in the Cloud. 544Strategic Foundations of Cloud DR and BCP Planning. 544Cloud DR Models: Backup, Pilot Light, Warm Standby, Active-Active. 547Identifying Critical Assets and Defining Recovery Objectives. 550Automated Testing and Validation of DR Plans. 553Ensuring Service Continuity for Distributed Cloud Systems. 556Integration of DR with Resilience, Chaos Engineering, and Automation. 560Maintaining Operational Continuity During Service Disruptions or Failures. 563Conclusion. 567Recommendations. 567Chapter 26: AI-Driven Cloud Security and Automation. 570Core Concepts of AI and ML in Cloud Security. 570AI-Enhanced Threat Detection and Behavioral Analysis. 572Predictive Risk Modeling and Security Forecasting. 576Autonomous Incident Response and Workflow Optimization. 579AI-Augmented Monitoring and Security Visibility. 582Conclusions. 586Recommendations. 586Chapter 27: Quantum-Ready Security for Cloud Infrastructures. 589Quantum Computing Fundamentals and Cloud Implications. 589Cryptographic Vulnerabilities and Quantum Threat Timelines. 592Post-Quantum Cryptography: Transition Strategies. 595Quantum Key Distribution (QKD) and Next-Gen Encryption Models. 598Inventorying and Replacing Classical Cryptographic Dependencies. 602Conclusion. 604Recommendations. 604Chapter 28: Securing Cloud-Integrated IoT and Edge Computing. 607Defining Cloud-Edge and IoT Integration Models. 607Unique Threats in Edge and Distributed Environments. 610Lifecycle Management for Devices and Firmware Security. 613Hardening Edge Infrastructure and Protecting Data Flows. 616Secure Connectivity Between Cloud, Edge, and Devices. 619Conclusion. 622Recommendations Index