Securing Cloud Containers

Name: Securing Cloud Containers | Building and Running Secure Cloud-Native Applications
Brand: Wiley-Scrivener
Price: 50.99 EUR
Availability: OnlineOnly

Building and Running Secure Cloud-Native Applications

Sina Manavi Abbas Kudrati Muhammad Aizuddin Zali(Author)

Wiley-Scrivener (Publisher)

1st Edition

Published on 22. July 2025

541 pages

E-Book

ePUB with Adobe-DRM

System requirements

978-1-394-33374-5 (ISBN)

€50.99incl. 7% vat

System requirements

for ePUB with Adobe-DRM

E-Book Single Licence

Available for download

Description

Alles über E-Books | Antworten auf Fragen rund um E-Books, Kopierschutz und Dateiformate finden Sie in unserem Info- & Hilfebereich.

Alles über E-Books, Kopierschutz & Dateiformate finden Sie in unserem Info- & Hilfebereich.

A practical and up-to-date roadmap to securing cloud containers on AWS, GCP, and Azure

Securing Cloud Containers: Building and Running Secure Cloud-Native Applications is a hands-on guide that shows you how to secure containerized applications and cloud infrastructure, including Kubernetes. The authors address the most common obstacles and pain points that security professionals, DevOps engineers, and IT architects encounter in the development of cloud applications, including industry standard compliance and adherence to security best practices.

The book provides step-by-step instructions on the strategies and tools you can use to develop secure containers, as well as real-world examples of secure cloud-native applications. After an introduction to containers and Kubernetes, you'll explore the architecture of containerized applications, best practices for container security, security automation tools, the use of artificial intelligence in cloud security, and more.

Inside the book:

An in-depth discussion of implementing a Zero Trust model in cloud environments
Additional resources, including a glossary of important cloud and container security terms, recommendations for further reading, and lists of useful platform-specific tools (for Azure, Amazon Web Services, and Google Cloud Platform)
An introduction to SecDevOps in cloud-based containers, including tools and frameworks designed for Azure, GCP, and AWS platforms

An invaluable and practical resource for IT system administrators, cloud engineers, cybersecurity and SecDevOps professionals, and related IT and security practitioners, Securing Cloud Containers is an up-to-date and accurate roadmap to cloud container security that explains the "why" and "how" of securing containers on the AWS, GCP, and Azure platforms.

