- ホーム
- > 洋書
- > 英文書
- > Computer / General
Contents
Table of Contents
Dedication
Acknowledgements
Preface
Chapter 1: The Strategic Importance of Cloud Security. 3
Cloud as the Default Operating Model 3
Business Drivers and Return on Security Investment. 4
Evolving Risk Landscape in Cloud Contexts. 8
Misconceptions and Shared Responsibility Realities. 11
Cloud Security as a Business Enabler. 14
Strategic Alignment Between Security and Enterprise Goals. 17
Conclusion. 20
Recommendations. 20
Chapter 2: Foundations of Cloud Computing. 23
Historical Roots and Computing Paradigms. 23
Core Cloud Service Models. 25
Deployment Models. 28
Enabling Technologies: APIs, Virtualization, Containers. 32
Infrastructure as Code and Automation Foundations. 35
Cloud Economic Models and Abstraction Layers. 38
Cloud Provider Ecosystems and Market Differentiation. 41
Conclusion. 45
Recommendations. 45
Chapter 3: The Modern Cloud Security Landscape. 48
Emerging Threats in Cloud Environments. 48
Cloud-Specific Vulnerabilities and Attack Vectors. 51
Deep Dive: Shared Responsibility Model by Service Tier. 54
Limitations of Legacy Security Models in Cloud Contexts. 58
Security Investment Patterns and Innovation Drivers. 60
Cloud Security Maturity and Adoption Models. 64
Conclusion. 67
Recommendations. 67
Chapter 4: Secure Cloud Architecture and Design. 70
Secure-by-Design Principles for Cloud Infrastructure. 70
Identity, Trust Boundaries, and Access Zones. 73
Resilience, Redundancy, and High Availability Design. 75
Secure Networking and Micro-Segmentation Models. 78
Data Flow Mapping, Isolation, and Asset Tiering. 82
Avoiding Cloud Security Anti-Patterns. 84
Compliance-Ready Architectural Planning. 88
Conclusion. 91
Recommendations. 91
Chapter 5: Identity and Access Management (IAM) in the Cloud. 94
Identity as the Security Perimeter. 94
Authentication Protocols and Adaptive Techniques. 96
Authorization Models: RBAC, ABAC, and Fine-Grained Access. 99
Privileged Access Management (PAM) at Cloud Scale. 102
Lifecycle Automation for Identity Provisioning and Decommissioning. 105
Foundational IAM Architecture and Operational Best Practices. 110
Conclusion. 113
Recommendations. 113
Chapter 6: Securing Data in Cloud Environments. 116
Data Classification and Inventory Across Cloud Assets. 116
Encryption in Transit, At Rest, and In Use. 118
Key Management: HSMs, KMS, Rotation, and Escrow.. 121
Data Residency, Sovereignty, and Jurisdictional Compliance. 125
Backup, Archival, and Disaster Recovery for Data. 128
Insert Table 6-2. 130
Data Loss Prevention (DLP) and Leak Surface Reduction. 130
Conclusion. 134
Recommendations. 134
Chapter 7: Monitoring, Detection, and Incident Management. 137
Foundations of Logging and Security Telemetry in the Cloud. 137
Threat Detection: Real-Time Event Correlation and Context. 139
Security Monitoring Across Multi-Cloud Architectures. 143
Incident Detection and Early Escalation Strategies. 146
Automation and Orchestration in Incident Response. 149
Metrics, KPIs, and Threat Intelligence Integration. 152
Post-Incident Review and Root Cause Analysis. 155
Conclusion. 158
Recommendations. 158
Chapter 8: Security Automation and DevSecOps. 161
DevSecOps Principles and Security Integration Models. 161
Secure CI/CD Pipeline Design and Control Points. 163
Infrastructure as Code (IaC) Security and Policy as Code. 166
Managing Secrets in Automated Development Workflows. 170
Automating Compliance Validation in Build Pipelines. 172
Governance Enforcement Through DevSecOps Tooling. 175
Conclusion. 178
Recommendations. 178
Chapter 9: Advanced Architectures and Specialized Domains. 181
Container Security and Kubernetes Hardening. 181
Serverless and Event-Driven Architecture Security. 183
API Security: Design, Authentication, and Rate Limiting. 187
Supply Chain and Dependency Risk in Cloud Applications. 190
Implementing Zero Trust in Cloud-Native Environments. 193
Security for Edge, IoT, and Distributed Cloud Models. 196
Resilience Engineering and Chaos Security Practices. 199
Conclusion. 203
Recommendations. 203
Chapter 10: Cloud Governance, Risk, and Compliance (GRC) 206
Foundations of Cloud Governance Structures. 206
Enterprise Cloud Risk Management Frameworks. 210
Mapping Regulatory Frameworks to Cloud Controls. 213
Cloud Audit Preparedness and Evidence Collection. 216
