Become well-versed with widely used platforms like Kubernetes, cloud services, Istio, Calico, Kynervo, Snyk, Prometheus, Kibana, Grafana, Clair, Anchor, and many more within the cloud-native space to secure infrastructure and develop secure software

Key Features

• Learn how to select cloud-native platforms and integrate security solutions into the overall system
• Leverage cutting-edge tools and platforms and use them, securely, at a global scale in production
• Discover the laws and regulations that you should be aware of to avoid federal prosecution

Book Description

For a Cloud security engineer, it is crucial to think beyond the few managed services provided by the cloud vendor and truly use the plethora of cloud-native tools available for developers and security professionals, which allow for providing security solutions at scale. In this book, we cover technologies for securing the infrastructure, containers, and runtime environments using vendor-agnostic cloud-native tools under the CNCF.

The book begins by introducing the what and whys of the cloud-native environment along with a primer about the platforms that we would be exploring ongoing in the book. We then progress in the book as one would in the development phase of an application. We continue by exploring the System design choices and security trade-offs and then secure application coding techniques that every developer should be mindful of. As we move into more advanced topics, we look into the security architecture of the system and threat modelling practices, and we conclude by explaining the laws and guidelines regulating security practices in the cloud native space while exploring some real-world repercussions that companies have faced in the past due to a company’s immature security practices.

By the end of the book, you'll find yourself better positioned in creating secure safe code and system designs.

What you will learn

• Learn security concerns and challenges for cloud-based app development
• Explore various tools for securing config, networks, and runtime
• Implementing threat modeling for risk mitigation strategies
• Implement various security solutions for the CI/CD pipeline
• Discover best practices for logging, monitoring, and alerting
• Understand regulatory compliance product impact on cloud security

Who This Book Is For

The target audience for the book would be developers, security professionals, and DevOps teams who are involved in designing, developing, and deploying cloud-native applications. It is intended for those with a technical background who want to gain a deeper understanding of cloud-native security and learn about the latest tools and technologies for securing cloud-native infrastructure and runtime environments. Having prior experience with cloud vendors and their managed services would be a plus to leveraging all the tools and platforms explained in this book.

Table of Contents

1. Understanding Cloud Native Architecture
2. Secure System Design using Cloud Native
3. Application Development practices in Cloud Native world
4. Developing a Secure Coding Culture
5. Threat Modeling for Cloud Native
6. Securing the Infrastructure
7. Cloud Security Operations
8. DevSecOps Practices for Cloud Native
9. Legal and Compliance Issues
10. Cloud Native Vendor Management and Security Certifications