More details

Other editions

Content

Cover
Title Page
Copyright Page
About the Authors
About the Technical Editor
Acknowledgments
Contents at a Glance
Contents
Foreword
Introduction
So Why This Book, and Why Now?
What Does This Book Cover?
Who Should Read This Book
A Few Words from the Authors
Chapter 1 Introduction to Cloud-Based Containers
Cloud Café Story
The Story Continues: The Café's Expansion
The Cloud Kitchen Model
Making Cloud Kitchen a Success
How Containers Changed the Whole Game Plan
The New Hub of HiTechville
The Evolution of Cloud Infrastructure
The Era of Mainframes
The Rise of Virtualization
The Emergence of Cloud Services
The Shift to Containers
Introduction to Containers in Cloud Computing
The Role of Containers in Modern Cloud Computing
Virtual Machines versus Containers in Cloud Environments
Benefits of Using Containers in Cloud
Popular Cloud Container Technologies
Overview of Cloud-Native Ecosystem for Containers
Summary
Chapter 2 Cloud-Native Kubernetes: Azure, GCP, and AWS
What Is Kubernetes?
Managed Kubernetes Services
Microsoft Azure Kubernetes Services
Google Kubernetes Engine
Amazon Elastic Kubernetes Service
Azure-, GCP-, and AWS-Managed Kubernetes Service Assessment Criteria
Azure, GCP, and AWS Cloud-Native Container Management Services
Summary
Chapter 3 Understanding the Threats Against Cloud-Based Containerized Environments
Initial Stage of Threat Modeling
The MITRE ATT&CK Framework
Threat Vectors
Tactic and Techniques in MITRE ATT&CK
Cloud Threat Modeling Using MITRE ATT&CK
Cloud Container Threat Modeling
Foundations of Cloud Container Threat Modeling
Kubernetes Control Plane: Securing the Orchestration Core
Worker Nodes: Securing the Execution Environment
Cluster Networking: Defending the Communication Fabric
Workloads: Hardening Containers and Application Logic
IAM: Enforcing Granular Access Across Layers
Persistent Storage: Securing Data at Rest
CI/CD Pipeline Security: Defending the DevOps Chain
Log Monitoring and Visibility: Detecting What Matters
Resource Abuse and Resiliency: Planning for the Worst
Resource Abuse: Unauthorized Exploitation of Cloud Resources
Resiliency and Business Continuity Planning in Kubernetes
Compliance and Governance
Summary
Chapter 4 Secure Cloud Container Platform and Container Runtime
Introduction to Cloud-Specific OS and Container Security
Cloud-Specific OS: A Shifting Paradigm How OS Should Work
Container Security Architecture
Host OS Hardening for Container Environments
Leverage Container-Optimized OSs
Establish and Maintain Secure Configuration Baselines
Implement Robust Access Controls and Authentication
Apply Timely Security Updates and Patches
Implement Host-Based Security Controls
Container Runtime Hardening
Minimal Container Images
Multistage Build
Drop Unnecessary Capabilities
Implement Seccomp Profiles
Resource Controls
Use Memory and CPU Limits
Process and File Restrictions
Logging and Monitoring
Regular Security Updates
Network Security
Implementing Kubernetes Network Policies (netpol)
Leveraging Service Mesh for Advanced Secure Communication
Leveraging Cloud Network Security Groups
Linux Kernel Security Feature for the Container Platform
Linux Namespaces, Control Groups, and Capabilities
OS-Specific Security Capabilities (SELinux, AppArmor)
Security Best Practices in Cloud Container Stack
Least Privilege (RBAC) and Resource Limitation for Azure, GCP, AWS
Scanning and Verifying Images Using Cloud Services
Compliance and Governance in Cloud Environments
Meeting Regulatory Compliance (PCI-DSS, HIPAA) for Containerized Workload
Tools to Help Meet Compliance
Cloud-Native Security Benchmarks and Certifications
Future Trends and Emerging Standards in Cloud-Native Security
AI and Machine Learning Security Standards
Automated Compliance and Continuous Assessment
Summary
Chapter 5 Secure Application Container Security in the Cloud
Securing Containerized Applications in Cloud Container Platforms
Shared Responsibility Model
Image Security
Network Security
Threat Intelligence for Cloud-Native Containers
CI/CD Security in Cloud-Based Container Pipelines
Shifting Left and Managing Privileges in Azure DevOps, Google Cloud Build, and AWS CodePipeline
Azure DevOps
Google Cloud Build
AWS CodePipeline
Penetration Testing for Cloud-Based Containers
Supply Chain Risks and Best Practices in the Cloud
Securing Container Registries in the Cloud (ACR, ECR, GCR)
Image Signing and Verification in Cloud Platforms
Role-Based Access Control in Cloud Supply Chains
Summary
Chapter 6 Secure Monitoring in Cloud-Based Containers
Introduction to Secure Container Monitoring
Key Monitoring Enablement Business Goals
Enabling Cost Efficiency
