Chapter 6. Cloud Security

Key topics in this chapter:

• Cloud security planning and design

• Governance and operations

• Multitenant security

• Security in an automation cloud environment

• Identity management and federation

• Data sovereignty and on-shore operations

• Cloud security standards and certifications

• Cloud security best practices

In this chapter, I will focus on cloud security planning, system design, governance, and operational considerations. Rather that cover IT security from a general perspective, we will concentrate on areas unique to cloud environments. Information technology security and cloud security are such sweeping and important topics that they could easily require multiple books to cover everything. It is important to understand that all general IT security best practices still apply but few books and industry standards organizations have provided real-world guidance and lessons learned on cloud-specific security. That being said, I recommend reading the National Institute for Standards and Technology (NIST) Special Publication 500-299 as a good baseline cloud-security reference model and detailed specifications. In this chapter, I will focus more on real-world lessons learned and best practices rather than a government-style reference model (I will leave that to NIST and other government organizations).

This chapter is divided into several sections: we’ll take a look at security planning and design, infrastructure security, security standards, and ...