SaaS and Third-Party Governance Risk Strategies. 220
Conclusion. 223
Recommendations. 223
Chapter 11: Cloud Hardening and Configuration Management. 226
Core Principles of Secure Configuration and Hardening. 226
Baseline Standards for Operating Systems and VMs. 229
Container and Kubernetes Configuration Security. 232
Hardening PaaS and Managed Cloud Services. 235
Endpoint, Client, and Remote Access Configuration. 238
Infrastructure as Code for Baseline Enforcement. 241
Continuous Validation and Drift Detection Workflows. 245
Conclusion. 248
Recommendations. 249
Chapter 12: Cloud Security Testing and Validation. 251
Security Testing Methodologies in Cloud Contexts. 251
Continuous Vulnerability Assessment and Remediation. 254
Cloud-Aware Penetration Testing and Provider Constraints. 257
Security Testing in DevSecOps Pipelines (SAST/DAST/IAST) 260
External Testing, Bug Bounties, and Researcher Coordination. 263
Purple Teaming, Simulated Attacks, and Threat-Informed Defense. 266
Conclusion. 269
Recommendations. 269
Chapter 13: Secrets Management and Sensitive Asset Protection. 272
Defining Secrets and Sensitive Credentials in the Cloud. 272
Secure Secrets Lifecycle: Creation to Deletion. 275
Centralized vs. Decentralized Secrets Management Models. 278
Secrets Management in DevOps and CI/CD Workflows. 281
Just-in-Time Access and Privileged Credential Rotation. 284
Automating Secrets Management at Scale. 287
Conclusion. 290
Recommendations. 290
Chapter 14: Cloud Network Security. 292
Virtual Networking Foundations and Isolation Models. 292
Network Segmentation, Routing, and Secure Zones. 295
Cloud Firewall Configuration and Access Control Enforcement. 298
Web Application Firewalls (WAF) and API Gateway Security. 302
Secure Remote Access and Hybrid Connectivity Architectures. 305
Traffic Logging, Packet Inspection, and Anomaly Detection. 309
DDoS Protection, SDN, and Edge Network Security Techniques. 313
Conclusion. 315
Recommendations. 316
Chapter 15: Identity Federation and Multi-Cloud Access Integration. 318
Identity Federation Concepts and Cross-Domain Trust Models. 318
Federation Protocols: SAML, OAuth, and OpenID Connect. 320
Federation Architecture in Multi-Cloud and Hybrid Environments. 323
Designing Secure and Scalable SSO Systems. 326
Securing Federated Sessions, Assertions, and Tokens. 330
Governance, Logging, and Compliance for Federated Access. 333
Conclusion. 336
Recommendations. 337
Chapter 16: Serverless and Microservices Security. 339
Core Concepts of Serverless and Microservices Architectures. 339
Shared Responsibility in Serverless Execution Models. 342
Authentication and Authorization Across Microservices. 345
API Gateway Protection and Request Validation Techniques. 348
Securing Events, Queues, and Triggers in Asynchronous Systems. 351
Secrets and Data Handling in Ephemeral Execution Environments. 354
Runtime Monitoring and Isolation for Distributed Workloads. 357
Conclusion. 361
Recommendations. 361
Chapter 17: Data Privacy, Residency, and Protection Obligations. 364
Privacy Fundamentals in Cloud Contexts. 364
Data Residency, Localization, and Jurisdictional Compliance. 367
Applying Privacy by Design in Cloud Architectures. 370
Minimization, Pseudonymization, and Retention Strategies. 373
Subject Access Requests and Erasure Protocols. 377
Privacy Risk Assessment and Breach Notification Planning. 380
Conclusion. 384
Recommendations. 384
Chapter 18: Cloud Compliance and Regulatory Readiness. 387
Regulatory Scope and Interpretation for Cloud Services. 387
Mapping Frameworks: FedRAMP, ISO 27017, CSA CCM, etc. 390
Navigating Multi-Jurisdictional and Industry-Specific Regulations. 393
Automated Compliance Monitoring and Control Validation. 396
Evidence Collection, Documentation, and Control Traceability. 400
Cloud Vendor Compliance Oversight and Attestation Review.. 403
Strategic Compliance Roadmapping and Governance Alignment. 406
Conclusions. 410
Recommendations. 410
Chapter 19: Cloud Risk Management and Enterprise Integration. 413
Identifying and Categorizing Cloud Risk Vectors. 413
Embedding Cloud Risk into Enterprise Risk Frameworks. 415
Risk Quantification, Prioritization, and Response Planning. 418
Third-Party, SaaS, and Supply Chain Risk Management. 421
Shadow IT, Unmanaged Assets, and Risk Discovery Techniques. 425
