Author: Josh Armitage
Publisher: "O'Reilly Media, Inc."
ISBN: 109810627X
Category : Computers
Languages : en
Pages : 516

Get Book

Book Description
With the rise of the cloud, every aspect of IT has been shaken to its core. The fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable. This practical book provides recipes for AWS, Azure, and GCP to help you enhance the security of your own cloud native systems. Based on his hard-earned experience working with some of the world's biggest enterprises and rapidly iterating startups, consultant Josh Armitage covers the trade-offs that security professionals, developers, and infrastructure gurus need to make when working with different cloud providers. Each recipe discusses these inherent compromises, as well as where clouds have similarities and where they're fundamentally different. Learn how the cloud provides security superior to what was achievable in an on-premises world Understand the principles and mental models that enable you to make optimal trade-offs as part of your solution Learn how to implement existing solutions that are robust and secure, and devise design solutions to new and interesting problems Deal with security challenges and solutions both horizontally and vertically within your business

Author: Heartin Kanikathottu
Publisher: Packt Publishing Ltd
ISBN: 1838827420
Category : Computers
Languages : en
Pages : 434

Get Book

Book Description
Secure your Amazon Web Services (AWS) infrastructure with permission policies, key management, and network security, along with following cloud security best practices Key FeaturesExplore useful recipes for implementing robust cloud security solutions on AWSMonitor your AWS infrastructure and workloads using CloudWatch, CloudTrail, config, GuardDuty, and MaciePrepare for the AWS Certified Security-Specialty exam by exploring various security models and compliance offeringsBook Description As a security consultant, securing your infrastructure by implementing policies and following best practices is critical. This cookbook discusses practical solutions to the most common problems related to safeguarding infrastructure, covering services and features within AWS that can help you implement security models such as the CIA triad (confidentiality, integrity, and availability), and the AAA triad (authentication, authorization, and availability), along with non-repudiation. The book begins with IAM and S3 policies and later gets you up to speed with data security, application security, monitoring, and compliance. This includes everything from using firewalls and load balancers to secure endpoints, to leveraging Cognito for managing users and authentication. Over the course of this book, you'll learn to use AWS security services such as Config for monitoring, as well as maintain compliance with GuardDuty, Macie, and Inspector. Finally, the book covers cloud security best practices and demonstrates how you can integrate additional security services such as Glacier Vault Lock and Security Hub to further strengthen your infrastructure. By the end of this book, you'll be well versed in the techniques required for securing AWS deployments, along with having the knowledge to prepare for the AWS Certified Security – Specialty certification. What you will learnCreate and manage users, groups, roles, and policies across accountsUse AWS Managed Services for logging, monitoring, and auditingCheck compliance with AWS Managed Services that use machine learningProvide security and availability for EC2 instances and applicationsSecure data using symmetric and asymmetric encryptionManage user pools and identity pools with federated loginWho this book is for If you are an IT security professional, cloud security architect, or a cloud application developer working on security-related roles and are interested in using AWS infrastructure for secure application deployments, then this Amazon Web Services book is for you. You will also find this book useful if you’re looking to achieve AWS certification. Prior knowledge of AWS and cloud computing is required to get the most out of this book.

Author: Chris Binnie
Publisher: John Wiley & Sons
ISBN: 1119782244
Category : Computers
Languages : en
Pages : 365

Get Book

Book Description
Explore the latest and most comprehensive guide to securing your Cloud Native technology stack Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today’s Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates. The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You’ll also learn about: Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates Securing the most popular container orchestrator, Kubernetes Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.

Author: Brendan Creane
Publisher: "O'Reilly Media, Inc."
ISBN: 1098107055
Category : Computers
Languages : en
Pages : 201

Get Book

Book Description
Securing, observing, and troubleshooting containerized workloads on Kubernetes can be daunting. It requires a range of considerations, from infrastructure choices and cluster configuration to deployment controls and runtime and network security. With this practical book, you'll learn how to adopt a holistic security and observability strategy for building and securing cloud native applications running on Kubernetes. Whether you're already working on cloud native applications or are in the process of migrating to its architecture, this guide introduces key security and observability concepts and best practices to help you unleash the power of cloud native applications. Authors Brendan Creane and Amit Gupta from Tigera take you through the full breadth of new cloud native approaches for establishing security and observability for applications running on Kubernetes. Learn why you need a security and observability strategy for cloud native applications and determine your scope of coverage Understand key concepts behind the book's security and observability approach Explore the technology choices available to support this strategy Discover how to share security responsibilities across multiple teams or roles Learn how to architect Kubernetes security and observability for multicloud and hybrid environments

