Enterprise Cloud Security and Governance

Build a resilient cloud architecture to tackle data disasters with ease
Preview in Mapt
Code Files

Enterprise Cloud Security and Governance

Zeal Vora

Build a resilient cloud architecture to tackle data disasters with ease

Quick links: > What will you learn?> Table of content

eBook
$25.20
RRP $35.99
Save 29%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$25.20
$44.99
RRP $35.99
RRP $44.99
eBook
Print + eBook

Frequently bought together


Enterprise Cloud Security and Governance Book Cover
Enterprise Cloud Security and Governance
$ 35.99
$ 25.20
Mastering Linux Security and Hardening Book Cover
Mastering Linux Security and Hardening
$ 35.99
$ 25.20
Buy 2 for $35.00
Save $36.98
Add to Cart

Book Details

ISBN 139781788299558
Paperback410 pages

Book Description

Modern day businesses and enterprises are moving to the Cloud, to improve efficiency and speed, achieve flexibility and cost effectiveness, and for on-demand Cloud services. However, enterprise Cloud security remains a major concern because migrating to the public Cloud requires transferring some control over organizational assets to the Cloud provider. There are chances these assets can be mismanaged and therefore, as a Cloud security professional, you need to be armed with techniques to help businesses minimize the risks and misuse of business data.

The book starts with the basics of Cloud security and offers an understanding of various policies, governance, and compliance challenges in Cloud. This helps you build a strong foundation before you dive deep into understanding what it takes to design a secured network infrastructure and a well-architected application using various security services in the Cloud environment.

Automating security tasks, such as Server Hardening with Ansible, and other automation services, such as Monit, will monitor other security daemons and take the necessary action in case these security daemons are stopped maliciously. In short, this book has everything you need to secure your Cloud environment with. It is your ticket to obtain industry-adopted best practices for developing a secure, highly available, and fault-tolerant architecture for organizations.

Table of Contents

Chapter 1: The Fundamentals of Cloud Security
Getting started
Service models
Deployment models
Cloud security
Why is cloud security considered hard?
Virtualization – cloud's best friend
Enterprise virtualization with oVirt
Service Level Agreement
Business Continuity Planning – Disaster Recovery (BCP/DR)
Policies and governance in cloud
Audit challenges in the cloud
Implementation challenges for controls on CSP side
Vulnerability assessment and penetration testing in the cloud
Summary
Chapter 2: Defense in Depth Approach
The CIA triad
Introducing Defense in Depth
Summary
Chapter 3: Designing Defensive Network Infrastructure
Why do we need cryptography?
The TCP/IP model
Firewalls
Application layer security
The IPS functionality
A web application firewall
Network segmentation
Accessing management
Virtual Private Network
Installation of OpenVPN
Approaching private hosted zones for DNS
Summary
Chapter 4: Server Hardening
The basic principle of host-based security
Keeping systems up-to-date
Partitioning and LUKS
LUKS
Access control list
SELinux
Hardening system services and applications
Pluggable authentication modules
System auditing with auditd
Hosted Based Intrusion Detection System
The hardened image approach
Summary
Chapter 5: Cryptography Network Security
Introduction to cryptography
Types of cryptography
Message authentication codes
Hardware security modules
Key management service
Envelope encryption
Credential management system with KMS
Asymmetric key encryption 
Digital signatures
SSL/TLS
Perfect forward secrecy
Online certificate status protocol
OCSP stapling
AWS certificate manager
Summary
Chapter 6: Automation in Security
Configuration management
Attaining the desired state with Ansible pull
Terraform
AWS Lambda
Summary
Chapter 7: Vulnerability, Pentest, and Patch Management
Introduction to vulnerability assessment
Understanding risks
Risk mitigation
Best practices
Patch management
Organizing servers in groups
Introduction to Docker
Summary
Chapter 8: Security Logging and Monitoring
Continuous security and monitoring
Choosing the right log monitoring tool
Security Incident and Event Management
Log monitoring is reactive in nature
Summary
Chapter 9: First Responder
Real world use case
Understanding the incident
Holding unexpected simulation
Summary
Chapter 10: Best Practices
Cloud readiness
Network readiness
Server readiness
Bonus points
Summary