Supporting Compliance and Audit Readiness
Enhancing Incident Response
Ensuring High Availability
Continuous Risk Identification and Remediation
Driving Strategic Decision-Making
Challenges in Monitoring Cloud-Based Containers
Ephemeral Workloads
Distributed Architectures
Data Volume and Noise
Security Considerations in Container Monitoring
Observability in Multitenancy
Integration with Modern DevOps and SecOps Toolchains
Lack of Standardization
Advanced Analytics and Predictive Insights
Comprehensive Monitoring and Security Architecture for Containerized Workloads
Comprehensive Visibility Across Layers
Container-LevelMonitoring: Runtime Security and Observability
Kubernetes Control Plane Monitoring: Orchestration Platform Security
Infrastructure Monitoring: Host and Cloud Environment Security
Threat Intelligence Integration: Enriched Detection and Proactive Defense
Automated Detection and Response
Application Performance Monitoring and Security
Compliance and Regulatory Adherence
Proactive Threat Detection: MITRE ATT&CK Operationalization
Enhancing Modern Capabilities with Advanced Techniques
Toward a Secure and Resilient Cloud-Native Future
Summary
Chapter 7 Kubernetes Orchestration Security
Cloud-Specific Kubernetes Architecture Security
Control Plane Security
Worker Node Security
Shared Security Responsibilities
Securing the Kubernetes API in Azure, GCP, and AWS
Securing AKS API
Securing GKE API
Securing EKS API
Best Practices for Securing the Kubernetes API
Audit Logging and Policy Engine in Cloud Platform
Implementation Strategies
Policy Engine
Integration and Operational Considerations
AKS Policy Implementation
GKE Policy Controls
EKS Policy Framework
Cross-Platform Policy Considerations
Advanced Policy Patterns
Audit Logging
AKS Audit Logging
GKE Audit Logging
EKS Audit Logging
Cross-Platform Audit Logging Strategies
Advanced Audit Logging Patterns
Security Policies and Resource Management for Cloud-Based Kubernetes
Network Policies and Admission Controllers in Cloud
Azure Policy Implementation
Google Kubernetes Engine Policy Control
AWS Network Policy Implementation
Network Policy Implementation
Advanced Implementation Strategies
Summary
Chapter 8 Zero Trust Model for Cloud Container Security
Zero Trust Concept and Core Principles
Core Principles of Zero Trust Architecture
Implementing Zero Trust in Cloud-Based Containers
IAM in Zero Trust
Network Segmentation and Micro-Segmentation in Cloud Containers
Network Segmentation
Micro-Segmentation
Continuous Monitoring and Risk-Based Access Decisions in Cloud
End-to-End Encryption and Data Security in Cloud Containers
Zero Trust in Kubernetes Security
Enforcing Kubernetes Security Policies with Zero Trust Principles
Zero Trust for Service Meshes (Istio, Linkerd) in Cloud-Based Kubernetes
Secure Access to Cloud-Based Kubernetes Control Planes
The Importance of Secure Access
Securing with Private Azure Kubernetes Service Cluster
Implementing Zero Trust for Multicloud Container Environments
Zero Trust Framework in Multicloud
Case Study: Applying Zero Trust in Cloud Container Workloads for a Banking Customer
Summary
Chapter 9 DevSecOps in Cloud-Based Container Platform
DevOps to DevSecOps in Azure, GCP, and AWS
Integrating Security into Cloud CI/CD Pipelines
SAST and Dependency Analysis in Cloud Environments
Infrastructure as Code Security for Cloud
Secrets Management in Cloud-Native DevSecOps
Continuous Monitoring and Alerts in Cloud-Based DevSecOps
Cloud-Based DevSecOps Tools and Frameworks
Azure DevOps
Google Cloud Build
AWS CodePipeline
Cross-Platform DevSecOps Frameworks
Selecting Cloud-Based DevSecOps Tools and Frameworks
Summary
Chapter 10 Application Modernization with Cloud Containers
Analyzing Legacy Architectures
Microservices Transformation in Practice
Adopting an API-First Strategy
Containerization and Orchestration
Cloud Migration and Modernization Approaches
Implementing Security Development Operation Practices
Microservices Architecture
Netflix's Journey to Microservices
Security Challenges in Microservices-Based Applications
Kubernetes and Service Mesh for Microservices
Implementing Zero Trust Security in Microservices
Securing APIs in Cloud-Native Microservices
Securing APIs in Cloud-Native Microservices
API Security Challenges in Cloud-Native Environments
API Gateway Solutions in Each Cloud Provider
Best Practices for API Security and Rate Limiting
Security Design Principles for Cloud-Native Apps
The 12-Factor App as a Cloud-Native Development Guiding Principle
Runtime Protection and CNAPP Integration
Application Modernization and Resiliency
Summary
Chapter 11 Compliance and Governance in Cloud-Based Containers
Understanding the Key Compliance and Governance in Containerized Environments