Conclusion. 428
Recommendations. 428
Chapter 20: Cloud Monitoring, Logging, and Detection. 431
Principles of Observability in Cloud Infrastructure. 431
Centralized Logging Strategies Across Providers. 433
Real-Time Detection and Correlation with Native and Third-Party Tools. 436
Cloud SIEM, SOAR, and Automation Integration. 439
Behavioral Analytics and Anomaly Detection in Cloud Workloads. 442
Alert Tuning, Prioritization, and False Positive Reduction. 445
Maturity Models for Telemetry, Visibility, and Incident Readiness. 448
Conclusions. 452
Recommendations. 452
Chapter 21: Cloud Security Metrics and Performance Reporting. 455
Aligning Metrics with Business and Security Objectives. 455
Operational and Technical Metrics for Cloud Security Operations. 457
Compliance, Audit, and Control Effectiveness Indicators. 460
Tracking Remediation, Drift, and Security Posture Trends. 463
Maturity Models and Continuous Metrics Optimization. 466
Conclusion. 469
Recommendations. 469
Chapter 22: Threat Intelligence and Attack Surface Management. 471
Strategic Role of Threat Intelligence in Cloud Security. 471
Discovering and Mapping the Cloud Attack Surface. 473
Curating and Consuming External Intelligence Feeds. 476
Threat Modeling, Attribution, and Prioritization. 479
Integrating Threat Intelligence into Detection and Response. 482
Monitoring Internal and External Attack Vectors Continuously. 485
Collaborative Intelligence Sharing and Operational Integration. 488
Conclusion. 492
Recommendations. 492
Chapter 23: Incident Response in Cloud Environments. 494
Cloud-Aware Incident Response Planning and Governance. 494
Role Definitions, Escalation Protocols, and Communication Plans. 497
Detection, Validation, and Incident Categorization. 500
Containment, Eradication, and Cloud-Scale Recovery. 503
Forensic Considerations and Evidence Preservation. 506
Post-Incident Review, Root Cause Analysis, and Corrective Actions. 509
Integration of IR Playbooks with Cloud Automation and Orchestration. 512
Conclusion. 515
Recommendations. 516
Chapter 24: Cloud Forensics and Legal Considerations. 519
Foundations of Digital Forensics in Cloud Contexts. 519
Forensic Readiness: Controls, Logging, and Preservation Practices. 521
Integration of Forensics into Security Operations and IR. 525
Jurisdiction, Chain of Custody, and Legal Admissibility. 528
Collaborating with Cloud Providers During Investigations. 531
Regulatory Expectations for Investigations and Reporting. 534
Emerging Tools, Standards, and Future Forensic Models. 538
Conclusion. 541
Recommendations. 541
Chapter 25: Disaster Recovery and Business Continuity in the Cloud. 544
Strategic Foundations of Cloud DR and BCP Planning. 544
Cloud DR Models: Backup, Pilot Light, Warm Standby, Active-Active. 547
Identifying Critical Assets and Defining Recovery Objectives. 550
Automated Testing and Validation of DR Plans. 553
Ensuring Service Continuity for Distributed Cloud Systems. 556
Integration of DR with Resilience, Chaos Engineering, and Automation. 560
Maintaining Operational Continuity During Service Disruptions or Failures. 563
Conclusion. 567
Recommendations. 567
Chapter 26: AI-Driven Cloud Security and Automation. 570
Core Concepts of AI and ML in Cloud Security. 570
AI-Enhanced Threat Detection and Behavioral Analysis. 572
Predictive Risk Modeling and Security Forecasting. 576
Autonomous Incident Response and Workflow Optimization. 579
AI-Augmented Monitoring and Security Visibility. 582
Conclusions. 586
Recommendations. 586
Chapter 27: Quantum-Ready Security for Cloud Infrastructures. 589
Quantum Computing Fundamentals and Cloud Implications. 589
Cryptographic Vulnerabilities and Quantum Threat Timelines. 592
Post-Quantum Cryptography: Transition Strategies. 595
Quantum Key Distribution (QKD) and Next-Gen Encryption Models. 598
Inventorying and Replacing Classical Cryptographic Dependencies. 602
Conclusion. 604
Recommendations. 604
Chapter 28: Securing Cloud-Integrated IoT and Edge Computing. 607
Defining Cloud-Edge and IoT Integration Models. 607
Unique Threats in Edge and Distributed Environments. 610
Lifecycle Management for Devices and Firmware Security. 613
Hardening Edge Infrastructure and Protecting Data Flows. 616
Secure Connectivity Between Cloud, Edge, and Devices. 619
Conclusion. 622
Recommendations
Index
