{"product_id":"securing-cloud-containers-isbn-9781394333738","title":"Securing Cloud Containers","description":"\u003cp\u003e\u003cb\u003eA practical and up-to-date roadmap to securing cloud containers on AWS, GCP, and Azure\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003ci\u003eSecuring Cloud Containers: Building and Running Secure Cloud-Native Applications\u003c\/i\u003e is a hands-on guide that shows you how to secure containerized applications and cloud infrastructure, including Kubernetes. The authors address the most common obstacles and pain points that security professionals, DevOps engineers, and IT architects encounter in the development of cloud applications, including industry standard compliance and adherence to security best practices. \u003c\/p\u003e\u003cp\u003eThe book provides step-by-step instructions on the strategies and tools you can use to develop secure containers, as well as real-world examples of secure cloud-native applications. After an introduction to containers and Kubernetes, you'll explore the architecture of containerized applications, best practices for container security, security automation tools, the use of artificial intelligence in cloud security, and more. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eInside the book:\u003c\/b\u003e \u003c\/p\u003e\u003cul\u003e \u003cli\u003eAn in-depth discussion of implementing a Zero Trust model in cloud environments\u003c\/li\u003e \u003cli\u003eAdditional resources, including a glossary of important cloud and container security terms, recommendations for further reading, and lists of useful platform-specific tools (for Azure, Amazon Web Services, and Google Cloud Platform)\u003c\/li\u003e \u003cli\u003eAn introduction to SecDevOps in cloud-based containers, including tools and frameworks designed for Azure, GCP, and AWS platforms\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eAn invaluable and practical resource for IT system administrators, cloud engineers, cybersecurity and SecDevOps professionals, and related IT and security practitioners, \u003ci\u003eSecuring Cloud Containers\u003c\/i\u003e is an up-to-date and accurate roadmap to cloud container security that explains the “why” and “how” of securing containers on the AWS, GCP, and Azure platforms. \u003c\/p\u003e\u003cp\u003eForeword xxv\u003c\/p\u003e \u003cp\u003eIntroduction xxvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introduction to Cloud-Based Containers 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCloud Café Story 1\u003c\/p\u003e \u003cp\u003eThe Story Continues: The Café’s Expansion 2\u003c\/p\u003e \u003cp\u003eThe Cloud Kitchen Model 3\u003c\/p\u003e \u003cp\u003eMaking Cloud Kitchen a Success 3\u003c\/p\u003e \u003cp\u003eHow Containers Changed the Whole Game Plan 3\u003c\/p\u003e \u003cp\u003eThe New Hub of HiTechville 4\u003c\/p\u003e \u003cp\u003eThe Evolution of Cloud Infrastructure 4\u003c\/p\u003e \u003cp\u003eThe Era of Mainframes 4\u003c\/p\u003e \u003cp\u003eThe Rise of Virtualization 4\u003c\/p\u003e \u003cp\u003eThe Emergence of Cloud Services 5\u003c\/p\u003e \u003cp\u003eThe Shift to Containers 5\u003c\/p\u003e \u003cp\u003eIntroduction to Containers in Cloud Computing 6\u003c\/p\u003e \u003cp\u003eThe Role of Containers in Modern Cloud Computing 6\u003c\/p\u003e \u003cp\u003eVirtual Machines Versus Containers in Cloud Environments 6\u003c\/p\u003e \u003cp\u003eBenefits of Using Containers in Cloud 7\u003c\/p\u003e \u003cp\u003ePopular Cloud Container Technologies 8\u003c\/p\u003e \u003cp\u003eOverview of Cloud-Native Ecosystem for Containers 11\u003c\/p\u003e \u003cp\u003eSummary 12\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Cloud-Native Kubernetes: Azure, GCP, and AWS 13\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Kubernetes? 