Constant width bold
Shows commands or other text that should be typed literally by the user.
Constant width italic
Shows text that should be replaced with user-supplied values or by values deter‐
mined by context.
This element signifies a tip or suggestion.
This element signifies a general note.
x | Preface
This element indicates a warning or caution.
O'Reilly Online Learning Platform
For almost 40 years, O'Reilly Media has provided technology
and business training, knowledge, and insight to help compa‐ nies succeed.
Our unique network of experts and innovators share their knowledge and expertise
through books, articles, conferences, and our online learning platform. O'Reilly's online learning platform gives you on-demand access to live training courses, in- depth learning paths, interactive coding environments, and a vast collection of text and video from O'Reilly and 200+ other publishers. For more information, please visit http://oreilly.com.
How to Contact Us
Please address comments and questions concerning this book to the publisher:
O'Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
800-998-9938 (in the United States or Canada)
707-829-0515 (international or local)
707-829-0104 (fax)
We have a web page for this book, where we list errata, examples, and any additional
information. You can access this page at http://bit.ly/practical-cloud-security.
To comment or ask technical questions about this book, send email to bookques‐
tions@oreilly.com.
For more information about our books, courses, conferences, and news, see our web‐
site at http://www.oreilly.com.
Find us on Facebook: http://facebook.com/oreilly
Follow us on Twitter: http://twitter.com/oreillymedia
Watch us on YouTube: http://www.youtube.com/oreillymedia
Preface | xi
Acknowledgments
This book would not have happened without the encouragement and support of my
wonderful wife, Tabitha Dotson, who told me that I couldn't pass up this opportunity and juggled schedules and obligations for over a year to make it happen. I'd also like to thank my children, Samantha (for her extensive knowledge of Greek mythology)
and Molly (for constantly challenging assumptions and thinking outside the box).
It takes many people besides the author to bring a book to publication, and I didn't
fully appreciate this before writing one. I'd like to thank my editors, Andy Oram and Courtney Allen; my reviewers, Hans Donker, Darren Day, and Edgar Ter Danielyan; and the rest of the wonderful team at O'Reilly who have guided and supported me through this.
Finally, I'd like to thank all of my friends, family, colleagues, and mentors over the
years who have answered questions, bounced around ideas, listened to bad puns,
laughed at my mistakes, and actually taught me most of the content in this book.
xii | Preface
CHAPTER 1
Principles and Concepts
Yes, this is a practical guide, but we do need to cover a few cloud-relevant security
principles at a high level before we dive into the practical bits. If you're a seasoned security professional new to the cloud, you may want to skim down to "The Cloud Shared Responsibility Model" on page 6.
Least Privilege
The principle of least privilege simply states that people or automated tools should be
able to access only what they need to do their jobs, and no more. It's easy to forget the automation part of this; for example, a component accessing a database should not
use credentials that allow write access to the database if write access isn't needed.
A practical application of least privilege often means that your access policies are
Do'stlaringiz bilan baham: |