| Table of Contents |
|---|
...
| Reference_description_with_linked_URLs__________________________ | Notes_________________________________________________________ |
|---|---|
| m Cloud Solutions | |
| m Kubernetes | |
| AWS basics | |
| AWS Solution Architecture | |
| AWS management work 2 | |
| m IBM Cloud | |
| m GCP - Google Cloud | |
| m Azure Cloud | |
| Grokking Coding Interview Patterns in Java | education.io tips |
| https://www.khanacademy.org/ | free good online self study for all high school college courses **** |
| https://www.eweek.com/cloud/at-a-high-level-aws-vs-azure-vs-google-cloud? utm_medium=email&utm_campaign=B2B_NL_WHN_20190807_AR1&mkt_ tok=eyJpIjoiTkdSalpEZzNZamhoTVdVMiIsInQiOiJ3dElRVTIrWXpnbzdUe TVOWE8yc2FMRjhET2xwMnByV0NkMnFFNFFsb1NSM292clA1VlpFMXhw ZGw2ZURGSjBqWnh3UWx3ZHdSV1dZRWJsdE5lNXZDRitYbTNRNmFsSk Jxc3pjOWtZK3d5UWxXYSt2cTdFYW1XQ1h2NkFcLytvdloifQ%3D%3Dfreecodecamp.org/ | good free tech online courses with custom certs, projects *** |
| https://www.udemy.com/ | all tech courses very affordable when on sale **** |
| https://k21academy.com/ | affordable self study courses for cloud cert tests ** |
| devops - cloud webinar library ** | |
| eweek - compare AWS Azure GCP clouds - summary | eweek - compare AWS Azure GCP clouds - summary ** |
| https://www.linkedin.com/pulse/overview-security-postures-azure-aws- christophe-parisel/ | Build Run Pipeline strategies in the Cloud |
| https://www.digitalocean.com/pricing/ | Compare Digitalocean.com pricing to AWS and Azure – Azure is high |
| Processors AWS secret weapon is revolutionizing computing pdf | Processors AWS secret weapon is revolutionizing computing |
| cloud security concepts dzone | |
Key Concepts
eweek - compare AWS Azure GCP clouds - summary
...
This is a high-level comparison of the three major cloud service leaders here in mid-2019. We will be updating this article with new information as it becomes available, and eWEEK will also be examining in closer detail the various services—computing, storage, networking and tools—that each vendor offers.
Cloud Security Concepts
cloud security concepts dzone
cloud-security-dzone-2202-w_defa3108.pdf file
cloud-security-dzone-2202-w_defa3108.pdf link
finserv-cloud-security-101-2023.pdf link
finserv-cloud-security-101-2023.pdf file
TOC
01 Securing customers' money in a cloud-first world..............3
02 Key cloud security solution categories: CSPM,
CIEM, and CWPP
03 What is CSPM?.
04 What is CIEM?
05 What is CWPP?
What is CNAPP?.
CNAPP has you covered.
Six key considerations when evaluating a cloud security solution
#1 Choose an agentless + agent based approach for comprehensive protection
#2 Manage configuration and permission risk..
#3 Identify and prioritize vulnerabilities from source to run........
#4 Enable cloud security monitoring with audit logs.........
#5 Implement runtime detection and response..
#6 Map to the MITRE ATT&CK framework............
Potential Value Opportunities
Potential Challenges
Cloud Short-term vs Long-term Benefits, Costs
https://www.zdnet.com/article/cloud-sticker-shock-were-spending-way-too-much/
Good for startups to lower devops, infrastructure costs BUT
- cloud custom services have a learning
- create cloud vendor locking requiring costs to move applications later ( vs open-source standard stacks with lower migration costs )
- as firms grow, efficient management of services can compete on costs with better flexibility, control than cloud providers in many cases
cloud-enterprise-hybrid-cloud-adoption-management-2024-short.pdf. link
cloud-enterprise-hybrid-cloud-adoption-management-2024-short.pdf file
concepts
strategies
myths
tips
Build Run Pipelines in the Cloud
https://www.linkedin.com/pulse/overview-security-postures-azure-aws-christophe-parisel/
build-run-concepts-2019-linkedin.com-An overview of security postures in Azure and AWS.pdf
Candidate Solutions
ATARC - Advanced Tech Architecture Research Council
Government systems technology focus
NIST - National Institute of Security Technology - issues bulletins on recommended security practices and alerts
FIPS 140.2 - Security Basics Compliance Recommendations for IT systems
Fedramp = standard for security assessment, authorization, monitoring
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant Agency security assessments.
Yes, FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high risk impact levels. Private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception.
CSA - Cloud Security Alliance - Security, Trust, Assurance and Risk (STAR)
Security, Trust, Assurance and Risk (STAR)
The industry's most powerful program for security assurance in the cloud.
The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.
STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It ultimately reduces complexity and helps alleviate the need to fill out multiple customer questionnaires.
Level 1 - self assessment with cloud security standards
Level 2 - audited proof of compliance with cloud security standards
Which organizations should pursue level 2?
Organizations should pursue this level if they are...
- Operating in a medium to high risk environment
- Already hold or adhere to the following: ISO27001, SOC 2, GB/T 22080-2008, or GDPR
- Looking for a cost-effective way to increase assurance for cloud security and privacy.
Step-by-step guide for Example
...