Details

Cloud Security For Dummies


Cloud Security For Dummies


1. Aufl.

von: Ted Coombs

22,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 02.02.2022
ISBN/EAN: 9781119790488
Sprache: englisch
Anzahl Seiten: 384

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>Embrace the cloud and kick hackers to the curb with this accessible guide on cloud security </b></p> <p>Cloud technology has changed the way we approach technology. It’s also given rise to a new set of security challenges caused by bad actors who seek to exploit vulnerabilities in a digital infrastructure. You can put the kibosh on these hackers and their dirty deeds by hardening the walls that protect your data. </p> <p>Using the practical techniques discussed in <i>Cloud Security For Dummies,</i> you’ll mitigate the risk of a data breach by building security into your network from the bottom-up. Learn how to set your security policies to balance ease-of-use and data protection and work with tools provided by vendors trusted around the world. </p> <p>This book offers step-by-step demonstrations of how to: </p> <ul> <li>Establish effective security protocols for your cloud application, network, and infrastructure </li> <li>Manage and use the security tools provided by different cloud vendors </li> <li>Deliver security audits that reveal hidden flaws in your security setup and ensure compliance with regulatory frameworks </li> </ul> <p>As firms around the world continue to expand their use of cloud technology, the cloud is becoming a bigger and bigger part of our lives. You can help safeguard this critical component of modern IT architecture with the straightforward strategies and hands-on techniques discussed in this book.  </p>
<p><b>Introduction</b><b> 1</b></p> <p>About This Book 2</p> <p>Foolish Assumptions 3</p> <p>Icons Used in This Book 3</p> <p>Beyond the Book 3</p> <p>Where to Go from Here 4</p> <p><b>Part 1: Getting Started with Cloud Security</b><b> 5</b></p> <p><b>Chapter 1: Clouds Aren’t Bulletproof</b><b> 7</b></p> <p>Knowing Your Business 8</p> <p>Discovering the company jewels 8</p> <p>Initiating your plan 8</p> <p>Automating the discovery process 8</p> <p>Knowing Your SLA Agreements with Service Providers 10</p> <p>Where is the security? 10</p> <p>Knowing your part 11</p> <p>Building Your Team 11</p> <p>Finding the right people 12</p> <p>Including stakeholders 12</p> <p>Creating a Risk Management Plan 13</p> <p>Identifying the risks 14</p> <p>Assessing the consequences of disaster 15</p> <p>Pointing fingers at the right people 15</p> <p>Disaster planning 16</p> <p>When Security Is Your Responsibility 17</p> <p>Determining which assets to protect 17</p> <p>Knowing your possible threat level 20</p> <p>Van Gogh with it (paint a picture of your scenario) 21</p> <p>Setting up a risk assessment database 22</p> <p>Avoiding Security Work with the Help of the Cloud 24</p> <p>Having someone else ensure physical security 25</p> <p>Making sure providers have controls to separate customer data 25</p> <p>Recognizing that cloud service providers can offer better security 25</p> <p><b>Chapter 2: Getting Down to Business</b><b> 27</b></p> <p>Negotiating the Shared Responsibility Model 28</p> <p>Coloring inside the lines 29</p> <p>Learning what to expect from a data center 29</p> <p>Taking responsibility for your 75 percent 31</p> <p>SaaS, PaaS, IaaS, AaaA! 31</p> <p>SaaS 31</p> <p>SaaS security 32</p> <p>PaaS 32</p> <p>PaaS security 33</p> <p>IaaS 33</p> <p>IaaS security 34</p> <p>FaaS 34</p> <p>SaaS, PaaS, IaaS, FaaS responsibilities 34</p> <p>Managing Your Environment 35</p> <p>Restricting access 36</p> <p>Assessing supply chain risk 36</p> <p>Managing virtual devices 