In This Part

• Chapter 13: Monitoring Cloud Operations
• Chapter 14: Cloud Guardianship
• Chapter 15: Cloud Auditing
• Chapter 16: AWS Cloud Storage

In this section, we deviate almost entirely from the workload aspects of Cloud Native security, which involve our containerized applications, and focus on what has commonly been referred to recently as cloud security posture management (CSPM). In other words, these chapters pay close attention to the cloud platform that applications will run upon, often in parts referred to as infrastructure as a service (IaaS). The key facets explored include the operational perspective of running cloud infrastructure, monitoring what resources are running, and noting how they are interacting both internally and publicly.

Additionally, because it soon becomes clear that there are simply too many static configuration options and running configuration options to tweak for compliance manually, this section looks at sophisticated automation around policies that you can customize to meet your own requirements.

And, once your policies are set live, we continue to look at examining, in detail, precisely what the status of your cloud infrastructure is from an auditing perspective.

Finally, this section looks at an all-too-common area that allows for data leaks to take place from organizations and examines permissions around cloud storage. Although AWS is used throughout this section, there are common operational, configuration, and storage concerns within Azure and Google Cloud, so knowledge can be transposed with relative ease in many cases.