Securing Cloud Services A pragmatic guide gives an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud. The book:
Introduces the concepts of Cloud computing and the associated security threats; Explains key security architectures and how they can be applied to Cloud services; and Covers security considerations for the different Cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS (Software as a Service) and FaaS (Function as a Service).
Cloud computing represents a major change to the IT services landscape, but it also introduces changes to the risk landscape, which need to be understood and addressed. The flexibility of Cloud computing does not come without compromise or risk.
Security remains a major concern for CIOs (chief information officers) considering a move to Cloud-based services. This book gives organisations pragmatic guidance on how to achieve consistent and cohesive security across their IT services regardless of whether those services are hosted on-premises, on Cloud services or using a combination of both.
This guidance in Securing Cloud Services A pragmatic guide is provided through the application of a Security Reference Model to the different Cloud delivery models IaaS, PaaS and SaaS and also considers the changes in approach required to work securely with the newer FaaS model.
Part 1 introduces the concepts embodied within Cloud computing, describes the associated security threats and lists some of the leading industry initiatives dedicated to improving the security of Cloud services.
Part 2 introduces security architecture concepts and a conceptual Security Reference Model. This model is then applied to the different Cloud service models to show how the conceptual security services within the reference model can be delivered for each Cloud service model.
This book will help organisations looking to implement Cloud services aimed at the enterprise such as Amazon Web Services, Microsoft Azure, Google Cloud Platform and Salesforce and to do so in a risk-managed manner.
It is aimed at business decision makers, senior IT stakeholders, enterprise architects, information security professionals.
Manage the risks associated with Cloud computing buy this book today!
Recenzijos
... this book is a must-read for those looking for guidance based on real-life experience and a pragmatic perspective. The book is easy to read, and provides an account of the authors research and experience ... It has a very clear purpose, and that is to prepare individuals at organizations interested in adopting cloud computing to recognize security risks and help them learn best practices for managing those risks. -- Phoram Mehta * Computing Reviews *
Daugiau informacijos
Reap the rewards and implement Cloud services in a risk-controlled manner buy this book today!
Part 1: Securing Cloud services setting the scene
Introduction
Chapter 1: Introduction to Cloud computing
Chapter 2: Overview of existing Cloud taxonomies
and models
Chapter 3: The security balance
Chapter 4: Security threats associated with Cloud computing
Chapter 5: Privacy and regulatory concerns
Part 2: Securing Cloud services in practice
Introduction
Chapter 6: Introduction to security architecture
Chapter 7: Application of security architecture to
Cloud computing
Chapter 8: Security and the Cloud
Chapter 9: Security and Infrastructure as a
Service
Chapter 10: Security and Platform as a Service
Chapter 11: Security and Software as a Service
Chapter 12: Security and Function as a Service
Part 3: Conclusion
Introduction
Chapter 13: Looking ahead
Chapter 14: Conclusion and summary
Appendix A: SRM security service assignments
Further reading
Lee Newcombe is an experienced and well qualified security architect. During his career, he has been employed by a major retail bank, two of the Big Four consultancies and a global systems integrator. His roles have included penetration testing, security audit, security architecture, security design, security implementation, business continuity, disaster recovery, forensics, identity and access management, security monitoring and many other facets of information assurance. He has worked across various sectors, including financial services, retail, utilities and government, from the earliest days of the UK governments G-Cloud programme through to his current role helping FTSE 100 companies succeed with their Cloud First strategies. He currently leads the Cloud security capability in Northern Europe for a global systems integrator.
Lee is a TOGAF® 9-certified enterprise architect and holds numerous security certifications, including CISSP® and CCSK, and full membership of the Institute of Information Security Professionals, and is a CESG Certified Senior Information Risk Advisor, having previously been a long-term member of the CESG Listed Advisor Scheme. He acted as the Chair of the UK Chapter of the Cloud Security Alliance from 2017 to 2019 and has been writing about, presenting on and working with Cloud technologies since 2008.
Daugiau apie elektronines knygas