15\u003c\/p\u003e \u003cp\u003eManaged Kubernetes Services 17\u003c\/p\u003e \u003cp\u003eMicrosoft Azure Kubernetes Services 17\u003c\/p\u003e \u003cp\u003eGoogle Kubernetes Engine 18\u003c\/p\u003e \u003cp\u003eAmazon Elastic Kubernetes Service 19\u003c\/p\u003e \u003cp\u003eAzure-, GCP-, and AWS-Managed Kubernetes Service Assessment Criteria 21\u003c\/p\u003e \u003cp\u003eAzure, GCP, and AWS Cloud-Native Container Management Services 23\u003c\/p\u003e \u003cp\u003eSummary 23\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Understanding the Threats Against Cloud-Based Containerized Environments 25\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInitial Stage of Threat Modeling 25\u003c\/p\u003e \u003cp\u003eThe MITRE ATT\u0026amp;CK Framework 26\u003c\/p\u003e \u003cp\u003eThreat Vectors 27\u003c\/p\u003e \u003cp\u003eTactic and Techniques in MITRE ATT\u0026amp;CK 27\u003c\/p\u003e \u003cp\u003eCloud Threat Modeling Using MITRE ATT\u0026amp;CK 31\u003c\/p\u003e \u003cp\u003eCloud Container Threat Modeling 37\u003c\/p\u003e \u003cp\u003eFoundations of Cloud Container Threat Modeling 37\u003c\/p\u003e \u003cp\u003eKubernetes Control Plane: Securing the Orchestration Core 37\u003c\/p\u003e \u003cp\u003eWorker Nodes: Securing the Execution Environment 38\u003c\/p\u003e \u003cp\u003eCluster Networking: Defending the Communication Fabric 39\u003c\/p\u003e \u003cp\u003eWorkloads: Hardening Containers and Application Logic 40\u003c\/p\u003e \u003cp\u003eIAM: Enforcing Granular Access Across Layers 41\u003c\/p\u003e \u003cp\u003ePersistent Storage: Securing Data at Rest 42\u003c\/p\u003e \u003cp\u003eCI\/CD Pipeline Security: Defending the DevOps Chain 42\u003c\/p\u003e \u003cp\u003eLog Monitoring and Visibility: Detecting What Matters 43\u003c\/p\u003e \u003cp\u003eResource Abuse and Resiliency: Planning for the Worst 44\u003c\/p\u003e \u003cp\u003eResource Abuse: Unauthorized Exploitation of Cloud Resources 44\u003c\/p\u003e \u003cp\u003eResiliency and Business Continuity Planning in Kubernetes 46\u003c\/p\u003e \u003cp\u003eCompliance and Governance 47\u003c\/p\u003e \u003cp\u003eSummary 48\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Secure Cloud Container Platform and Container Runtime 49\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Cloud-Specific OS and Container Security 49\u003c\/p\u003e \u003cp\u003eCloud-Specific OS: A Shifting Paradigm How OS Should Work 50\u003c\/p\u003e \u003cp\u003eContainer Security Architecture 51\u003c\/p\u003e \u003cp\u003eHost OS Hardening for Container Environments 53\u003c\/p\u003e \u003cp\u003eLeverage Container-Optimized OSs 53\u003c\/p\u003e \u003cp\u003eEstablish and Maintain Secure Configuration Baselines 54\u003c\/p\u003e \u003cp\u003eImplement Robust Access Controls and Authentication 55\u003c\/p\u003e \u003cp\u003eApply Timely Security Updates and Patches 55\u003c\/p\u003e \u003cp\u003eImplement Host-Based Security Controls 56\u003c\/p\u003e \u003cp\u003eContainer Runtime Hardening 56\u003c\/p\u003e \u003cp\u003eMinimal Container Images 56\u003c\/p\u003e \u003cp\u003eMultistage Build 57\u003c\/p\u003e \u003cp\u003eDrop Unnecessary Capabilities 57\u003c\/p\u003e \u003cp\u003eImplement Seccomp Profiles 58\u003c\/p\u003e \u003cp\u003eResource Controls 59\u003c\/p\u003e \u003cp\u003eUse Memory and CPU Limits 60\u003c\/p\u003e \u003cp\u003eProcess and File Restrictions 60\u003c\/p\u003e \u003cp\u003eLogging and Monitoring 61\u003c\/p\u003e \u003cp\u003eRegular Security Updates 62\u003c\/p\u003e \u003cp\u003eNetwork Security 62\u003c\/p\u003e \u003cp\u003eImplementing Kubernetes Network Policies (netpol) 64\u003c\/p\u003e \u003cp\u003eLeveraging Service Mesh for Advanced Secure Communication 64\u003c\/p\u003e \u003cp\u003eLeveraging Cloud Network Security Groups 66\u003c\/p\u003e \u003cp\u003eLinux Kernel Security Feature for the Container Platform 67\u003c\/p\u003e \u003cp\u003eLinux Namespaces, Control Groups, and Capabilities 68\u003c\/p\u003e \u003cp\u003eOS-Specific Security Capabilities (SELinux, AppArmor) 69\u003c\/p\u003e \u003cp\u003eSecurity Best Practices in Cloud Container Stack 70\u003c\/p\u003e \u003cp\u003eLeast Privilege (RBAC) and Resource Limitation for Azure, Gcp, Aws 71\u003c\/p\u003e \u003cp\u003eScanning and Verifying Images Using Cloud Services 72\u003c\/p\u003e \u003cp\u003eCompliance and Governance in Cloud Environments 73\u003c\/p\u003e \u003cp\u003eMeeting Regulatory Compliance (PCI-DSS, HIPAA) for Containerized Workload 73\u003c\/p\u003e \u003cp\u003eTools to Help Meet Compliance 76\u003c\/p\u003e \u003cp\u003eCloud-Native Security Benchmarks and Certifications 76\u003c\/p\u003e \u003cp\u003eFuture Trends and Emerging Standards in Cloud-Native Security 78\u003c\/p\u003e \u003cp\u003eAI and Machine Learning Security Standards 79\u003c\/p\u003e \u003cp\u003eAutomated Compliance and Continuous Assessment 79\u003c\/p\u003e \u003cp\u003eSummary 81\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Secure Application Container Security in the Cloud 83\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecuring Containerized Applications in Cloud Container Platforms 83\u003c\/p\u003e \u003cp\u003eShared Responsibility Model 84\u003c\/p\u003e \u003cp\u003eImage Security 84\u003c\/p\u003e \u003cp\u003eNetwork Security 85\u003c\/p\u003e \u003cp\u003eThreat Intelligence for Cloud-Native Containers 87\u003c\/p\u003e \u003cp\u003eCI\/CD Security in Cloud-Based Container Pipelines 90\u003c\/p\u003e \u003cp\u003eShifting Left and Managing Privileges in Azure DevOps, Google Cloud Build, and AWS CodePipeline 91\u003c\/p\u003e \u003cp\u003eAzure DevOps 91\u003c\/p\u003e \u003cp\u003eGoogle Cloud Build 92\u003c\/p\u003e \u003cp\u003eAWS CodePipeline 93\u003c\/p\u003e \u003cp\u003ePenetration Testing for Cloud-Based Containers 94\u003c\/p\u003e \u003cp\u003eSupply Chain Risks and Best Practices in the Cloud 95\u003c\/p\u003e \u003cp\u003eSecuring Container Registries in the Cloud (ACR, ECR, GCR) 97\u003c\/p\u003e \u003cp\u003eImage Signing and Verification in Cloud Platforms 98\u003c\/p\u003e \u003cp\u003eRole-Based Access Control in Cloud Supply Chains 99\u003c\/p\u003e \u003cp\u003eSummary 101\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Secure Monitoring in Cloud-Based Containers 103\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Secure Container Monitoring 103\u003c\/p\u003e \u003cp\u003eKey Monitoring Enablement Business Goals 104\u003c\/p\u003e \u003cp\u003eEnabling Cost Efficiency 104\u003c\/p\u003e \u003cp\u003eSupporting Compliance and Audit Readiness 104\u003c\/p\u003e \u003cp\u003eEnhancing Incident Response 105\u003c\/p\u003e \u003cp\u003eEnsuring High Availability 106\u003c\/p\u003e \u003cp\u003eContinuous Risk Identification and Remediation 106\u003c\/p\u003e \u003cp\u003eDriving Strategic Decision-Making 108\u003c\/p\u003e \u003cp\u003eChallenges in Monitoring Cloud-Based Containers 108\u003c\/p\u003e \u003cp\u003eEphemeral Workloads 108\u003c\/p\u003e \u003cp\u003eDistributed Architectures 109\u003c\/p\u003e \u003cp\u003eData Volume and Noise 109\u003c\/p\u003e \u003cp\u003eSecurity Considerations in Container Monitoring 110\u003c\/p\u003e \u003cp\u003eObservability in Multitenancy 111\u003c\/p\u003e \u003cp\u003eIntegration with Modern DevOps and SecOps Toolchains 111\u003c\/p\u003e \u003cp\u003eLack of Standardization 112\u003c\/p\u003e \u003cp\u003eAdvanced Analytics and Predictive Insights 112\u003c\/p\u003e \u003cp\u003eComprehensive Monitoring and Security Architecture for Containerized Workloads 112\u003c\/p\u003e \u003cp\u003eComprehensive Visibility Across Layers 115\u003c\/p\u003e \u003cp\u003eContainer-Level Monitoring: Runtime Security and Observability 116\u003c\/p\u003e \u003cp\u003eKubernetes Control Plane Monitoring: Orchestration Platform Security 118\u003c\/p\u003e \u003cp\u003eInfrastructure Monitoring: Host and Cloud Environment Security 119\u003c\/p\u003e \u003cp\u003eThreat Intelligence Integration: Enriched Detection and Proactive Defense 120\u003c\/p\u003e \u003cp\u003eAutomated Detection and Response 120\u003c\/p\u003e \u003cp\u003eApplication Performance Monitoring and Security 121\u003c\/p\u003e \u003cp\u003eCompliance and Regulatory Adherence 122\u003c\/p\u003e \u003cp\u003eProactive Threat Detection: MITRE ATT\u0026amp;CK Operationalization 123\u003c\/p\u003e \u003cp\u003eEnhancing Modern Capabilities with Advanced Techniques 123\u003c\/p\u003e \u003cp\u003eToward a Secure and Resilient Cloud-Native Future 127\u003c\/p\u003e \u003cp\u003eSummary 127\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Kubernetes Orchestration Security 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCloud-Specific Kubernetes Architecture Security 130\u003c\/p\u003e \u003cp\u003eControl Plane Security 130\u003c\/p\u003e \u003cp\u003eWorker Node Security 131\u003c\/p\u003e \u003cp\u003eShared Security Responsibilities 133\u003c\/p\u003e \u003cp\u003eSecuring the Kubernetes API in Azure, GCP, and AWS 134\u003c\/p\u003e \u003cp\u003eSecuring AKS API 134\u003c\/p\u003e \u003cp\u003eSecuring GKE API 135\u003c\/p\u003e \u003cp\u003eSecuring EKS API 135\u003c\/p\u003e \u003cp\u003eBest Practices for Securing the Kubernetes API 136\u003c\/p\u003e \u003cp\u003eAudit Logging and Policy Engine in Cloud Platform 137\u003c\/p\u003e \u003cp\u003eImplementation Strategies 137\u003c\/p\u003e \u003cp\u003ePolicy Engine 138\u003c\/p\u003e \u003cp\u003eIntegration and Operational Considerations 138\u003c\/p\u003e \u003cp\u003eAKS Policy Implementation 139\u003c\/p\u003e \u003cp\u003eGKE Policy Controls 139\u003c\/p\u003e \u003cp\u003eEKS Policy Framework 140\u003c\/p\u003e \u003cp\u003eCross-Platform Policy Considerations 140\u003c\/p\u003e \u003cp\u003eAdvanced Policy Patterns 141\u003c\/p\u003e \u003cp\u003eAudit Logging 141\u003c\/p\u003e \u003cp\u003eAKS Audit Logging 142\u003c\/p\u003e \u003cp\u003eGKE Audit Logging 142\u003c\/p\u003e \u003cp\u003eEKS Audit Logging 143\u003c\/p\u003e \u003cp\u003eCross-Platform Audit Logging Strategies 143\u003c\/p\u003e \u003cp\u003eAdvanced Audit Logging Patterns 144\u003c\/p\u003e \u003cp\u003eSecurity Policies and Resource Management for Cloud-Based Kubernetes 144\u003c\/p\u003e \u003cp\u003eNetwork Policies and Admission Controllers in Cloud 145\u003c\/p\u003e \u003cp\u003eAzure Policy Implementation 145\u003c\/p\u003e \u003cp\u003eGoogle Kubernetes Engine Policy Control 146\u003c\/p\u003e \u003cp\u003eAWS Network Policy Implementation 147\u003c\/p\u003e \u003cp\u003eNetwork Policy Implementation 147\u003c\/p\u003e \u003cp\u003eAdvanced Implementation Strategies 148\u003c\/p\u003e \u003cp\u003eSummary 148\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Zero Trust Model for Cloud Container Security 149\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eZero Trust Concept and Core Principles 150\u003c\/p\u003e \u003cp\u003eCore Principles of Zero Trust Architecture 151\u003c\/p\u003e \u003cp\u003eImplementing Zero Trust in Cloud-Based Containers 153\u003c\/p\u003e \u003cp\u003eIAM in Zero Trust 153\u003c\/p\u003e \u003cp\u003eNetwork Segmentation and