Securing Cloud Services: A Pragmatic Approach to Security Architecture in the Cloud, Second Edition
- 4h 51m
- Lee Newcombe
- IT Governance
- 2020
Securing Cloud Services – A pragmatic guide gives an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud. The book:
- Introduces the concepts of Cloud computing and the associated security threats;
- Explains key security architectures and how they can be applied to Cloud services; and
- Covers security considerations for the different Cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS (Software as a Service) and FaaS (Function as a Service).
What does this book cover?
Cloud computing represents a major change to the IT services landscape, but it also introduces changes to the risk landscape, which need to be understood and addressed. The flexibility of Cloud computing does not come without compromise or risk.
Security remains a major concern for CIOs (chief information officers) considering a move to Cloud-based services. This book gives organisations pragmatic guidance on how to achieve consistent and cohesive security across their IT services – regardless of whether those services are hosted on-premises, on Cloud services or using a combination of both.
This guidance in Securing Cloud Services – A pragmatic guide is provided through the application of a Security Reference Model to the different Cloud delivery models – IaaS, PaaS and SaaS – and also considers the changes in approach required to work securely with the newer FaaS model.
Part 1 introduces the concepts embodied within Cloud computing, describes the associated security threats and lists some of the leading industry initiatives dedicated to improving the security of Cloud services.
Part 2 introduces security architecture concepts and a conceptual Security Reference Model. This model is then applied to the different Cloud service models to show how the conceptual security services within the reference model can be delivered for each Cloud service model.
Who is this book for?
This book will help organisations looking to implement Cloud services aimed at the enterprise – such as Amazon Web Services, Microsoft Azure, Google Cloud Platform and Salesforce – and to do so in a risk-controlled manner.
It is aimed at business decision makers, senior IT stakeholders, enterprise architects, information security professionals and anyone else who is interested in working with Cloud services but might be concerned about the potential security implications.
Manage the risks associated with Cloud computing – buy this book today!
About the Author
Lee Newcombe is an experienced and well-qualified security architect. He has worked for a major retail bank, two of the Big Four consultancies and a global systems integrator. His roles have included penetration testing, security audit, security architecture, security design, security implementation, business continuity, disaster recovery, forensics, identity and access management, security monitoring, and many other facets of information assurance. He has worked across various sectors, including financial services, retail, utilities and government, from the earliest days of the UK government’s G-Cloud programme through to his current role helping FTSE 100 companies succeed with their Cloud First strategies. He currently leads the Cloud security capability in Northern Europe for a global systems integrator.
Lee is a TOGAF® 9-certified enterprise architect and holds numerous security certifications, including CISSP® and CCSK, and full membership of the Institute of Information Security Professionals, and is a CESG Certified Senior Information Risk Advisor, having previously been a long-term member of the CESG Listed Advisor Scheme. He acted as the Chair of the UK Chapter of the Cloud Security Alliance from 2017 to 2019, and has been writing about, presenting on and working with Cloud technologies since 2008.
In this Book
-
Introduction to Cloud Computing
-
Overview of Existing Cloud Taxonomies and Models
-
The Security Balance
-
Security Threats Associated with Cloud Computing
-
Privacy and Regulatory Concerns
-
Introduction to Security Architecture
-
Application of Security Architecture to Cloud Computing
-
Security and the Cloud
-
Security and Infrastructure as a Service
-
Security and Platform as a Service
-
Security and Software as a Service
-
Security and Function as a Service
-
Looking Ahead
-
Conclusion and Summary