Cloud Security Fundamentals : Building the Foundations for Secure Cloud Platforms

Edwards, Jason

John Wiley & Sons Inc（2026/04発売）

• 製本 Hardcover:ハードカバー版／ページ数 464 p.
• 言語 ENG
• 商品コード 9781394377732

Contents

Table of Contents

 

Dedication

Acknowledgements

Preface

Chapter 1: The Strategic Importance of Cloud Security. 3

Cloud as the Default Operating Model 3

Business Drivers and Return on Security Investment. 4

Evolving Risk Landscape in Cloud Contexts. 8

Misconceptions and Shared Responsibility Realities. 11

Cloud Security as a Business Enabler. 14

Strategic Alignment Between Security and Enterprise Goals. 17

Conclusion. 20

Recommendations. 20

Chapter 2: Foundations of Cloud Computing. 23

Historical Roots and Computing Paradigms. 23

Core Cloud Service Models. 25

Deployment Models. 28

Enabling Technologies: APIs, Virtualization, Containers. 32

Infrastructure as Code and Automation Foundations. 35

Cloud Economic Models and Abstraction Layers. 38

Cloud Provider Ecosystems and Market Differentiation. 41

Conclusion. 45

Recommendations. 45

Chapter 3: The Modern Cloud Security Landscape. 48

Emerging Threats in Cloud Environments. 48

Cloud-Specific Vulnerabilities and Attack Vectors. 51

Deep Dive: Shared Responsibility Model by Service Tier. 54

Limitations of Legacy Security Models in Cloud Contexts. 58

Security Investment Patterns and Innovation Drivers. 60

Cloud Security Maturity and Adoption Models. 64

Conclusion. 67

Recommendations. 67

Chapter 4: Secure Cloud Architecture and Design. 70

Secure-by-Design Principles for Cloud Infrastructure. 70

Identity, Trust Boundaries, and Access Zones. 73

Resilience, Redundancy, and High Availability Design. 75

Secure Networking and Micro-Segmentation Models. 78

Data Flow Mapping, Isolation, and Asset Tiering. 82

Avoiding Cloud Security Anti-Patterns. 84

Compliance-Ready Architectural Planning. 88

Conclusion. 91

Recommendations. 91

Chapter 5: Identity and Access Management (IAM) in the Cloud. 94

Identity as the Security Perimeter. 94

Authentication Protocols and Adaptive Techniques. 96

Authorization Models: RBAC, ABAC, and Fine-Grained Access. 99

Privileged Access Management (PAM) at Cloud Scale. 102

Lifecycle Automation for Identity Provisioning and Decommissioning. 105

Foundational IAM Architecture and Operational Best Practices. 110

Conclusion. 113

Recommendations. 113

Chapter 6: Securing Data in Cloud Environments. 116

Data Classification and Inventory Across Cloud Assets. 116

Encryption in Transit, At Rest, and In Use. 118

Key Management: HSMs, KMS, Rotation, and Escrow.. 121

Data Residency, Sovereignty, and Jurisdictional Compliance. 125

Backup, Archival, and Disaster Recovery for Data. 128

Insert Table 6-2. 130

Data Loss Prevention (DLP) and Leak Surface Reduction. 130

Conclusion. 134

Recommendations. 134

Chapter 7: Monitoring, Detection, and Incident Management. 137

Foundations of Logging and Security Telemetry in the Cloud. 137

Threat Detection: Real-Time Event Correlation and Context. 139

Security Monitoring Across Multi-Cloud Architectures. 143

Incident Detection and Early Escalation Strategies. 146

Automation and Orchestration in Incident Response. 149

Metrics, KPIs, and Threat Intelligence Integration. 152

Post-Incident Review and Root Cause Analysis. 155

Conclusion. 158

Recommendations. 158

Chapter 8: Security Automation and DevSecOps. 161

DevSecOps Principles and Security Integration Models. 161

Secure CI/CD Pipeline Design and Control Points. 163

Infrastructure as Code (IaC) Security and Policy as Code. 166

Managing Secrets in Automated Development Workflows. 170

Automating Compliance Validation in Build Pipelines. 172

Governance Enforcement Through DevSecOps Tooling. 175

Conclusion. 178

Recommendations. 178

Chapter 9: Advanced Architectures and Specialized Domains. 181

Container Security and Kubernetes Hardening. 181

Serverless and Event-Driven Architecture Security. 183

API Security: Design, Authentication, and Rate Limiting. 187

Supply Chain and Dependency Risk in Cloud Applications. 190

Implementing Zero Trust in Cloud-Native Environments. 193

Security for Edge, IoT, and Distributed Cloud Models. 196

Resilience Engineering and Chaos Security Practices. 199

Conclusion. 203

Recommendations. 203

Chapter 10: Cloud Governance, Risk, and Compliance (GRC) 206

Foundations of Cloud Governance Structures. 206

Enterprise Cloud Risk Management Frameworks. 210

