What this book covers
Chapter 1, Foundations of Cloud Native, serves as a comprehensive introduction to cloud-native technologies, exploring the tools and platforms offered by the CNCF. It provides a clear understanding of these platforms, their use cases and applications, and how to deploy them in real time. It is designed to help those of you who are familiar with public cloud vendors and their offerings but seek to understand how they integrate with vendor-agnostic cloud-native technologies.
Chapter 2, Cloud Native Systems Security Management, provides a comprehensive understanding of the various tools and techniques that can be used to secure cloud-native systems, and how they can be integrated to provide a secure and compliant cloud-native environment. By the end of this chapter, you will be able to implement secure configuration management, secure image management, secure runtime management, secure network management, and Kubernetes admission controllers in their cloud-native systems.
Chapter 3, Cloud Native Application Security, provides an in-depth understanding of the security considerations involved in cloud-native application development. As the shift toward cloud-based application development continues to grow, it is crucial for software engineers, architects, and security professionals to understand the security implications and best practices to build secure cloud-native applications.
Chapter 4, Building an AppSec Culture, covers the key components of building an AppSec program that is both effective and efficient. It emphasizes the importance of understanding your organization’s security needs and goals and explores the key elements of an effective AppSec program, including risk assessment, security testing, and security training.
Chapter 5, Threat Modeling for Cloud Native, provides a comprehensive understanding of how to perform threat modeling for cloud-native environments, and how to use the information gathered to make informed decisions about security risks. It brings together all the concepts covered so far and applies them to the process of threat modeling.
Chapter 6, Securing the Infrastructure, explores various tools and strategies to secure your cloud-native infrastructure, from configuration to network security. It provides hands-on experience in implementing various security measures for Kubernetes, service mesh, and container security.
Chapter 7, Cloud Security Operations, offers practical insights and tools to establish and maintain a robust cloud security operations process. It explores innovative techniques to collect and analyze data points, including centralized logging, cloud-native observability tools, and monitoring with Prometheus and Grafana.
Chapter 8, DevSecOps Practices for Cloud Native, delves into the various aspects of DevSecOps, focusing on Infrastructure as Code (IaC), policy as code, and Continuous Integration/Continuous Deployment (CI/CD) platforms. This chapter will teach you in detail about automating most of the processes you learned in the previous chapters. By the end of this chapter, you will have a comprehensive understanding of these concepts and the open source tools that aid in implementing DevSecOps practices.
Chapter 9, Legal and Compliance, aims to bridge the gap between the technical skills and the legal and compliance aspects in the world of cloud-native software security. This chapter provides you with a comprehensive understanding of the laws, regulations, and standards that govern your work. By the end of this chapter, you will not only gain knowledge about the key U.S. privacy and security laws but also learn how to analyze these laws from a security engineer’s perspective.
Chapter 10, Cloud Native Vendor Management and Security Certifications, dives deep into the world of cloud vendor management and security certifications, revealing practical tools and strategies to build strong vendor relationships that underpin secure cloud operations. By the end of this chapter, you will understand the various risks associated with cloud vendors and how to assess a vendor’s security posture effectively.
