Practical Cloud Security: A Guide for Secure Design and Deployment

This is a good book, but it's really just a quick overview of cloud security. I'm merely a developer, not an IT or SecOps pro, and most of this struck me as common sense stuff.It is indeed "practical" in that the book offers a nice guided tour of almost every security consideration a cloud IT/Ops manager should consider, address, or be prepared for, all in a brisk 172 pages. At a very high level (in a mostly provider-agnostic way), the author methodically covers the entire cloud IT ecosystem (storage, compute, networking, monitoring/response, etc.) from a security perspective, and touches on just about every important tech component/protocol/acronym you'll likely to encounter in the wild. He shares a wide range of best practices, tips/advice, gotchas, and more, all in a straightforward style that anyone with moderate tech fluency should easily understand.My only complain about this book is that he barely dips beneath the surface – he shares plenty of strategy, but very little in the way of implementation. Dotson offers a great overview (it reads a lot like a security encyclopedia, actually), and plenty of guidance on _what_ you should do. However, I found myself frustrated by how little he offers around concrete execution; that is, _how_ to do what he's suggesting (he stays provider/vendor/product neutral to a fault). In other words, I DO NOT think "Deployment" should be printed on the books cover, since he doesn't come close to explaining how to actually deploy anything, imho.That said, I do think this is a good book, as long as you know what it offers, and what it doesn't. This book will be most helpful to junior IT/ops folks, or tech execs and product folks not immersed in IT, looking for a very approachable and complete high-level intro to security considerations and best practices. It will also serve well as a handbook/cheatsheet for seasoned security pros who just want a refresher or quick reference to fill in the gaps in their thinking/planning for their own systems.Final word: This is a good intro and overview to cloud security, and will make any reader looking for that happy – but you'll need to do a LOT more reading and work on your own afterwards if you want to put any of this very "practical" advice into practice in your own tech stack.

A well structured approach to cloud security. The title describes the content completely accurate.By studying this book you will understand much better how to set up a proper IT security management strategy for your cloud applications.A must-read for any CISO in the making.

Collected in a concise structure, all key topics in the area. Most interesting for me were the differences form traditional IT approaches.

As the title says, this book is great. It’s mostly geared toward beginners with a birds eye view approach to cloud security but veterans will still find helpful nuggets and information as well. It’s written in a way that makes it way to read along with examples to help digest and understand the various concepts. I deducted one star though because the referenced diagrams look like they were designed with color but printed in grayscale. Consequently all the different shades of grey are extremely difficult to distinguish from each other. Definitely needs to be updated to more clearly show the differences (photo attached to demonstrate the difficulty with the shading). Despite this, it’s still a great book that I recommend to anyone who wants to know more about a practical way to implement cloud security.

I recommend this book. Great topics, well written. Author knows his stuff.