Mapping Regulatory Frameworks to Cloud Controls. 213

Cloud Audit Preparedness and Evidence Collection. 216

SaaS and Third-Party Governance Risk Strategies. 220

Conclusion. 223

Recommendations. 223

Chapter 11: Cloud Hardening and Configuration Management. 226

Core Principles of Secure Configuration and Hardening. 226

Baseline Standards for Operating Systems and VMs. 229

Container and Kubernetes Configuration Security. 232

Hardening PaaS and Managed Cloud Services. 235

Endpoint, Client, and Remote Access Configuration. 238

Infrastructure as Code for Baseline Enforcement. 241

Continuous Validation and Drift Detection Workflows. 245

Conclusion. 248

Recommendations. 249

Chapter 12: Cloud Security Testing and Validation. 251

Security Testing Methodologies in Cloud Contexts. 251

Continuous Vulnerability Assessment and Remediation. 254

Cloud-Aware Penetration Testing and Provider Constraints. 257

Security Testing in DevSecOps Pipelines (SAST/DAST/IAST) 260

External Testing, Bug Bounties, and Researcher Coordination. 263

Purple Teaming, Simulated Attacks, and Threat-Informed Defense. 266

Conclusion. 269

Recommendations. 269

Chapter 13: Secrets Management and Sensitive Asset Protection. 272

Defining Secrets and Sensitive Credentials in the Cloud. 272

Secure Secrets Lifecycle: Creation to Deletion. 275

Centralized vs. Decentralized Secrets Management Models. 278

Secrets Management in DevOps and CI/CD Workflows. 281

Just-in-Time Access and Privileged Credential Rotation. 284

Automating Secrets Management at Scale. 287

Conclusion. 290

Recommendations. 290

Chapter 14: Cloud Network Security. 292

Virtual Networking Foundations and Isolation Models. 292

Network Segmentation, Routing, and Secure Zones. 295

Cloud Firewall Configuration and Access Control Enforcement. 298

Web Application Firewalls (WAF) and API Gateway Security. 302

Secure Remote Access and Hybrid Connectivity Architectures. 305

Traffic Logging, Packet Inspection, and Anomaly Detection. 309

DDoS Protection, SDN, and Edge Network Security Techniques. 313

Conclusion. 315

Recommendations. 316

Chapter 15: Identity Federation and Multi-Cloud Access Integration. 318

Identity Federation Concepts and Cross-Domain Trust Models. 318

Federation Protocols: SAML, OAuth, and OpenID Connect. 320

Federation Architecture in Multi-Cloud and Hybrid Environments. 323

Designing Secure and Scalable SSO Systems. 326

Securing Federated Sessions, Assertions, and Tokens. 330

Governance, Logging, and Compliance for Federated Access. 333

Conclusion. 336

Recommendations. 337

Chapter 16: Serverless and Microservices Security. 339

Core Concepts of Serverless and Microservices Architectures. 339

Shared Responsibility in Serverless Execution Models. 342

Authentication and Authorization Across Microservices. 345

API Gateway Protection and Request Validation Techniques. 348

Securing Events, Queues, and Triggers in Asynchronous Systems. 351

Secrets and Data Handling in Ephemeral Execution Environments. 354

Runtime Monitoring and Isolation for Distributed Workloads. 357

Conclusion. 361

Recommendations. 361

Chapter 17: Data Privacy, Residency, and Protection Obligations. 364

Privacy Fundamentals in Cloud Contexts. 364

Data Residency, Localization, and Jurisdictional Compliance. 367

Applying Privacy by Design in Cloud Architectures. 370

Minimization, Pseudonymization, and Retention Strategies. 373

Subject Access Requests and Erasure Protocols. 377

Privacy Risk Assessment and Breach Notification Planning. 380

Conclusion. 384

Recommendations. 384

Chapter 18: Cloud Compliance and Regulatory Readiness. 387

Regulatory Scope and Interpretation for Cloud Services. 387

Mapping Frameworks: FedRAMP, ISO 27017, CSA CCM, etc. 390

Navigating Multi-Jurisdictional and Industry-Specific Regulations. 393

Automated Compliance Monitoring and Control Validation. 396

Evidence Collection, Documentation, and Control Traceability. 400

Cloud Vendor Compliance Oversight and Attestation Review.. 403

Strategic Compliance Roadmapping and Governance Alignment. 406

Conclusions. 410

Recommendations. 410

Chapter 19: Cloud Risk Management and Enterprise Integration. 413

Identifying and Categorizing Cloud Risk Vectors. 413

Embedding Cloud Risk into Enterprise Risk Frameworks. 415

Risk Quantification, Prioritization, and Response Planning. 418

Third-Party, SaaS, and Supply Chain Risk Management. 421

