Practical Cloud Security

Download 1,76 Mb.

bet	2/9
Sana	31.12.2021
Hajmi	1,76 Mb.
	#252860

1 2 3 4 5 6 7 8 9

Constant width bold

Shows commands or other text that should be typed literally by the user.

Constant width italic

Shows text that should be replaced with user-supplied values or by values deter‐

mined by context.
This element signifies a tip or suggestion.
This element signifies a general note.

x | Preface

This element indicates a warning or caution.

O'Reilly Online Learning Platform

For almost 40 years, O'Reilly Media has provided technology

and business training, knowledge, and insight to help compa‐ nies succeed.

Our unique network of experts and innovators share their knowledge and expertise

through books, articles, conferences, and our online learning platform. O'Reilly's online learning platform gives you on-demand access to live training courses, in- depth learning paths, interactive coding environments, and a vast collection of text and video from O'Reilly and 200+ other publishers. For more information, please visit http://oreilly.com.

How to Contact Us

Please address comments and questions concerning this book to the publisher:

O'Reilly Media, Inc.

1005 Gravenstein Highway North

Sebastopol, CA 95472

800-998-9938 (in the United States or Canada)

707-829-0515 (international or local)

707-829-0104 (fax)

We have a web page for this book, where we list errata, examples, and any additional

information. You can access this page at http://bit.ly/practical-cloud-security.

To comment or ask technical questions about this book, send email to bookques‐

tions@oreilly.com.

For more information about our books, courses, conferences, and news, see our web‐

site at http://www.oreilly.com.

Find us on Facebook: http://facebook.com/oreilly

Follow us on Twitter: http://twitter.com/oreillymedia

Watch us on YouTube: http://www.youtube.com/oreillymedia

Preface | xi

Acknowledgments

This book would not have happened without the encouragement and support of my

wonderful wife, Tabitha Dotson, who told me that I couldn't pass up this opportunity and juggled schedules and obligations for over a year to make it happen. I'd also like to thank my children, Samantha (for her extensive knowledge of Greek mythology)

and Molly (for constantly challenging assumptions and thinking outside the box).

It takes many people besides the author to bring a book to publication, and I didn't

fully appreciate this before writing one. I'd like to thank my editors, Andy Oram and Courtney Allen; my reviewers, Hans Donker, Darren Day, and Edgar Ter Danielyan; and the rest of the wonderful team at O'Reilly who have guided and supported me through this.

Finally, I'd like to thank all of my friends, family, colleagues, and mentors over the

years who have answered questions, bounced around ideas, listened to bad puns,

laughed at my mistakes, and actually taught me most of the content in this book.

xii | Preface

CHAPTER 1

Principles and Concepts

Yes, this is a practical guide, but we do need to cover a few cloud-relevant security

principles at a high level before we dive into the practical bits. If you're a seasoned security professional new to the cloud, you may want to skim down to "The Cloud Shared Responsibility Model" on page 6.

Least Privilege

The principle of least privilege simply states that people or automated tools should be

able to access only what they need to do their jobs, and no more. It's easy to forget the automation part of this; for example, a component accessing a database should not

use credentials that allow write access to the database if write access isn't needed.

A practical application of least privilege often means that your access policies are

Download 1,76 Mb.

Do'stlaringiz bilan baham:

1 2 3 4 5 6 7 8 9