38</p> <p>Application auditing 38</p> <p>Managing Security for Devices Not Under Your Control 39</p> <p>Inventorying devices 39</p> <p>Using a CASB solution 40</p> <p>Applying Security Patches 41</p> <p>Looking Ahead 42</p> <p><b>Chapter 3: Storing Data in the Cloud </b><b>43</b></p> <p>Dealing with the Data Silo Dilemma 44</p> <p>Cataloging Your Data 45</p> <p>Selecting a data catalog software package 46</p> <p>Three steps to building a data catalog 46</p> <p>Controlling data access 47</p> <p>Working with labels 49</p> <p>Developing label-based security 50</p> <p>Applying sensitivity levels 50</p> <p>Assessing impact to critical functions 50</p> <p>Working with Sample Classification Systems 51</p> <p>Tokenizing Sensitive Data 54</p> <p>Defining data tokens 54</p> <p>Isolating your tokenization system 55</p> <p>Accessing a token system 55</p> <p>Segmenting Data 56</p> <p>Anonymizing Data 56</p> <p>Encrypting Data in Motion, in Use, and at Rest 58</p> <p>Securing data in motion 59</p> <p>Encrypting stored data 59</p> <p>Protecting data in use by applications 60</p> <p>Creating Data Access Security Levels 60</p> <p>Controlling User Access 61</p> <p>Restricting IP access 61</p> <p>Limiting device access 62</p> <p>Building the border wall and other geofencing techniques 63</p> <p>Getting rid of stale data 64</p> <p><b>Chapter 4: Developing Secure Software</b><b> 65</b></p> <p>Turbocharging Development 65</p> <p>No more waterfalls 66</p> <p>CI/CD: Continuous integration/continuous delivery 68</p> <p>Shifting left and adding security in development 68</p> <p>Tackling security sooner rather than later 69</p> <p>Putting security controls in place first 70</p> <p>Circling back 70</p> <p>Implementing DevSecOps 71</p> <p>Automating Testing during Development 71</p> <p>Using static and dynamic code analysis 72</p> <p>Taking steps in automation 73</p> <p>Leveraging software composition analysis 74</p> <p>Proving the job has been done right 76</p> <p>Logging and monitoring 76</p> <p>Ensuring data accountability, data assurance, and data dependability 77</p> <p>Running Your Applications 78</p> <p>Taking advantage of cloud agnostic integration 79</p> <p>Recognizing the down sides of cloud agnostic development 80</p> <p>Getting started down the cloud agnostic path 81</p> <p>Like DevOps but for Data 82</p> <p>Testing, 1-2-3 84</p> <p>Is this thing working? 85</p> <p>Working well with others 85</p> <p>Baking in trust 85</p> <p>DevSecOps for DataOps 86</p> <p>Considering data security 87</p> <p>Ending data siloes 88</p> <p>Developing your data store 89</p> <p>Meeting the Challenges of DataSecOps 90</p> <p>Understanding That No Cloud Is Perfect 92</p> <p><b>Chapter 5: Restricting Access</b><b> 95</b></p> <p>Determining the Level of Access Required 95</p> <p>Catching flies with honey 96</p> <p>Determining roles 97</p> <p>Auditing user requirements 97</p> <p>Understanding Least Privilege Policy 98</p> <p>Granting just-in-time privileges 99</p> <p>The need-to-know strategy 99</p> <p>Granting access to trusted employees 99</p> <p>Restricting access to contractors 100</p> <p>Implementing Authentication 101</p> <p>Multifactor authentication (Or, who’s calling me now?) 101</p> <p>Authenticating with API keys 102</p> <p>Using Firebase authentication 102</p> <p>Employing OAuth 103</p> <p>Google and Facebook authentication methods 103</p> <p>Introducing the Alphabet Soup of Compliance 104</p> <p>Global compliance 104</p> <p>Complying with PCI 105</p> <p>Complying with GDPR 106</p> <p>HIPAA compliance 107</p> <p>Government compliance 109</p> <p>Compliance in general 110</p> <p>Maintaining Compliance and CSPM 110</p> <p>Discovering and remediating threats with CSPM