Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010324817 | QA76.585 L56 2013 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Although virtualization is a widely accepted technology, there are few books dedicated to virtualization and security. Filling this need, Securing Cloud and Mobility: A Practitioner's Guide explains how to secure the multifaceted layers of private and public cloud deployments as well as mobility infrastructures. With comprehensive coverage that includes network, server, and endpoint security, it provides a strategic view of the security implications of virtualization and cloud computing.
The book begins by deconstructing the terminology of cloud computing. It explains how to establish a secure framework within the virtualized environment and breaks down the various deployment and service models for cloud computing.
For private clouds, it discusses the issues of physical versus logical segmentation, securing orchestration, encryption services, threat intelligence, and identity management. For public clouds, it provides three frameworks for reviewing cloud services: cursory, in-depth, and outsourced.
On the mobility side, the text discusses the three major mobile architectures: Apple IOS, Android, and Blackberry. Filled with real-world examples, it addresses the various mobile management approaches, secure mobile code development and standards, and the emerging threats to both cloud and mobility.
Laying out decision-making frameworks to help you secure your virtual environment, the book includes coverage of physical and virtual segregation, orchestration security, threat intelligence, identity management, cloud security assessments, cloud encryption services, audit and compliance, certifications, and secure mobile architecture. It includes helpful implementation considerations, technical decision points, and process flows to supply you with practical guidance on how to navigate the undulating terrains of cloud and mobility.
Author Notes
Lim, Ian; Coolidge, E. Coleen ; Hourani, Paul
Table of Contents
| List of Figures | p. xiii |
| List of Tables | p. xv |
| Part I Rethinking It and Security | |
| Chapter 1 Tectonic Shifts | p. 3 |
| 1.2 Disruptive Forces | p. 3 |
| 1.2 Deconstructing Cloud Computing | p. 3 |
| 1.2.1 NIST Definition | p. 3 |
| 1.2.2 The Three Service Models | p. 4 |
| 1.2.3 The Four Deployment Models | p. 6 |
| 1.3 The Rise of Mobility | p. 7 |
| 1.4 New IT | p. 9 |
| References | p. 10 |
| Chapter 2 The Evolving Threat Landscape | p. 11 |
| 2.1 From Cryptographers to World Leaders | p. 11 |
| 2.2 The Changing Threat Landscape | p. 12 |
| 2.3 Hacktivists | p. 14 |
| 2.3.1 Motivation | p. 14 |
| 2.3.2 Modus Operandi | p. 15 |
| 2.3.3 Hacktivism and Cloud | p. 16 |
| 2.3.4 Hacktivism and Mobility | p. 17 |
| 2.3.5 Hacktivism and Security | p. 17 |
| 2.4 Organized Cyber Crime | p. 19 |
| 2.4.1 Motivation | p. 19 |
| 2.4.2 Modus Operandi | p. 19 |
| 2.4.3 Organized Crime and Cloud | p. 20 |
| 2.4.4 Organized Crime and Mobility | p. 22 |
| 2.4.5 Organized Crime and Security | p. 24 |
| 2.5 Cyber Espionage and Terrorism | p. 25 |
| 2.5.1 Motivation | p. 25 |
| 2.5.2 Modus Operandi | p. 26 |
| 2.5.3 Cyber Espionage, Terrorism, and Cloud | p. 27 |