General Data Protection Regulation (GDPR)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI-DSS)
System and Organization Controls (SOC 2)
NIST SP 800-190: Application Container Security Guide
ISO/IEC 27000 Series
ISO/IEC 27001
ISO/IEC 27017
ISO/IEC 27018
CIS Kubernetes Benchmark (General)
CIS AKS Benchmark (Azure Kubernetes Service)
CIS GKE Benchmark (Google Kubernetes Engine)
CIS EKS Benchmark (Amazon Elastic Kubernetes Service)
A Comparison of the Key Compliance Standards and Regulations
How to Achieve Container Compliance and Governance for AKS, GKE, and EKS
Identity and Access Management (IAM)
Authentication and Authorization
Data Encryption (at Rest and in Transit)
Logging and Monitoring
Vulnerability Management
Network Security
Policy and Governance
Incident Response
Data Residency and Privacy
Supply Chain Security
Continuous Compliance and Automation
Container-Specific Best Practices
Compliance Dashboard
Summary
Chapter 12 Case Studies and Real-World Examples in Cloud Container Security
Case Study 1: Netflix's Adoption of Cloud Containers Security
Case Study 2: Capital One's Adoption of Zero Trust Security for Cloud Containers
Case Study 3: PayPal's Adoption of Zero Trust Security for Cloud Containers
Case Study 4: Uber's Cloud Container Security Implementation
Summary
Chapter 13 The Future of Cloud-Based Container Security
The Rise of Advanced Container Orchestration
Zero Trust and Container Security
Enhanced Runtime Security and AI Integration
Evolution of Container Image Security
Container Security as Code
Shift-Left Security Paradigm
Serverless Containers and Security Implications
Compliance and Regulatory Frameworks
Blockchain and Container Provenance
Increased Visibility and Observability
Quantum Computing and Container Security
Community-Driven Security Standards
Business Impact of Container Security Failures
Organizational Maturity and Operating Models for Container Security
Talent and Skills Gap in Container Security
Global Regulations and Data Sovereignty Impact
Integration with Enterprise Security Ecosystem
Future Predictions: Autonomous Container Security
Summary
Chapter 14 Security Automation and AI in Cloud Container Security
Threat Landscape in Container Environments
Foundations of Security Automation in Container Platforms
Integrating AI and Machine Learning for Proactive Defense
Security Orchestration, Automation, and Response in Cloud-Based Containers
Microsoft Azure Kubernetes Service Integration with SOAR
Google Kubernetes Engine Integration with SOAR
Amazon Elastic Kubernetes Service Integration with SOAR
Enhancing Container Threat Intelligence Feeds with Cloud-Based AI
Azure Kubernetes Service: Proactive Defense with AI-Enhanced Threat Intelligence
Google Kubernetes Engine: Threat Intelligence Amplified with Chronicle and AI Correlation
Amazon EKS: Scaling AI-Driven Threat Intelligence in Hyper-Scale Environments
Challenges and Considerations
Ensuring Explainability and Trust in AI Decisions
Addressing the Skills Gap in AI and Automation
Best Practices and Automation Strategies
The Road Ahead: Future of AI and Automation in Container Security
Strategic Roadmap for Decision Makers
Summary
Chapter 15 Cloud Container Platform Resiliency
High Availability and Fault Tolerance in Cloud Container Platforms
Disaster Recovery Strategies for Cloud Container Platform
Core Components of Modern DR Architecture
Implementation Strategies and Best Practices
Advanced Topics in Container DR
Operational Considerations and Maintenance
Future Planning
Security and Compliance in DR Strategies
Resiliency in Multicloud Container Platform Environments
Architectural Foundations
Data Management and Persistence
Platform Operations and Management
Security and Compliance
Cost Management and Resource Optimization
Disaster Recovery and Business Continuity
Monitoring and Testing Container Resiliency
Summary
Appendix A Glossary of Cloud and Container Security Terms
Appendix B Resources for Further Reading on Cloud-Based Containers
Foundational Concepts and Containerization Basics
Cloud-Specific Container Services
Advanced Container Management and Orchestration
Books and Articles
Online Courses and Tutorials
Security Resources
Appendix C Cloud-Specific Tools and Platforms for Container Security
Microsoft Azure Container Security Tools
Amazon Web Services (AWS) Container Security Tools
Google Cloud Platform (GCP) Container Security Tools
Multicloud and Open-Source Container Security Tools
Index
EULA

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Securing Cloud Containers

Description

More details

Other editions

Additional editions

Content

System requirements