applications 112</p> <p>Automating Compliance 113</p> <p>Integrating with DevOps 113</p> <p>Controlling Access to the Cloud 114</p> <p>Using a cloud access security broker (CASB) 115</p> <p>Middleware protection systems 117</p> <p>Getting Certified 121</p> <p>ISO 27001 Compliance 121</p> <p>SOC 2 compliance 122</p> <p>PCI certification 124</p> <p><b>Part 2: Acceptance</b><b> 125</b></p> <p><b>Chapter 6: Managing Cloud Resources</b><b> 127</b></p> <p>Defending Your Cloud Resources from Attack 128</p> <p>Living in a Virtual World 129</p> <p>Moving to virtualization 130</p> <p>Addressing VM security concerns 130</p> <p>Using containers 131</p> <p>Securing Cloud Resources with Patch Management 132</p> <p>Patching VMs and containers 133</p> <p>Implementing patch management 133</p> <p>Keeping Your Cloud Assets Straight in Your Mind 134</p> <p>Keeping Tabs with Logs 136</p> <p>Using Google Cloud Management software 136</p> <p>Using AWS log management 137</p> <p>Using Azure log management 139</p> <p>Working with third-party log management software 139</p> <p>Logging containers 140</p> <p>Building Your Own Defenses 141</p> <p>Creating your development team 141</p> <p>Using open-source security 142</p> <p>Protecting your containers 143</p> <p>Protecting your codebase 143</p> <p><b>Chapter 7: The Role of AIOps in Cloud Security</b><b> 145</b></p> <p>Taking the AIOps Route 146</p> <p>Detecting the problem 148</p> <p>Using dynamic thresholds 149</p> <p>Catching attacks early in the Cyber Kill chain 149</p> <p>Prioritizing incidents 150</p> <p>Assigning tasks 150</p> <p>Diagnosing the root problem 151</p> <p>Reducing time to MTTR 151</p> <p>Spotting transitory problems 152</p> <p>Digging into the past 152</p> <p>Solving the problem 153</p> <p>Achieving resolution 154</p> <p>Automating security responses 154</p> <p>Continually improving 155</p> <p>Making Things Visible 155</p> <p>Implementing resource discovery 155</p> <p>Automating discovery 156</p> <p>Managing Resources, CMDB-Style 157</p> <p>Seeing potential impacts 157</p> <p>Adding configuration items 158</p> <p>Employing CSDM 158</p> <p>Using AIOps 159</p> <p>Gaining insights 159</p> <p>Examining a wireless networking use case 159</p> <p>Using Splunk to Manage Clouds 161</p> <p>Observability 161</p> <p>Alerts 162</p> <p>Splunk and AIOps 163</p> <p>Predictive analytics 163</p> <p>Adaptive thresholding 163</p> <p>Views of everything 164</p> <p>Deep Dive in Splunk 164</p> <p>Event Analytics in Splunk 164</p> <p>Splunk On-Call 165</p> <p>Phantom 166</p> <p>Putting ServiceNow Through Its Paces 167</p> <p>AIOps require an overhead view 167</p> <p>React to problems 167</p> <p>Gauge system health 168</p> <p>Automation makes it all happen 169</p> <p>Getting the Job Done with IT Service Management 170</p> <p>How ITSM is different 170</p> <p>Performance analytics 170</p> <p>Changing Your Team 171</p> <p>A (Not So Final) Word 172</p> <p><b>Chapter 8: Implementing Zero Trust</b><b> 173</b></p> <p>Making the Shift from Perimeter Security 174</p> <p>Examining the Foundations of Zero Trust Philosophy 175</p> <p>Two-way authentication 175</p> <p>Endpoint device management 176</p> <p>End-to-end encryption 177</p> <p>Policy based access 179</p> <p>Accountability 181</p> <p>Least privilege 182</p> <p>Network access control and beyond 182</p> <p>CSPM risk automation 184</p> <p>Dealing with Zero Trust Challenges 185</p> <p>Choose a roadmap 186</p> <p>Take a simple, step-by-step approach 186</p> <p>Keep in mind some challenges you face in implementing zero trust 190</p> <p><b>Chapter 9: Dealing with Hybrid Cloud Environments</b><b> 195</b></p> <p>Public Clouds Make Pretty Sunsets 196</p> <p>Controlling your environment 