It was not that long ago, that if you wanted to build a data center with a 1,000 servers and 200 terabytes of storage; it would take about a year or so of planning to get such a design into production. With the advent of cloud services such as the Google Cloud Platform, Amazon Web Services and others, one can create such an infrastructure in hours.
Yet with the ease of cloud deployments, security often gets lost in the shuffle. Even though AWS makes it quite clear in nearly every security document of theirs that security is a shared responsibility, that is lost on far too many customers.
In Practical Cloud Security: A Guide for Secure Design and Deployment (O'Reilly Media 978-1492037514), author Chris Dotson has written a compact guide that effectively shows the reader how to ensure security is implemented into their cloud environment. Dotson focuses on practical security and tools, and the reader is provided with a solid understanding of the necessary tools, technologies and requirements for creating secure cloud services.
At 175 pages, this is far from a comprehensive guide to cloud security. But what the book lacks in depth, it covers in breadth. Dotson details the core areas of cloud security that needs to be considered when deploying cloud services.
The book is relevant for a large set of readers. From information security managers, system administrators, security architects, application developers who are just finding out they are now tasked with cloud security responsibilities, and more. The book provides the reader with a solid foundation they can use to develop secure cloud services.
There are a lot of definitions for what cloud computing is. Perhaps that most pragmatic is “someone else’s computer”. That means that for nearly every on-premises information security control, there needs to be a corresponding cloud security control. While it’s not a perfect apples to apples comparison, it nonetheless is pretty accurate. And that is the approach the book takes.
In chapter 1, Dotson reiterates the importance of the shared responsibility model. He notes an utterly horrifying statistic, that 77% of IT decision makers believed that public cloud providers were responsible for securing data in the cloud, and 68% said they believed these providers were responsible for securing customer applications as well. It’s precisely for those type of cloud security oblivious IT decision makers that a book like this is needed.
The book does a great job of detailing all of the core areas of cloud security. And Dotson also lists many cloud tools available to get those jobs done. He covers the entire range of information security controls, including: access control, vulnerability management, monitoring and more.
Cloud security is far too important to be ignored. It’s a long and seemingly endless journey to secure the cloud. But for those looking to start the process, Practical Cloud Security is a great guide to help them on their journey.