Author: Sébastien Goasguen
Publisher: "O'Reilly Media, Inc."
ISBN: 1491979658
Category : Computers
Languages : en
Pages : 192

Get Book

Book Description
If your organization is preparing to move toward a cloud-native computing architecture, this cookbook shows you how to successfully use Kubernetes, the de-facto standard for automating the deployment, scaling, and management of containerized applications. With more than 80 proven recipes, developers, system administrators, and architects will quickly learn how to get started with Kubernetes and understand its powerful API. Through the course of the book, authors Sébastien Goasguen and Michael Hausenblas provide several detailed solutions for installing, interacting with, and using Kubernetes in development and production. You'll learn how to adapt the system to your particular needs and become familiar with the wider Kubernetes ecosystem. Each standalone chapter features recipes written in O'Reilly's popular problem-solution-discussion format. Recipes in this cookbook focus on: Creating a Kubernetes cluster Using the Kubernetes command-line interface Managing fundamental workload types Working with services Exploring the Kubernetes API Managing stateful and non-cloud native apps Working with volumes and configuration data Cluster-level and application-level scaling Securing your applications Monitoring and logging Maintenance and troubleshooting.

Author: Chris Binnie
Publisher:
ISBN: 9781394176847
Category : Cloud computing
Languages : en
Pages : 0

Get Book

Book Description
Explore the latest and most comprehensive guide to securing your Cloud Native technology stack Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates. The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You'll also learn about: Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates Securing the most popular container orchestrator, Kubernetes Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.

Author: Loris Degioanni
Publisher: "O'Reilly Media, Inc."
ISBN: 1098118545
Category : Computers
Languages : en
Pages : 227

Get Book

Book Description
As more and more organizations migrate their applications to the cloud, cloud native computing has become the dominant way to approach software development and execution. Protecting modern, cloud native applications from threats requires the ability to defend them at runtime, when they're most vulnerable to attacks. This practical guide introduces you to Falco, the open source standard for continuous risk and threat detection across Kubernetes, containers, and the cloud. Falco creator Loris Degioanni and core maintainer Leonardo Grasso bring you up to speed on threat detection and show you how to get Falco up and running, plus advanced topics such as deploying Falco in production and writing your own security rules. You'll learn how to: Leverage runtime security in cloud native environments Detect configuration changes and unexpected behavior in the cloud Protect containers, Kubernetes, and cloud applications using Falco Run, deploy, and customize Falco Deploy, configure, and maintain Falco in a production environment Improve your compliance

Author: Mihir Shah
Publisher: Packt Publishing Ltd
ISBN: 1837636524
Category : Computers
Languages : en
Pages : 372

Get Book

Book Description
Master widely used cloud native platforms like Kubernetes, Calico, Kibana, Grafana, Anchor, and more to ensure secure infrastructure and software development Purchase of the print or Kindle book includes a free PDF eBook Key Features Learn how to select cloud-native platforms and integrate security solutions into the system Leverage cutting-edge tools and platforms securely on a global scale in production environments Understand the laws and regulations necessary to prevent federal prosecution Book DescriptionFor cloud security engineers, it’s crucial to look beyond the limited managed services provided by cloud vendors and make use of the wide array of cloud native tools available to developers and security professionals, which enable the implementation of security solutions at scale. This book covers technologies that secure infrastructure, containers, and runtime environments using vendor-agnostic cloud native tools under the Cloud Native Computing Foundation (CNCF). The book begins with an introduction to the whats and whys of the cloud native environment, providing a primer on the platforms that you’ll explore throughout. You’ll then progress through the book, following the phases of application development. Starting with system design choices, security trade-offs, and secure application coding techniques that every developer should be mindful of, you’ll delve into more advanced topics such as system security architecture and threat modelling practices. The book concludes by explaining the legal and regulatory frameworks governing security practices in the cloud native space and highlights real-world repercussions that companies have faced as a result of immature security practices. By the end of this book, you'll be better equipped to create secure code and system designs.What you will learn Understand security concerns and challenges related to cloud-based app development Explore the different tools for securing configurations, networks, and runtime Implement threat modeling for risk mitigation strategies Deploy various security solutions for the CI/CD pipeline Discover best practices for logging, monitoring, and alerting Understand regulatory compliance product impact on cloud security Who this book is forThis book is for developers, security professionals, and DevOps teams involved in designing, developing, and deploying cloud native applications. It benefits those with a technical background seeking a deeper understanding of cloud-native security and the latest tools and technologies for securing cloud native infrastructure and runtime environments. Prior experience with cloud vendors and their managed services is advantageous for leveraging the tools and platforms covered in this book.