197</p> <p>Optimizing for speed 197</p> <p>Managing security 198</p> <p>Private Clouds for Those Special Needs 199</p> <p>Wrapping Your Mind around Hybrid Cloud Options 200</p> <p>Hybrid storage solution 201</p> <p>Tiered data storage 202</p> <p>Gauging the Advantages of the Hybrid Cloud Setup 203</p> <p>It’s scalable 203</p> <p>The costs 203</p> <p>You maintain control 203</p> <p>The need for speed 204</p> <p>Overcoming data silos 204</p> <p>Compliance 206</p> <p>Struggling with Hybrid Challenges 207</p> <p>Handling a larger attack surface 207</p> <p>Data leakage 207</p> <p>Data transport times 208</p> <p>Complexity 208</p> <p>Risks to your service level agreements 208</p> <p>Overcoming Hybrid Challenges 209</p> <p>Asset management 209</p> <p>SAM 210</p> <p>HAM 211</p> <p>IT asset management 211</p> <p>Latency issues 212</p> <p>On the Move: Migrating to a Hybrid Cloud 213</p> <p>Data migration readiness 213</p> <p>Making a plan 213</p> <p>Picking the right cloud service 214</p> <p>Using a migration calendar 215</p> <p>Making it happen 215</p> <p>Dealing with compatibility issues 215</p> <p>Using a Package 216</p> <p>HPE Hybrid Cloud Solution 216</p> <p>Amazon Web Services 216</p> <p>Microsoft Azure 217</p> <p><b>Chapter 10: Data Loss and Disaster Recovery</b><b> 219</b></p> <p>Linking Email with Data Loss 220</p> <p>Data loss from malware 221</p> <p>The nefarious ransomware 222</p> <p>Ransomware and the cloud 223</p> <p>Crafting Data Loss Prevention Strategies 224</p> <p>Backing up your data 226</p> <p>Tiered backups 226</p> <p>Minimizing Cloud Data Loss 229</p> <p>Why Cloud DLP? 229</p> <p>Cloud access security brokers 229</p> <p>Recovering from Disaster 232</p> <p>Recovery planning 232</p> <p>Business continuity 232</p> <p>RTO and RPO 233</p> <p>Coming up with the recovery plan itself 233</p> <p>Chaos Engineering 235</p> <p>Practical chaos engineering 236</p> <p>Listing what could go wrong 238</p> <p>Seeing how bad it can get 239</p> <p>Attaining resiliency 239</p> <p><b>Part 3: Business as Usual</b><b> 241</b></p> <p><b>Chapter 11: Using Cloud Security Services</b><b> 243</b></p> <p>Customizing Your Data Protection 244</p> <p>Validating Your Cloud 244</p> <p>Multifactor authentication 245</p> <p>One-time passwords 245</p> <p>Managing file transfers 250</p> <p>HSM: Hardware Security Modules for the Big Kids 251</p> <p>Looking at HSM cryptography 252</p> <p>Managing keys with an HSM 253</p> <p>Building in tamper resistance 255</p> <p>Using HSMs to manage your own keys 255</p> <p>Meeting financial data security requirements with HSMs 256</p> <p>DNSSEC 256</p> <p>OpenDNSSEC 257</p> <p>Evaluating HSM products 258</p> <p>Looking at cloud HSMs 259</p> <p>KMS: Key Management Services for Everyone Else 259</p> <p>SSH compliance 260</p> <p>The encryption-key lifecycle 262</p> <p>Setting Up Crypto Service Gateways 263</p> <p><b>Chapter 12: When Things Go Wrong</b><b> 265</b></p> <p>Finding Your Focus 265</p> <p>Stealing Data 101 266</p> <p>Landing, expanding, and exfiltrating 267</p> <p>Offboarding employees 273</p> <p>Preventing the Preventable and Managing Employee Security 276</p> <p>Navigating Cloud Native Breaches 280</p> <p>Minimizing employee error 281</p> <p>Guarding against insider data thefts 283</p> <p>Preventing employee data spillage 284</p> <p>Cleaning up after the spill 285</p> <p><b>Chapter 13: Security Frameworks</b><b> 289</b></p> <p>Looking at Common Frameworks 290</p> <p>COBIT 290</p> <p>SABSA 291</p> <p>Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) 292</p> <p>Federal Risk and Authorization Management Program (FEDRAMP) 292</p> <p>Personal Information Protection and Electronic Documents Act (PIPEDA) 293</p> <p>Payment Card Industry — Data Security Standard (PCI–DSS) 293</p> <p>GLBA 293</p> <p>SCF 294</p> <p>DFARS 252.204-7012/ NIST 800-171 294</p> <p>ISO/IEC 27000 Series 295</p> <p>CIS Critical Security Controls 295</p> <p>CIS Benchmarks 295</p> <p>Common Criteria 296</p> <p>FDA regulations on electronic records and signatures 296</p> <p>ITIL 297</p> <p>Introducing SASE Architecture 298</p> <p>The sassy side of SASE 299</p> <p>Sassy makeup 300</p> <p>The Cloud Native Application Protection Platform 303</p> <p>Working with CWPP 304</p> <p>Managing with CSPM 305</p> <p>NIST Risk Management Framework 305</p> <p>Federal Information Security Modernization Act 306</p> <p>Cybersecurity Strategy and Implementation Plan 307</p> <p><b>Chapter 14: Security Consortiums</b><b> 311</b></p> <p>Doing the Right Thing 311</p> <p>Membership in the Cloud Security Alliance 313</p> <p>Company membership 314</p> <p>Individual membership 315</p> <p>Getting that Stamp of Approval 317</p> <p>CCSK Certification 317</p> <p>CISA: Certified Security Information Systems Auditor 317</p> <p>CRISC: Certified Risk and Information Systems Control 318</p> <p>CCAK: Certificate of Cloud Auditing Knowledge 318</p> <p>Advanced Cloud Security Practitioner 318</p> <p>GDPR Lead Auditor and Consultant 319</p> <p>Information Security Alliances, Groups, and Consortiums 319</p> <p>Words for the Road 321</p> <p><b>Part 4: The Part of Tens</b><b> 323</b></p> <p><b>Chapter 15: Ten Steps to Better Cloud Security</b><b> 325</b></p> <p>Scoping Out the Dangers 326</p> <p>Inspiring the Right People to Do the Right Thing 327</p> <p>Keeping Configuration Management on the Straight and Narrow 328</p> <p>Adopting AIOps 329</p> <p>Getting on board with DataOps 330</p> <p>Befriending Zero Trust 330</p> <p>Keeping the Barn Door Closed 331</p> <p>Complying with Compliance Mandates 332</p> <p>Joining the Cloud Security Club 333</p> <p>Preparing for the Future 333</p> <p><b>Chapter 16: Cloud Security Solutions </b><b>335</b></p> <p>Checkpoint CloudGuard 335</p> <p>CloudPassage Halo 336</p> <p>Threat Stack Cloud Security Platform 336</p> <p>Symantec Cloud Workload Protection 336</p> <p>Datadog Monitoring Software 337</p> <p>Azure AD 338</p> <p>Palo Alto Prisma 338</p> <p>Fortinet Cloud Security 338</p> <p>ServiceNow AIOps 339</p> <p>Lacework 340</p> <p>Index 341</p>
<p><b>Ted Coombs</b> is a direct descendant of King Edward of England, a former world record holder for most miles roller skated in a day, and a longtime technology guru and author. He’s written over a dozen technology books on a wide array of topics ranging from database programming to building an internet site. Along the way he helped create early artificial intelligence tools and served as cybersecurity professional focused on computer forensics.
<p><b>Strengthen the digital walls around your cloud</b> <p>In addition to being one of the most exciting developments in information technology in years, cloud technology has also given rise to a ton of new security challenges. This book shares practical and straightforward techniques to mitigate the risk of a data breach by building security into your systems from the ground up. Balance user-friendliness and data protection as you work with tools provided by the world’s most trusted cloud vendors, including Microsoft, Amazon, and Google. <p><b>Inside... <ul><li>Safely store data in the cloud</li> <li>Develop secure cloud software</li> <li>Manage cloud resources</li> <li>Integrate AIOps into cloud security</li> <li>Deploy hybrid environments</li> <li>Employ data loss Prevention</li> <li>Create a security policy</li> <li>Implement zero trust solutions</b></li></ul>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
120,99 €