Micro-Segmentation in Cloud Containers 154\u003c\/p\u003e \u003cp\u003eNetwork Segmentation 154\u003c\/p\u003e \u003cp\u003eMicro-Segmentation 155\u003c\/p\u003e \u003cp\u003eContinuous Monitoring and Risk-Based Access Decisions in Cloud 155\u003c\/p\u003e \u003cp\u003eEnd-to-End Encryption and Data Security in Cloud Containers 156\u003c\/p\u003e \u003cp\u003eZero Trust in Kubernetes Security 157\u003c\/p\u003e \u003cp\u003eEnforcing Kubernetes Security Policies with Zero Trust Principles 157\u003c\/p\u003e \u003cp\u003eZero Trust for Service Meshes (Istio, Linkerd) in Cloud-Based Kubernetes 158\u003c\/p\u003e \u003cp\u003eSecure Access to Cloud-Based Kubernetes Control Planes 160\u003c\/p\u003e \u003cp\u003eThe Importance of Secure Access 160\u003c\/p\u003e \u003cp\u003eSecuring with Private Azure Kubernetes Service Cluster 161\u003c\/p\u003e \u003cp\u003eImplementing Zero Trust for Multicloud Container Environments 163\u003c\/p\u003e \u003cp\u003eZero Trust Framework in Multicloud 163\u003c\/p\u003e \u003cp\u003eCase Study: Applying Zero Trust in Cloud Container Workloads for a Banking Customer 165\u003c\/p\u003e \u003cp\u003eSummary 166\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 DevSecOps in Cloud-Based Container Platform 169\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDevOps to DevSecOps in Azure, GCP, and AWS 170\u003c\/p\u003e \u003cp\u003eIntegrating Security into Cloud CI\/CD Pipelines 172\u003c\/p\u003e \u003cp\u003eSAST and Dependency Analysis in Cloud Environments 175\u003c\/p\u003e \u003cp\u003eInfrastructure as Code Security for Cloud 177\u003c\/p\u003e \u003cp\u003eSecrets Management in Cloud-Native DevSecOps 178\u003c\/p\u003e \u003cp\u003eContinuous Monitoring and Alerts in Cloud-Based DevSecOps 180\u003c\/p\u003e \u003cp\u003eCloud-Based DevSecOps Tools and Frameworks 183\u003c\/p\u003e \u003cp\u003eAzure DevOps 183\u003c\/p\u003e \u003cp\u003eGoogle Cloud Build 183\u003c\/p\u003e \u003cp\u003eAWS CodePipeline 184\u003c\/p\u003e \u003cp\u003eCross-Platform DevSecOps Frameworks 184\u003c\/p\u003e \u003cp\u003eSelecting Cloud-Based DevSecOps Tools and Frameworks 185\u003c\/p\u003e \u003cp\u003eSummary 185\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Application Modernization with Cloud Containers 187\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAnalyzing Legacy Architectures 188\u003c\/p\u003e \u003cp\u003eMicroservices Transformation in Practice 188\u003c\/p\u003e \u003cp\u003eAdopting an API-First Strategy 191\u003c\/p\u003e \u003cp\u003eContainerization and Orchestration 191\u003c\/p\u003e \u003cp\u003eCloud Migration and Modernization Approaches 192\u003c\/p\u003e \u003cp\u003eImplementing Security Development Operation Practices 192\u003c\/p\u003e \u003cp\u003eMicroservices Architecture 195\u003c\/p\u003e \u003cp\u003eNetflix’s Journey to Microservices 195\u003c\/p\u003e \u003cp\u003eSecurity Challenges in Microservices-Based Applications 197\u003c\/p\u003e \u003cp\u003eKubernetes and Service Mesh for Microservices 197\u003c\/p\u003e \u003cp\u003eImplementing Zero Trust Security in Microservices 198\u003c\/p\u003e \u003cp\u003eSecuring APIs in Cloud-Native Microservices 199\u003c\/p\u003e \u003cp\u003eSecuring APIs in Cloud-Native Microservices 199\u003c\/p\u003e \u003cp\u003eAPI Security Challenges in Cloud-Native Environments 200\u003c\/p\u003e \u003cp\u003eAPI Gateway Solutions in Each Cloud Provider 200\u003c\/p\u003e \u003cp\u003eBest Practices for API Security and Rate Limiting 201\u003c\/p\u003e \u003cp\u003eSecurity Design Principles for Cloud-Native Apps 202\u003c\/p\u003e \u003cp\u003eThe 12-Factor App as a Cloud-Native Development Guiding Principle 203\u003c\/p\u003e \u003cp\u003eRuntime Protection