A complete guide to securing the core components of cloud services, with practical, real-world examples using the built-in security features of Azure, AWS, and GCP

Key Features

• Discover hands-on techniques for implementing robust cloud security implementation
• Protect your data and cloud infrastructure with tailored security strategies for your business
• Learn how to implement DevSecOps, apply encryption, detect threats and misconfigurations, and maintain cloud compliance

Book Description

Securing cloud resources is no easy task—each provider has its unique set of tools, processes, and challenges, demanding specialized expertise. This book cuts through the complexity, delivering practical guidance on embedding security best practices across the core infrastructure components of AWS, Azure, and GCP. It equips information security professionals and cloud engineers with the skills to identify risks and implement robust security controls throughout the design, deployment, and maintenance of public cloud environments.

Starting with the shared responsibility model, cloud service models, and deployment models, this book helps you get to grips with fundamental concepts such as compute, storage, networking, identity management, and encryption. You’ll then explore common threats and compliance requirements for cloud environments. As you progress, you'll implement security strategies across deployments ranging from small-scale environments to enterprise-grade production systems, including hybrid and multi-cloud setups.

This edition expands on emerging topics like GenAI service security and DevSecOps, with hands-on examples leveraging built-in security features of AWS, Azure, and GCP.

By the end of this book, you'll confidently secure any cloud environment with a comprehensive understanding of cloud security principles.

What you will learn

• Grasp the fundamental concepts of cloud services
• Secure compute, storage, and networking services across cloud platforms
• Get to grips with identity management in the cloud
• Secure Generative AI services in the cloud
• Audit and monitor cloud services with a security-focused approach
• Identify common threats and implement encryption to safeguard cloud services
• Implement security in hybrid and multi-cloud environments
• Design and maintain scalable security for large-scale cloud deployments

Who this book is for

This book is for IT professionals and information security personnel taking their first steps in the public cloud or migrating existing environments to the cloud. Cloud engineers, cloud architects, and cloud security professionals responsible for maintaining production environments in the cloud will also benefit from this book. Prior experience with deploying virtual machines, using storage services, and networking will help you to get the most out of this book.

Table of Contents

Part 1: Securing Infrastructure Cloud Services

Chapter 1: Introduction to Cloud Security

Chapter 2: Securing Compute

Services - Virtual Machines

Chapter 3: Securing Compute Services - Containers and Kubernetes

Chapter 4: Securing Computing Services - Serverless/FaaS

Chapter 5: Securing Storage Services

Chapter 6: Securing Networking Services - Part 1

Chapter 7: Securing Networking Services - Part 2

Chapter 8: Securing Generative Al Services

Part 2: Deep Dive into 1AM, Auditing, and Encryption

Chapter 9: Effective Strategies to Implement 1AM Solutions

Chapter 10: Auditing and Threat Management in Cloud Environments

Chapter 11: Applying Encryption in Cloud Services

Part 3: Threat and Vendor Management

Chapter 12: Understanding Common Security Threats to Cloud Services

Chapter 13: Engaging with Cloud Providers

Part 4: Advanced Use of Cloud Services

Chapter 14: Managing Hybrid Clouds

Chapter 15: Managing Multi-Cloud Environments

Chapter 16: Implementing DevSecOps

Chapter 17: Security in Large-Scale Environments

About the Author

Eyal Estrin is a cloud security architect who has been working with cloud services since 2015. He has been involved in the design and implementation of cloud environments from both the IT and security aspects.He has worked with AWS, Azure, and Google Cloud in a number of different organizations (in the banking, academia, and healthcare sectors).He has attained several top cloud security certifications - CCSP, CCSK, and AWS.He shares his knowledge through social media (LinkedIn, Twitter, Medium, and more) for the benefit of cloud experts around the world.