A Review of Practice Cloud Security or the First Book I Finished this Year¶
Practical Cloud Security: A Guide for Secure Design and Deployment
Author: Chris Dotson
I haven’t worked out if “Practical Cloud Security” is just that engaging that I managed to finish it in just a couple of days, or if it is on the shorter end of the scale for technical books, I’m not complaining though because I actually really enjoyed this book.*
Each chapter provides a breakdown of a key area including: Cloud Asset Management and Protection, Identity and Access Management, Vulnerability Management, Network Security and Incident Response, to name most but not all of them.
Admittedly one of my favourite sections was on Tagging Cloud Resources, because when doing configuration reviews, it’s something I rarely see done, but think a lot of companies could take advantage and benefit from of especially when dealing with a shared environment and asset management.
It also had some great out of the box metrics in the vulnerability management chapter, are they good for mature businesses that have a good handle on their cloud environment? Debatable, but I think if you are getting started with metrics or looking for a way to monitor how successful your patch and vulnerability management program is, they _could_ provide a good starting point.
One of the other qualities that sets this book apart from a lot of others, is the addition of referencing back to how certain concepts are done when leveraging on-premise infrastructure. I was probably a little later to the cloud game, and some of the more abstract concepts like Kubernetes Pods (not covered directly in this book) I do much better when I can relate it back to a concept I know much better i.e. on-premise, so I really appreciated that.
I think this and it’s focus on the practical part of cloud security make it a really good option for those that are familiar with cloud (or really even new) but need like a too long didn’t read version? It doesn’t focus on the finer details on implementation, and so you’d probably want to follow up on a more in-depth cloud security book that gets more into the detail, I mean you could also consider reading the Centre for Information Security $CLOUD benchmark but that will probably overwhelm you with details you just don’t need in your life right now. Let’s keep it practical.
The book also remains very agnostic but does provide the name of the service (if relevant) for the three major cloud providers (and IBM cloud).
Admittedly if I had one complaint, it would have to be I didn’t like the risk section, and honestly, that could just come down to semantics and how I define risk as opposed to the author, but with that said, it’s good chapter and will benefit those looking to understand the general topic.
Overall, I think this is an informative book to have a read through for almost anyone involved in cloud security and is looking for a primer, overview, or refresher. Because it is on the shorted end you can approach it in a more read end-to-end way, I sort of skimmed over the areas I felt like I had a good handle on, but make sure you keep a highlighter and stick notes on hand because there are some great concepts in there you may want to revisit.
I rate it 4 out of 5 clouds.
Note: After putting together the details of the book, I found out that at 196 pages it is probably on the shorter end of technical books.