What You Will Learn

  • Configure your firewall and Network ACL
  • Protect your system against DDOS and application-level attacks
  • Explore cryptography and data security for your cloud
  • Get to grips with configuration management tools to automate your security tasks
  • Perform vulnerability scanning with the help of the standard tools in the industry
  • Learn about central log management

Authors

Table of Contents

Chapter 1: The Fundamentals of Cloud Security
Getting started
Service models
Deployment models
Cloud security
Why is cloud security considered hard?
Virtualization – cloud's best friend
Enterprise virtualization with oVirt
Service Level Agreement
Business Continuity Planning – Disaster Recovery (BCP/DR)
Policies and governance in cloud
Audit challenges in the cloud
Implementation challenges for controls on CSP side
Vulnerability assessment and penetration testing in the cloud
Summary
Chapter 2: Defense in Depth Approach
The CIA triad
Introducing Defense in Depth
Summary
Chapter 3: Designing Defensive Network Infrastructure
Why do we need cryptography?
The TCP/IP model
Firewalls
Application layer security
The IPS functionality
A web application firewall
Network segmentation
Accessing management
Virtual Private Network
Installation of OpenVPN
Approaching private hosted zones for DNS
Summary
Chapter 4: Server Hardening
The basic principle of host-based security
Keeping systems up-to-date
Partitioning and LUKS
LUKS
Access control list
SELinux
Hardening system services and applications
Pluggable authentication modules
System auditing with auditd
Hosted Based Intrusion Detection System
The hardened image approach
Summary
Chapter 5: Cryptography Network Security
Introduction to cryptography
Types of cryptography
Message authentication codes
Hardware security modules
Key management service
Envelope encryption
Credential management system with KMS
Asymmetric key encryption 
Digital signatures
SSL/TLS
Perfect forward secrecy
Online certificate status protocol
OCSP stapling
AWS certificate manager
Summary
Chapter 6: Automation in Security
Configuration management
Attaining the desired state with Ansible pull
Terraform
AWS Lambda
Summary
Chapter 7: Vulnerability, Pentest, and Patch Management
Introduction to vulnerability assessment
Understanding risks
Risk mitigation
Best practices
Patch management
Organizing servers in groups
Introduction to Docker
Summary
Chapter 8: Security Logging and Monitoring
Continuous security and monitoring
Choosing the right log monitoring tool
Security Incident and Event Management
Log monitoring is reactive in nature
Summary
Chapter 9: First Responder
Real world use case
Understanding the incident
Holding unexpected simulation
Summary
Chapter 10: Best Practices
Cloud readiness
Network readiness
Server readiness
Bonus points
Summary

Book Details

ISBN 139781788299558
Paperback410 pages
Read More

Read More Reviews

Recommended for You

Mastering Linux Security and Hardening Book Cover
Mastering Linux Security and Hardening
$ 35.99
$ 25.20
Java EE 8 and Angular Book Cover
Java EE 8 and Angular
$ 35.99
$ 25.20
Deploying and Running Docker Containers [Video] Book Cover
Deploying and Running Docker Containers [Video]
$ 124.99
$ 106.25
Computer Vision with OpenCV 3 and Qt5 Book Cover
Computer Vision with OpenCV 3 and Qt5
$ 39.99
$ 28.00
Intermediate Laravel: Adding Popular Features to Our Apps [Video] Book Cover
Intermediate Laravel: Adding Popular Features to Our Apps [Video]
$ 124.99
$ 106.25
Hands-On Chatbots and Conversational UI Development Book Cover
Hands-On Chatbots and Conversational UI Development
$ 31.99
$ 22.40