Free Delivery Over $100
|
|
|||
|
||||
OverviewClouds face many threats like compromises of the hypervisor, insecure cloud storage, insecure images of VMs that are used infrequently, and remote cloud clients that face threats from malicious outsiders and insiders. Whether in a private cloud or third-party infrastructures, your services remain under threat and need protection that must be ever more sophisticated. Expert Cloud Security: Solutions for Service-oriented Organizations offers the solutions IT pros need to secure clouds from malicious sources as well as from poor security practices and IT ignorance. Arpan Roy, a cloud security expert for Infosys, first takes a deep dive into security issues relating to cloud systems. These span four broad areas that include the computing infrastructure, the data, security in communication, and external and insider service integration threats. For each security issue, the reader will learn about the potential causes of threats, a comparative study of relevant security case studies in the area, and a range of possible countermeasures. Roy also provides background on each--the significance of each security area, its relevance to a service company that deploys or manages clouds, and the current state of research. You will learn: * Which attack scenarios are exploited most often in the cloud environmentAttack scenarios that require you to secure the hypervisor, prevent the exploitation by a co-resident VM, secure VM images, mitigate insider threats, secure cloud storage, eliminate abuse of lightweight SaaS clients, and protect data propagation in clouds. * Industry standards and innovations in cloud security in the form of hardware, firmware, and software security solutions aimed at securing cloud infrastructures. Wearing a practitioner's glasses, Roy explores the relevance of each attack scenario and how to protect your company or clients from them. There are many threats to your company's or client's cloud, but as you will learn, knowledge, insight, and effective tools-all of which this book provides-can keep your cloud infrastructure working and secure at all times. Full Product DetailsAuthor: Arpan Roy , Santonu SarkarPublisher: APress Imprint: APress ISBN: 9781484206157ISBN 10: 1484206150 Pages: 300 Publication Date: 22 December 2015 Audience: Professional and scholarly , Professional & Vocational Format: Paperback Publisher's Status: Active Availability: In Print  This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us. Table of ContentsChapter 1: Introduction to Cloud Computing Chapter Goal: The emergence of Web 2.0 and with the emergence of on-the-go, easy-to-pay online payment gateways such as PayPal helped the rise of cloud computing, an evolution of utility computing. Content will include: * Why cloud computing?* Cloud service models* NIST paradigms for cloud computingChapter 2: Cloud Security Chapter Goal: In 2012, the International Working Group on Cloud Computing Resiliency (IWGCR) asserted that a total of 568 hours of downtime (security or non-security causes) at 13 well-known cloud services since 2007 suffered an economic impact of more than $71.7 million dollars. Securing the cloud can help companies avoid at least 50% of this economic loss. Content will include: * Cloud models based on security* Cloud security vs. virtualization security* Cloud security SLA PART I: Threats to the Cloud (Attack Scenarios)Chapter 3: Initiate Hypervisor Security Chapter Goal: The most exploited attack scenarios in the cloud can be classified in order of the four pillars of cloud service, namely (i) infrastructure, (ii) data, (iii) communication, and (iv) external service integration. Content will include: * Hypervisor, privileged VM, rings of execution, and trusted computing base (TCB)* IDS placement for securing hypervisors* 3. State-of-the-art secure hypervisorsChapter 4: Prevent Side-Channel Attacks Chapter Goal: Resource pooling in public clouds calls for multiple tenants to share the same infrastructure and resources. As a result, the attackers can exploit the fact that several VMs from different customers reside on the same host. The attacker can collocate his VM with the target VM and launch an attack on the target VM. Content will include: * 1. Detecting co-residency of VMs 2. Types of side channels in the cloud 3. Securing against side-channel attacks Chapter 5: Secure Virtual Machine Images Chapter Goal: Due to the provision of on-demand computing resources from the cloud, VMs can be generated quickly by the users. After initial usage, these VM images are often left unattended for long periods of time. This state of being unattended for prolonged periods leads to issues in patching. Installing patches is essential to keep the VM image updated and hence secure. Content will include: * VM sprawl problems* Attacks due to incorrect VM patching* Secure servicing of offline or hibernating VM imagesChapter 6: Secure Cloud Storage Chapter Goal: Cloud-based storage is available both as paid service (e.g., Amazon Simple Storage Service-S3, Azure Blob storage) as well as free service (e.g., Dropbox). Integrity and availability of cloud-based storage is of paramount importance in cloud-based storage solutions. With the rise of big-data analytics, the security of big data computing and big data storage infrastructures is also important. Content will include: * Storage architectures for secure cloud storage* Encryption solutions for secure cloud storage* Big data securityChapter 7: Secure Communication in the Cloud Chapter Goal: Two major issues fall under this area: (i) protection of end-to-end packet data propagation in clouds and (ii) unauthorized network-based access of cloud resources by using compromised cloud clients. Content will include: * Network encryption (SSL, TLS) for cloud networks* Secure lightweight cloud clientsChapter 8: Secure Component Integration Chapter Goal: Several software-as-a-service applications such as Google Wallet uses other external SaaS applications (banking applications) to fulfill its service requirements. Compromising these external SaaS applications may lead to service compromise of the SaaS application using them. Such compromises need to be monitored. Content will include: * Insider threats in the cloud* Secure group collaboration in cloud servicesPart II: Cloud Security SolutionsChapter 9: Hardware-based Solutions Chapter Goal: Purely hardware based solutions include hardware-based encryption where specialized hardware is used to implement algorithms for encryption. Content will include: * Hardware-based encryption solutions* Secure cloud hardwareChapter 10: Software-based Solutions Chapter Goal: Software-based solutions are less expensive than hardware solutions. Content will include: * Cloud-based anti-virus software.* Cloud-based data-leakage prevention (DLP) and Information Rights Management (IRM) solutions Chapter 11: Firmware-based Solutions Chapter Goal: Firmware solutions include software as well as a hardware component. Trusted Computing paradigms provide several such solutions. Trusted Computing guarantees the integrity of software involved in the computing. The Trusted Computing Group (TCG) has prescribed a set of standards for hardware and software for building trusted platforms. These procedural standards are implemented in a commodity chip called as Trusted Platform Module (TPM). Content will include: * Secure cloud architecture combining secure cloud hardware with secure cloud storage and secure networking solutions* Trusted Computing Group and Trusted Platform Modules (TPM)Part III: Open ProblemsChapter 12: Some Open Problems Chapter Goal: Some open problems will be discussed: * Predicting propagation of security failures on cloud based on dependency* Penetration testing of cloud-based applications APPENDIXReviewsAuthor InformationTab Content 6Author Website:Countries AvailableAll regions |
||||