| 2.5.4 Cyber Espionage, Terrorism, and Mobility | p. 27 |
| 2.5.5 Cyber Espionage, Terrorism, and Security | p. 28 |
| 2.6 Hackers for Hire | p. 29 |
| 2.6.1 Motivation and Modus Operandi | p. 29 |
| 2.6.2 Hackers for Hire and the Cloud | p. 30 |
| 2.6.3 Hackers for Hire and Mobility | p. 30 |
| 2.6.4 Hackers for Hire and Security | p. 31 |
| 2.7 Insider Threat | p. 32 |
| References | p. 33 |
| Part II Deconstructing Cloud Security | |
| Chapter 3 Cloud Dialogues | p. 39 |
| 3.1 Point of Cloud | p. 39 |
| 3.2 Capability | p. 40 |
| 3.3 Financials | p. 41 |
| 3.4 Agility | p. 42 |
| 3.5 Security | p. 43 |
| 3.6 Licensing | p. 46 |
| 3.7 Service Level Agreements | p. 49 |
| References | p. 50 |
| Part III Securing Private Cloud Computing | |
| Chapter 4 Segmentation and the Private Cloud | p. 53 |
| 4.1 Physical and Logical Segmentation | p. 53 |
| 4.2 Physical Segmentation | p. 54 |
| 4.3 Physical and Virtual Segmentation | p. 56 |
| 4.4 Highly Optimized Segmentation Model | p. 58 |
| 4.5 Production-Based Segmentation Model | p. 60 |
| 4.6 Storage Segmentation Model | p. 60 |
| Chapter 5 Orchestration and Cloud Management | p. 65 |
| 5.1 What Is Orchestration? | p. 65 |
| 5.2 Benefits and Challenges | p. 65 |
| 5.3 Information Security Considerations | p. 68 |
| 5.3.1 Secure Service Delivery Workflows | p. 69 |
| 5.3.2 Secure Resource Delivery Automation | p. 69 |
| 5.3.3 Secure Orchestration Management | p. 72 |
| 5.3.4 Security Monitoring | p. 72 |
| Chapter 6 Encryption Services | p. 75 |
| 6.1 Holistic Encryption Strategy | p. 75 |
| 6.2 Scope Reduction | p. 76 |
| 6.3 Transport Layer Encryption | p. 77 |
| 6.3.1 Secure Socket Layer (SSL) | p. 77 |
| 6.3.2 Virtual Private Networks (VPNs) | p. 77 |
| 6.3.3 Secure Shell (SSH) | p. 78 |
| 6.3.4 Secure File Transfer Protocol (SFTP) | p. 78 |
| 6.3.5 Transport Layer Security (TLS) | p. 79 |
| 6.4 Data Layer Encryption | p. 79 |
| 6.4.1 Database Encryption | p. 80 |
| 6.4.2 Pile Encryption | p. 80 |
| 6.4.3 Encryption Appliances | p. 83 |
| 6.4.4 Disk Encryption | p. 84 |
| 6.4.5 Virtualization Encryption | p. 86 |
| 6.5 Key Management Life Cycle | p. 88 |
| References | p. 91 |
| Chapter 7 Threat Intelligence | p. 93 |
| 7.1 Security Threats to Private Cloud | p. 93 |
| 7.2 Threat Prevention Strategies | p. 95 |
| 7.3 Threat Detection Toolset | p. 95 |
| 7.4 Making Threat Detection Intelligent | p. 99 |
| Chapter 8 Identity Management for Private Clouds | p. 103 |
| 8.1 Layers of Identities | p. 103 |
| 8.2 Challenges of Disparate Identity Repositories | p. 105 |
| 8.3 Centralizing Identity Repositories | p. 106 |
| 8.3.1 Entitlements Aggregator | p. 106 |
| 8.3.2 Authoritative Sources of Identities | p. 108 |
| 8.3.3 Administrative Access | p. 109 |
| 8.3.4 Task User Access | p. 109 |
| 8.3.5 Central Identity Repository | p. 110 |
| Part IV Securing Public Clouds | |
| Chapter 9 Enterprise Cloud Governance | p. 115 |
| 9.1 Security Exposure of Public Cloud Use | p. 115 |
| 9.2 Corporate Cloud Use Policy | p. 116 |
| 9.3 Cloud Request Form | p. 118 |
| 9.4 Cloud Approval Workflow | p. 120 |
| References | p. 123 |
| Chapter 10 Cursory Cloud Use Review | p. 125 |
| 10.1 Overview | p. 125 |
