Security Architecture for Hybrid Cloud: A Practical Method for Designing Security Using Zero Trust Principles

✍ Scribed by Mark Buckwell

Publisher: O'Reilly Media
Year: 2024
Tongue: English
Leaves: 474
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

As the transformation to hybrid multicloud accelerates, businesses require a structured approach to securing their workloads. Adopting zero trust principles demands a systematic set of practices to deliver secure solutions. Regulated businesses, in particular, demand rigor in the architectural process to ensure the effectiveness of security controls and continued protection.

This book provides the first comprehensive method for hybrid multicloud security, integrating proven architectural techniques to deliver a comprehensive end-to-end security method with compliance, threat modeling, and zero trust practices. This method ensures repeatability and consistency in the development of secure solution architectures.

Architects will learn how to effectively identify threats and implement countermeasures through a combination of techniques, work products, and a demonstrative case study to reinforce learning. You'll examine:

The importance of developing a solution...

✦ Table of Contents

Preface
Audience
Contents of This Book
Conventions Used in This Book
Using Figure and Table Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Acknowledgments from Mark Buckwell
Acknowledgments from Stefaan Van daele
Acknowledgments from Carsten Horst
I. Concepts
1. Introduction
Foundational Security Techniques
Data-Centric Security
Secure by Design with Threat Modeling
Zero Trust Architecture
Zero trust basics
Zero trust principles
Compliance Management
Users of the Security Techniques
Architect Roles for Security
Security Architect
Infrastructure and Application Architect
Security Champion
Book Structure
Artifact Framework
Artifact Dependency Diagram
Case Study
Book Organization
Part I. Concepts
Part II. Plan
Part III. Design
Part IV. Build
Part V. Run
Part VI. Close
Solution Architecture Decomposition
Method Techniques
Summary
Further Reading
Exercises
2. Architecture Concepts
From Design Thinking to Compliance
Design Thinking and Consulting Practices
Transitioning to Architectural Thinking
Transitioning to Engineering
Operational Thinking
Enterprise Context
Compliance
Waterfall to Agile Delivery
Security Architecture in Agile
Enterprise and Solution Architecture
Enterprise Architecture
Solution Architecture
Zero Trust Architecture
Core Architecture Components
Architectural Thinking Integration
Identity, data, and transaction identification
Continuous authentication
Adaptive access control
Least privilege
Microsegmentation
Encryption in transit, at rest, and in use
Threat detection and response
Zero Trust Solutions
Technique: Enterprise Security Architecture
Security Processes or Services?
Enterprise Architecture Decomposition
Security domains
Security categories
Security services
Security Services Responsibilities
Cloud Controls Mapping
Security Service Design
Summary
Exercises
II. Plan
3. Enterprise Context
Chapter Artifacts
External Context
Laws and Regulations
Industry or Expert Organization Best Practices
Corporate Expectations
Consumer Expectations
Threat Landscape
Cybersecurity Vulnerabilities
Internal Context
Business and Information Systems Strategy
Current IT Environment and Security Control Plane
Policies, Practices, and Standards
Risk Management
Enterprise Architecture
Guiding Principles
Architecture Patterns and Automation
Enterprise Processes
Summary
Exercises
4. Requirements and Constraints
Chapter Artifacts
Requirements Concepts
Functional Requirements
Non-Functional Requirements
Constraints
Specifying Quality Requirements
Prioritizing Requirements
Specifying Functional Requirements
Use Cases
Journey Maps
User Stories
Swimlane Diagrams
Separation of Duties Matrices
Case Study: Process Definition
Specifying Non-Functional Requirements
Sources of Non-Functional Requirements
Non-Functional Requirement Dependencies
Documenting Non-Functional Requirements
Improving Requirement Specification
Case Study: Specifying a Requirements Catalog
Identifying Security Requirements
Elaborating Security Requirements
Rewriting Security Requirements
Requirements Traceability
Summary
Exercises
III. Design
5. System Context
Chapter Artifacts
Data Protection
Value of Data
Data Security Lifecycle
Metadata
Zero Trust and Data Flows
System Context Diagram
System and Security Architect Roles
System Context Concepts
Business and IT Context
Case Study: System Context Diagram
Identifying Human Actors
Identifying System Actors
Documenting the System Context
Information Asset Register
Data Classification
Actor Use Case and Data
Summary
Exercises
6. Application Security
Chapter Artifacts
Functional Viewpoint
Component Architecture
Component Architecture Diagram
Sequence Diagram
Collaboration Diagram
Data Flow Diagram
Component Architectural Thinking Process
Case Study: Component Architecture
Security Concepts
Threat Modeling
Identify Boundaries
Identify Assets
Identify Threat Actors
Identify Threats
STRIDE
Attack trees
LINDDUN
Identify Controls
Prioritization of Controls
Threat Modeling Tools
Case Study: Threat Model
Summary
Exercises
7. Shared Responsibilities
Chapter Artifacts
Cloud Computing Concepts
Cloud Computing Benefits
Cloud Service Models
Cloud Computing Platforms
Cloud Security Responsibilities
Landing Zones
Hybrid Cloud Architecture
Using the Hybrid Cloud Architecture Diagram
Shared Responsibilities Model
Shared Responsibilities Stack Diagram
Cloud Service Provider Responsibilities
Cloud User Responsibilities
Cloud Security Policy Responsibility
Case Study: Shared Responsibility Model
Identifying PaaS Services
Identifying SaaS Services
Identifying the Compute Platforms
Identifying Environments
Documenting a Shared Responsibilities Stack Diagram
Summary
Exercises
8. Infrastructure Security
Chapter Artifacts
Deployment Viewpoint
Deployment Architecture
Deployment Architecture Diagram
Deployment Architecture and Supporting Documentation
Architecting Infrastructure Security
Deploy functional components
Architect for compliance
Secure the data flows
1. Human or system actor to compute node
2. Compute node to compute node
3. Compute node to cloud service
4. Cloud service to cloud service
Iterate architectural thinking
Network Segmentation
Public cloud network segmentation
Microsegmentation
Network edge protection
Architecture patterns
Case Study: Deployment Architecture Diagram
Zero Trust-Based Security Infrastructure
Network-Based Solutions
Service Mesh Solutions
Endpoint-Based Solutions
Identity and Access Management
Architecting Zero Trust Practices
Case Study: Zero Trust
Cloud Architecture
Organizing Cloud Security
Cloud Architecture Diagram
High Availability
Case Study: Cloud Architecture Diagram
Summary
Exercises
9. Architecture Patterns and Decisions
Chapter Artifacts
Architecture Patterns
Solution Architecture Patterns
Solution Design Patterns
N-tier applications
Route to live environments
Hub and spoke
Resilient hub and spoke
Scaling for the enterprise
Deployable Architecture
A Distributed Version Control System
Continuous Integration/Continuous Delivery (CI/CD) Pipeline
Infrastructure as Code Toolchain
Using a Deployable Architecture
Architectural Decisions
Documenting Architectural Decision Records
Forms of Architectural Decision
Managing Architectural Decisions
Case Study: Architectural Decision
Summary
Exercises
IV. Build
10. Secure Development and Assurance
Chapter Artifacts
The Software Development Lifecycle
From DevOps to DevSecOps
Design
Develop
Build and Package
Deploy, Test, and Release
Operate and Monitor
Security Assurance
Cloud Security Operating Model
Risks, Assumptions, Issues, and Dependencies
Case Study: RAID Log
Summary
Exercises
V. Run
11. Security Operations
Chapter Artifacts
Shared Responsibilities
Defining Processes, Procedures, and Work Instructions
Case Study: Vulnerability Management Service
Process Definition
Procedures and Work Instructions Definition
Case Study: Deployment Architecture Update
Threat Detection Use Case
Case Study: Threat Detection Use Case
Incident Response Runbook
Case Study: Incident Response Runbook
Threat Traceability Matrix
Summary
Exercises
VI. Close
12. Closing Thoughts
Getting Started
Don’t Forget the Basics
Minimum Viable Artifacts
Iterate for Maturity
Get the Balance Right
Security Silos
Artificial Intelligence in Security Architecture
AI for Security
AI in architectural thinking
AI in security controls
Securing AI
Data processing/embedding/vector DB
Application/orchestration/LLMs
Infrastructure
Operations and governance
Summary
Go Learn, Practice, and Share
Exercises
A. Case Study
Clean Air Guildford Case Study
B. Artifact Mapping
C. Exercise Solutions
Chapter 1. Introduction
Chapter 2. Architecture Concepts
Chapter 3. Enterprise Context
Chapter 4. Requirements and Constraints
Chapter 5. System Context
Chapter 6. Application Security
Chapter 7. Shared Responsibilities
Chapter 8. Infrastructure Security
Chapter 9. Architecture Patterns and Decisions
Chapter 10. Secure Development and Assurance
Chapter 11. Security Operations
Chapter 12. Closing Thoughts
Index