and CNAPP Integration 204\u003c\/p\u003e \u003cp\u003eApplication Modernization and Resiliency 205\u003c\/p\u003e \u003cp\u003eSummary 205\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Compliance and Governance in Cloud-Based Containers 207\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding the Key Compliance and Governance in Containerized Environments 208\u003c\/p\u003e \u003cp\u003eGeneral Data Protection Regulation (GDPR) 208\u003c\/p\u003e \u003cp\u003eHealth Insurance Portability and Accountability Act (HIPAA) 208\u003c\/p\u003e \u003cp\u003ePayment Card Industry Data Security Standard (PCI-DSS) 209\u003c\/p\u003e \u003cp\u003eSystem and Organization Controls (SOC 2) 209\u003c\/p\u003e \u003cp\u003eNIST SP 800-190: Application Container Security Guide 209\u003c\/p\u003e \u003cp\u003eISO\/IEC 27000 Series 210\u003c\/p\u003e \u003cp\u003eIso\/iec 27001 210\u003c\/p\u003e \u003cp\u003eIso\/iec 27017 210\u003c\/p\u003e \u003cp\u003eIso\/iec 27018 211\u003c\/p\u003e \u003cp\u003eCIS Kubernetes Benchmark (General) 211\u003c\/p\u003e \u003cp\u003eCIS AKS Benchmark (Azure Kubernetes Service) 211\u003c\/p\u003e \u003cp\u003eCIS GKE Benchmark (Google Kubernetes Engine) 212\u003c\/p\u003e \u003cp\u003eCIS EKS Benchmark (Amazon Elastic Kubernetes Service) 212\u003c\/p\u003e \u003cp\u003eA Comparison of the Key Compliance Standards and Regulations 212\u003c\/p\u003e \u003cp\u003eHow to Achieve Container Compliance and Governance for AKS, GKE, and EKS 214\u003c\/p\u003e \u003cp\u003eIdentity and Access Management (IAM) 214\u003c\/p\u003e \u003cp\u003eAuthentication and Authorization 215\u003c\/p\u003e \u003cp\u003eData Encryption (at Rest and in Transit) 216\u003c\/p\u003e \u003cp\u003eLogging and Monitoring 218\u003c\/p\u003e \u003cp\u003eVulnerability Management 219\u003c\/p\u003e \u003cp\u003eNetwork Security 220\u003c\/p\u003e \u003cp\u003ePolicy and Governance 221\u003c\/p\u003e \u003cp\u003eIncident Response 222\u003c\/p\u003e \u003cp\u003eData Residency and Privacy 223\u003c\/p\u003e \u003cp\u003eSupply Chain Security 224\u003c\/p\u003e \u003cp\u003eContinuous Compliance and Automation 226\u003c\/p\u003e \u003cp\u003eContainer-Specific Best Practices 227\u003c\/p\u003e \u003cp\u003eCompliance Dashboard 228\u003c\/p\u003e \u003cp\u003eSummary 228\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Case Studies and Real-World Examples in Cloud Container Security 231\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCase Study 1: Netflix’s Adoption of Cloud Containers Security 232\u003c\/p\u003e \u003cp\u003eCase Study 2: Capital One’s Adoption of Zero Trust Security for Cloud Containers 235\u003c\/p\u003e \u003cp\u003eCase Study 3: PayPal’s Adoption of Zero Trust Security for Cloud Containers 238\u003c\/p\u003e \u003cp\u003eCase Study 4: Uber’s Cloud Container Security Implementation 241\u003c\/p\u003e \u003cp\u003eSummary 245\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 The Future of Cloud-Based Container Security 247\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Rise of Advanced Container Orchestration 247\u003c\/p\u003e \u003cp\u003eZero Trust and Container Security 248\u003c\/p\u003e \u003cp\u003eEnhanced Runtime Security and AI Integration 249\u003c\/p\u003e \u003cp\u003eEvolution of Container Image Security 249\u003c\/p\u003e \u003cp\u003eContainer Security as Code 249\u003c\/p\u003e \u003cp\u003eShift-Left Security Paradigm 251\u003c\/p\u003e \u003cp\u003eServerless Containers and Security Implications 251\u003c\/p\u003e \u003cp\u003eCompliance and Regulatory Frameworks 252\u003c\/p\u003e \u003cp\u003eBlockchain and Container Provenance 252\u003c\/p\u003e \u003cp\u003eIncreased Visibility and Observability 253\u003c\/p\u003e \u003cp\u003eQuantum Computing and Container Security 253\u003c\/p\u003e \u003cp\u003eCommunity-Driven Security Standards 253\u003c\/p\u003e \u003cp\u003eBusiness Impact of Container Security Failures 254\u003c\/p\u003e \u003cp\u003eOrganizational Maturity and Operating Models for Container Security 254\u003c\/p\u003e \u003cp\u003eTalent and Skills Gap in Container Security 255\u003c\/p\u003e \u003cp\u003eGlobal Regulations and Data Sovereignty Impact 256\u003c\/p\u003e \u003cp\u003eIntegration with Enterprise Security Ecosystem 256\u003c\/p\u003e \u003cp\u003eFuture Predictions: Autonomous Container Security 256\u003c\/p\u003e \u003cp\u003eSummary 257\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Security Automation and AI in Cloud Container Security 259\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThreat Landscape in Container Environments 260\u003c\/p\u003e \u003cp\u003eFoundations of Security Automation in Container Platforms 260\u003c\/p\u003e \u003cp\u003eIntegrating AI and Machine Learning for Proactive Defense 261\u003c\/p\u003e \u003cp\u003eSecurity Orchestration, Automation, and Response in Cloud-Based Containers 261\u003c\/p\u003e \u003cp\u003eMicrosoft Azure Kubernetes Service Integration with SOAR 262\u003c\/p\u003e \u003cp\u003eGoogle Kubernetes Engine Integration with SOAR 263\u003c\/p\u003e \u003cp\u003eAmazon Elastic Kubernetes Service Integration with SOAR 263\u003c\/p\u003e \u003cp\u003eEnhancing Container Threat Intelligence Feeds with Cloud-Based AI 264\u003c\/p\u003e \u003cp\u003eAzure Kubernetes Service: Proactive Defense with AI-Enhanced Threat Intelligence 265\u003c\/p\u003e \u003cp\u003eGoogle Kubernetes Engine: Threat Intelligence Amplified with Chronicle and AI Correlation 265\u003c\/p\u003e \u003cp\u003eAmazon EKS: Scaling AI-Driven Threat Intelligence in Hyper-Scale Environments 266\u003c\/p\u003e \u003cp\u003eChallenges and Considerations 267\u003c\/p\u003e \u003cp\u003eEnsuring Explainability and Trust in AI Decisions 269\u003c\/p\u003e \u003cp\u003eAddressing the Skills Gap in AI and Automation 269\u003c\/p\u003e \u003cp\u003eBest Practices and Automation Strategies 270\u003c\/p\u003e \u003cp\u003eThe Road Ahead: Future of AI and Automation in Container Security 272\u003c\/p\u003e \u003cp\u003eStrategic Roadmap for Decision-Makers 273\u003c\/p\u003e \u003cp\u003eSummary 274\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Cloud Container Platform Resiliency 275\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHigh Availability and Fault Tolerance in Cloud Container Platforms 276\u003c\/p\u003e \u003cp\u003eDisaster Recovery Strategies for Cloud Container Platform 277\u003c\/p\u003e \u003cp\u003eCore Components of Modern DR Architecture 278\u003c\/p\u003e \u003cp\u003eImplementation Strategies and Best Practices 278\u003c\/p\u003e \u003cp\u003eAdvanced Topics in Container DR 279\u003c\/p\u003e \u003cp\u003eOperational Considerations and Maintenance 279\u003c\/p\u003e \u003cp\u003eFuture Planning 280\u003c\/p\u003e \u003cp\u003eSecurity and Compliance in DR Strategies 280\u003c\/p\u003e \u003cp\u003eResiliency in Multicloud Container Platform Environments 281\u003c\/p\u003e \u003cp\u003eArchitectural Foundations 282\u003c\/p\u003e \u003cp\u003eData Management and Persistence 283\u003c\/p\u003e \u003cp\u003ePlatform Operations and Management 283\u003c\/p\u003e \u003cp\u003eSecurity and Compliance 283\u003c\/p\u003e \u003cp\u003eCost Management and Resource Optimization 284\u003c\/p\u003e \u003cp\u003eDisaster Recovery and Business Continuity 284\u003c\/p\u003e \u003cp\u003eMonitoring and Testing Container Resiliency 285\u003c\/p\u003e \u003cp\u003eSummary 287\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A