Shadow IT, Unmanaged Assets, and Risk Discovery Techniques. 425

Conclusion. 428

Recommendations. 428

Chapter 20: Cloud Monitoring, Logging, and Detection. 431

Principles of Observability in Cloud Infrastructure. 431

Centralized Logging Strategies Across Providers. 433

Real-Time Detection and Correlation with Native and Third-Party Tools. 436

Cloud SIEM, SOAR, and Automation Integration. 439

Behavioral Analytics and Anomaly Detection in Cloud Workloads. 442

Alert Tuning, Prioritization, and False Positive Reduction. 445

Maturity Models for Telemetry, Visibility, and Incident Readiness. 448

Conclusions. 452

Recommendations. 452

Chapter 21: Cloud Security Metrics and Performance Reporting. 455

Aligning Metrics with Business and Security Objectives. 455

Operational and Technical Metrics for Cloud Security Operations. 457

Compliance, Audit, and Control Effectiveness Indicators. 460

Tracking Remediation, Drift, and Security Posture Trends. 463

Maturity Models and Continuous Metrics Optimization. 466

Conclusion. 469

Recommendations. 469

Chapter 22: Threat Intelligence and Attack Surface Management. 471

Strategic Role of Threat Intelligence in Cloud Security. 471

Discovering and Mapping the Cloud Attack Surface. 473

Curating and Consuming External Intelligence Feeds. 476

Threat Modeling, Attribution, and Prioritization. 479

Integrating Threat Intelligence into Detection and Response. 482

Monitoring Internal and External Attack Vectors Continuously. 485

Collaborative Intelligence Sharing and Operational Integration. 488

Conclusion. 492

Recommendations. 492

Chapter 23: Incident Response in Cloud Environments. 494

Cloud-Aware Incident Response Planning and Governance. 494

Role Definitions, Escalation Protocols, and Communication Plans. 497

Detection, Validation, and Incident Categorization. 500

Containment, Eradication, and Cloud-Scale Recovery. 503

Forensic Considerations and Evidence Preservation. 506

Post-Incident Review, Root Cause Analysis, and Corrective Actions. 509

Integration of IR Playbooks with Cloud Automation and Orchestration. 512

Conclusion. 515

Recommendations. 516

Chapter 24: Cloud Forensics and Legal Considerations. 519

Foundations of Digital Forensics in Cloud Contexts. 519

Forensic Readiness: Controls, Logging, and Preservation Practices. 521

Integration of Forensics into Security Operations and IR. 525

Jurisdiction, Chain of Custody, and Legal Admissibility. 528

Collaborating with Cloud Providers During Investigations. 531

Regulatory Expectations for Investigations and Reporting. 534

Emerging Tools, Standards, and Future Forensic Models. 538

Conclusion. 541

Recommendations. 541

Chapter 25: Disaster Recovery and Business Continuity in the Cloud. 544

Strategic Foundations of Cloud DR and BCP Planning. 544

Cloud DR Models: Backup, Pilot Light, Warm Standby, Active-Active. 547

Identifying Critical Assets and Defining Recovery Objectives. 550

Automated Testing and Validation of DR Plans. 553

Ensuring Service Continuity for Distributed Cloud Systems. 556

Integration of DR with Resilience, Chaos Engineering, and Automation. 560

Maintaining Operational Continuity During Service Disruptions or Failures. 563

Conclusion. 567

Recommendations. 567

Chapter 26: AI-Driven Cloud Security and Automation. 570

Core Concepts of AI and ML in Cloud Security. 570

AI-Enhanced Threat Detection and Behavioral Analysis. 572

Predictive Risk Modeling and Security Forecasting. 576

Autonomous Incident Response and Workflow Optimization. 579

AI-Augmented Monitoring and Security Visibility. 582

Conclusions. 586

Recommendations. 586

Chapter 27: Quantum-Ready Security for Cloud Infrastructures. 589

Quantum Computing Fundamentals and Cloud Implications. 589

Cryptographic Vulnerabilities and Quantum Threat Timelines. 592

Post-Quantum Cryptography: Transition Strategies. 595

Quantum Key Distribution (QKD) and Next-Gen Encryption Models. 598

Inventorying and Replacing Classical Cryptographic Dependencies. 602

Conclusion. 604

Recommendations. 604

Chapter 28: Securing Cloud-Integrated IoT and Edge Computing. 607

Defining Cloud-Edge and IoT Integration Models. 607

Unique Threats in Edge and Distributed Environments. 610

Lifecycle Management for Devices and Firmware Security. 613

Hardening Edge Infrastructure and Protecting Data Flows. 616

Secure Connectivity Between Cloud, Edge, and Devices. 619

Conclusion. 622

Recommendations 

Index