| 10.2 Interview with Cloud Service Provider | p. 126 |
| 10.3 Cursory Review-Assessment Report | p. 130 |
| Chapter 11 In-Depth Cloud Assessment | p. 133 |
| 11.1 Overview | p. 133 |
| 11.2 Interview with the Requestor | p. 134 |
| 11.3 Security Governance | p. 136 |
| 11.4 Data Protection | p. 138 |
| 11.4.1 Overview | p. 138 |
| 11.4.2 Data Protection Questions for All Service Models | p. 139 |
| 11.4.3 SaaS Data Protection Questions | p. 139 |
| 11.4.4 PaaS Data Protection Questions | p. 141 |
| 11.4.5 IaaS Data Protection Questions | p. 142 |
| 11.5 Security Architecture | p. 142 |
| 11.6 Application Security | p. 144 |
| 11.6.1 Overview | p. 144 |
| 11.6.2 SaaS Application Security | p. 144 |
| 11.6.3 PaaS Application Security | p. 145 |
| 11.7 Identity and Access Management | p. 145 |
| 11.7.1 Overview | p. 145 |
| 11.7.2 Identity Access Management for CSP Staff | p. 146 |
| 11.7.3 Identity and Access Management for CSP Customers | p. 147 |
| 11.8 Compliance | p. 149 |
| 11.9 Electronic Discovery | p. 151 |
| 11.10 Closing the Loop | p. 152 |
| References | p. 153 |
| Chapter 12 Third-Party Cloud Assessment | p. 155 |
| 12.1 Overview | p. 155 |
| 12.2 Selecting an Assessor | p. 156 |
| 12.3 Finalizing the SOW | p. 156 |
| 12.4 Closing the Loop | p. 158 |
| Part V Securing Mobile | |
| Chapter 13 Mobile Security Infrastructure | p. 161 |
| 13.1 Overview | p. 161 |
| 13.2 BlackBerry® Enterprise Server Architecture | p. 161 |
| 13.3 Exchange to Support iOS, Android™, and Windows® Phone | p. 163 |
| References | p. 165 |
| Chapter 14 The Mobile Client Itself | p. 169 |
| 14.1 Overview | p. 169 |
| 14.2 Tablet and Smart Phone Security Issues | p. 169 |
| 14.3 Bring Your Own Device (BYOD) | p. 170 |
| 14.4 Lack of Encryption | p. 172 |
| 14.5 Lack of Good Authentication and Password Controls | p. 173 |
| 14.6 Unaltered Mobile Apps | p. 174 |
| 14.7 Saying No Is a Tricky Business | p. 175 |
| 14.8 Updating Mobile Standards and Searching for Solutions | p. 175 |
| 14.9 Performing Sanity Testing | p. 177 |
| 14.10 Garnering Executive Support and the Big Win | p. 179 |
| References | p. 181 |
| Chapter 15 Connecting to Enterprise and Third-Party Applications from Mobile Devices | p. 183 |
| 15.1 Overview | p. 183 |
| 15.2 Connecting to Exchange | p. 183 |
| 15.3 Connecting via VPN | p. 184 |
| 15.4 Connecting to Microsoft SharePoint® 2010 or Later | p. 186 |
| 15.5 Connecting to a Desktop or Server | p. 187 |
| 15.6 Connecting to File Shares | p. 189 |
| 15.7 Connecting to or Installing Third-Party Applications | p. 190 |
| References | p. 191 |
| Chapter 16 Creating Secure Mobile Applications | p. 193 |
| 16.1 Mobile Application Development in Your Organization | p. 193 |
| 16.2 Start with the Stakeholders | p. 194 |
| 16.3 Step through the Entire SDLC | p. 196 |
| 16.4 Guidelines Regarding Enterprise App Store/Google® Play | p. 200 |
| 16.4.1 Overview of Infrastructure | p. 200 |
| 16.4.2 Overview of Environment Setup and General Controls | p. 200 |
| 16.4.3 A Note about Publishing Your Apps | p. 201 |
| 16.4.3.1 Dealing with the Apple® App Store | p. 201 |
| 16.4.3.2 Dealing with Android's Google Play | p. 201 |
| References | p. 201 |
| Index | p. 203 |
