What this book covers
Chapter 1, Opportunities and Challenges with Hybrid Multi-cloud Solution, discusses the evolution of cloud, cloud consumption and deployment patterns, challenges, and opportunities.
Chapter 2, Understanding Shared Responsibility Model for Cloud Security, discusses an overall approach to addressing hybrid cloud security.
Chapter 3, Implementing Identity and Access Management for Cloud Users, describes the patterns to implement authentication, access control, and audit for cloud resources.
Chapter 4, Implementing Identity and Access Management for Applications, shows you how to add authentication and access to web and mobile applications deployed in the cloud. This chapter will discuss the pattern to enhance apps with advanced security capabilities.
Chapter 5, How to Secure Compute Infrastructure, shows you how to secure Virtual Machines (VMs) and containers. We will discuss patterns to provide isolation to varying degrees and enable both portability and security for VMs and containers.
Chapter 6, Implementing Network Protection, Isolation, and Secure Connectivity, discusses how to secure a cloud network and the architecture patterns and security elements needed to secure the network, including isolation, connectivity, and protection.
Chapter 7, Data Protection Pattern, explores data protection patterns, including protecting data at rest, in transit, and in use. Data at rest protection patterns include how to protect files, objects stored physically in a database, or raw, in data or storage services. You will learn how to use encryption and key management patterns to protect data at rest, and understand the threats related to data in transit and patterns for protecting data in transit. This chapter will discuss the importance of certificates and their use in protecting data in transit. This chapter also discusses how to protect data during processing, as well as services from the cloud that deliver stronger end-to-end data security in the cloud.
Chapter 8, Shift Left Security for DevOps, discusses how to infuse security into a DevOps pipeline. Shifting left security to be incorporated in the early first stages of concept, development, and operations is required to ensure an application runs safely in the cloud. Threat and vulnerability management are critical aspects of security and compliance programs. This chapter discusses patterns to identify vulnerabilities in cloud resources across infrastructure, middleware, and applications and how to remediate them. Configuration management is another important topic that covers how to manage and control configurations for cloud resources to enable security and facilitate the management of risk.
Chapter 9, Manage Security Posture for Your Cloud Deployments, delves into Cloud Security Posture Management (CSPM), which helps to proactively monitor, track, and react to security violations. This chapter provides information on how to build end-to-end visibility and integration of security processes and tooling throughout an organization to get a security posture for cloud applications. A security and compliance posture provides a method to see controls in place against policies and their effectiveness. This chapter discusses how to prepare an enterprise to respond to large volumes of alerts and events related to cloud security. Given the use of multiple tools and a shortage of staff, enterprises need to adopt security orchestration, automation, and response to improve their effectiveness against security events.
Chapter 10, Building Zero Trust Architecture with Hybrid Cloud Security Patterns, discusses reference architectures and patterns to implement the zero trust model. The principles for zero trust are also discussed in detail. This chapter explores the use cases requiring the zero trust model and how to leverage hybrid cloud security patterns to protect critical data using zero trust security practices.