Author: Eyal Estrin
Publisher: BPB Publications
ISBN: 9355518900
Category : Computers
Languages : en
Pages : 288

Get Book

Book Description
Your practical handbook for securing cloud-native applications KEY FEATURES ● An overview of security in cloud-native applications, such as modern architectures, containers, CI/CD pipeline, and so on. ● Using automation, such as infrastructure as code and policy as code, to achieve security at scale. ● Implementing security, from encryption and secrets management to threat management. DESCRIPTION Security for cloud-native applications is an overview of cloud-native application’s characteristics from a security point of view, filled with best practices for securing services based on AWS, Azure, and GCP infrastructure. This book is a practical guide for securing cloud-native applications throughout their lifecycle. It establishes foundational knowledge of cloud services and cloud-native characteristics. It focuses on securing design approaches like APIs, microservices, and event-driven architectures. Specific technologies like containers, Kubernetes, and serverless functions are covered with security best practices. The book emphasizes integrating security throughout development using CI/CD pipelines and IaC tools. It explores policy as code for enforcing security policies and immutable infrastructure for enhanced security posture. Key management and threat detection strategies are also covered. Finally, the book offers a practical example and resources for further learning. By the end of the book, the reader will be able to design and secure modern applications using the public cloud scale, managed services, automation, and built-in security controls. WHAT YOU WILL LEARN ● How to secure modern design architectures from APIs, event-driven architectures, and microservices. ● How to secure applications using containers and the Kubernetes platform. ● How to secure applications using serverless/function-as-a-service. ● How to implement key and secrets management as part of cloud-native applications. ● How to implement the 12-factor application methodology and immutable infrastructure in cloud-native applications. WHO THIS BOOK IS FOR This book is for security professionals, software development teams, DevOps and cloud architects, and all those who are designing, maintaining, and securing cloud-native applications. TABLE OF CONTENTS 1. Introduction to Cloud Native Applications 2. Securing Modern Design Architectures 3. Containers and Kubernetes for Cloud Native Applications 4. Serverless for Cloud Native Applications 5. Building Secure CI/CD Pipelines 6. The 12-Factor Application Methodology 7. Using Infrastructure as Code 8. Authorization and Policy as Code 9. Implementing Immutable Infrastructure 10. Encryption and Secrets Management 11. Threat Management in Cloud Native Applications 12. Summary and Key Takeaways

Author: Stephane Eyskens
Publisher: Packt Publishing Ltd
ISBN: 1800560052
Category : Computers
Languages : en
Pages : 376

Get Book

Book Description
Improve your Azure architecture practice and set out on a cloud and cloud-native journey with this Azure cloud native architecture guide Key FeaturesDiscover the key drivers of successful Azure architectureImplement architecture maps as a compass to tackle any challengeUnderstand architecture maps in detail with the help of practical use casesBook Description Azure offers a wide range of services that enable a million ways to architect your solutions. Complete with original maps and expert analysis, this book will help you to explore Azure and choose the best solutions for your unique requirements. Starting with the key aspects of architecture, this book shows you how to map different architectural perspectives and covers a variety of use cases for each architectural discipline. You'll get acquainted with the basic cloud vocabulary and learn which strategic aspects to consider for a successful cloud journey. As you advance through the chapters, you'll understand technical considerations from the perspective of a solutions architect. You'll then explore infrastructure aspects, such as network, disaster recovery, and high availability, and leverage Infrastructure as Code (IaC) through ARM templates, Bicep, and Terraform. The book also guides you through cloud design patterns, distributed architecture, and ecosystem solutions, such as Dapr, from an application architect's perspective. You'll work with both traditional (ETL and OLAP) and modern data practices (big data and advanced analytics) in the cloud and finally get to grips with cloud native security. By the end of this book, you'll have picked up best practices and more rounded knowledge of the different architectural perspectives. What you will learnGain overarching architectural knowledge of the Microsoft Azure cloud platformExplore the possibilities of building a full Azure solution by considering different architectural perspectivesImplement best practices for architecting and deploying Azure infrastructureReview different patterns for building a distributed application with ecosystem frameworks and solutionsGet to grips with cloud-native concepts using containerized workloadsWork with AKS (Azure Kubernetes Service) and use it with service mesh technologies to design a microservices hosting platformWho this book is for This book is for aspiring Azure Architects or anyone who specializes in security, infrastructure, data, and application architecture. If you are a developer or infrastructure engineer looking to enhance your Azure knowledge, you'll find this book useful.