📜 SIMILAR VOLUMES

Practical Cloud Security: A Guide for Se

📁 Practical Cloud Security: A Guide for Secure Design and Deployment

✍ Chris Dotson 📂 Library 📅 2019 🏛 O’Reilly Media 🌐 English

With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects

Practical cloud security: a guide for se

📁 Practical cloud security: a guide for secure design and deployment

✍ Dotson, Chris 📂 Library 📅 2019 🏛 O'Reilly Media 🌐 English

Intro; Copyright; Table of Contents; Preface; Conventions Used in This Book; O'Reilly Online Learning Platform; How to Contact Us; Acknowledgments; Chapter 1. Principles and Concepts; Least Privilege; Defense in Depth; Threat Actors, Diagrams, and Trust Boundaries; Cloud Delivery Models; The Cloud S

Practical Cloud Security: A Guide for Se

📁 Practical Cloud Security: A Guide for Secure Design and Deployment

✍ Chris Dotson 📂 Library 📅 2023 🏛 O'Reilly Media 🌐 English

<span>With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises

Practical Cloud Security: A Guide for Se

📁 Practical Cloud Security: A Guide for Secure Design and Deployment

✍ Chris Dotson 📂 Library 📅 2023 🏛 O'Reilly Media 🌐 English

With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises proje

📁 Practical cloud security : a guide for secure design and deployment

✍ Dotson, Chris, author 📂 Library 📅 2019 🏛 Sebastopol, CA : O'Reilly Media 🌐 English

1 online resource (1 volume) :

Cloud Security Handbook for Architects:

📁 Cloud Security Handbook for Architects: Practical Strategies and Solutions for Architecting Enterprise Cloud Security

✍ Ashish Mishra 📂 Library 📅 2023 🏛 Orange Education PVT Ltd 🌐 English

A comprehensive guide to secure your future on Cloud Key Features ● Learn traditional security concepts in the cloud and compare data asset management with on-premises. ● Understand data asset management in the cloud and on-premises. ● Learn about adopting a DevSecOps strategy for scalabilit