Glossary of Cloud and Container Security Terms 289\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B Resources for Further Reading on Cloud-Based Containers 299\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFoundational Concepts and Containerization Basics 299\u003c\/p\u003e \u003cp\u003eCloud-Specific Container Services 300\u003c\/p\u003e \u003cp\u003eAdvanced Container Management and Orchestration 301\u003c\/p\u003e \u003cp\u003eBooks and Articles 302\u003c\/p\u003e \u003cp\u003eOnline Courses and Tutorials 302\u003c\/p\u003e \u003cp\u003eSecurity Resources 303\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix c Cloud-Specific Tools and Platforms for Container Security 305\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eMicrosoft Azure Container Security Tools 305\u003c\/p\u003e \u003cp\u003eAmazon Web Services (AWS) Container Security Tools 306\u003c\/p\u003e \u003cp\u003eGoogle Cloud Platform (GCP) Container Security Tools 308\u003c\/p\u003e \u003cp\u003eMulticloud and Open-Source Container Security Tools 309\u003c\/p\u003e \u003cp\u003eIndex 311\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSINA MANAVI\u003c\/b\u003e is the Global Head of Cloud Security and Compliance at DHL IT Services. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eABBAS KUDRATI\u003c\/b\u003e is Asia’s Chief Identity Security Advisor at Silverfort. He is a former Chief Cybersecurity Advisor at Microsoft Asia and a Professor of Practice in Cybersecurity at LaTrobe University, Australia.  \u003c\/p\u003e\u003cp\u003e\u003cb\u003eMUHAMMAD AIZUDDIN ZALI\u003c\/b\u003e is a principal architect and team manager at DHL ITS for Secure Public Cloud Services - Container \u0026amp; Kafka Platform team.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eA hands-on roadmap to securing AWS, GCP, and Azure cloud containers\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eSecuring Cloud Containers: Building and Running Secure Cloud-Native Applications,\u003c\/i\u003e a team of cloud security experts delivers a hands-on guide to securing containerized applications and cloud infrastructure, including Kubernetes. The book offers solutions to the most common obstacles and challenges faced by security professionals, DevOps engineers, and IT architects developing cloud applications. \u003c\/p\u003e\u003cp\u003eYou’ll find step-by-step instructions you can apply immediately to develop secure containers alongside real-world examples of secure, cloud-native applications. The authors provide an accessible introduction to containers and Kubernetes and explain the architecture of containerized applications, best practices for container security, security automation tools, and cloud security AI techniques. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eSecuring Cloud Containers\u003c\/i\u003e offers in-depth discussions of Zero Trust cloud models, walkthroughs of platform-specific tools for Azure, AWS, and GCP, and up-to-date introductions to SecDevOps in cloud-based containers, including frameworks for each of the three major cloud platforms. It’s an invaluable and practical resource for IT system administrators, cloud engineers, cybersecurity and SecDevOps professionals, and other IT and security practitioners looking for an accurate cloud container roadmap that explains the “how” and the “why” of container security on AWS, GCP, and Azure.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989997863141,"sku":"NP9781394333738","price":63.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781394333738.jpg?v=1761786156","url":"https:\/\/k12savings.com\/es\/products\/securing-cloud-containers-isbn-9781394333738","provider":"K12savings","version":"1.0","type":"link"}