Skip to content

Additional Content

We've provided additional content to accompany the book.

Attribution

The book and additional content is here to help you get your job done. If you wish to use content, and that use falls outside the scope of Fair Use Guidelines, (such as selling or distributing content from O'Reilly books, using content in a course or incorporating a significant amount of material from this book into your product's documentation), please reach out to O'Reilly for permission, at permissions@oreilly.com.

The authors ask that you provide an attribution for any diagram that you re-use. An attribution usually includes the title and authors. For example: "Security Architecture for Hybrid Cloud. Copyright 2024 Mark Buckwell, Stefaan Van daele, and Carsten Horst."

Book Exercises

Some additional quiz questions and answers are available for you to use.

  1. Summative Exercises
  2. Extended Exercises Solutions

Laptop Stickers

We created an image to print some laptop stickers. You are welcome to use the image to create your own.

Sticker image

Laptop Sticker Image [full size for printing]

If you have some ideas for more stickers, please let Mark know.

Book Images

Selected high-resolution images from the book are hosted here for you to use.

Change of Style

To fit the O'Reilly style guide and printing requirements, the architecture diagrams have been changed from our original format. You can find those diagrams in their original format here.

The page shows smaller images optimised for web viewing and the full print image can be viewed by clicking on the [full size] link at bottom of each image.

Chapter 1 - Introduction

Figure 1-4. Artifact Dependency Diagram

Figure 1-4. Artifact Dependency Diagram [full size]

Figure 1-6. Architectural Thinking for Security Framework

Figure 1-6. Architectural Thinking for Security Framework [full size]

Chapter 2 - Architecture Concepts

Figure 2-6. Enterprise Security Architecture Domains

Figure 2-6. Enterprise Security Architecture Domains [full size]

Chapter 5 - System Context

Figure 5-5. Technical Design Diagram Notation

Figure 5-5. Technical Design Diagram Notation [full size]

Figure 5-7. Case Study System Context

Figure 5-7. Case Study System Context [full size]

Chapter 6 - Application Security

Figure 6-8. Case Study Component Architecture

Figure 6-8. Case Study Component Architecture [full size]

Figure 6-10. Example Component Architecture with Trust Boundaries

Figure 6-10. Example Component Architecture with Trust Boundaries [full size]

Figure 6-12. Data Flow Considerations

Figure 6-12. Data Flow Considerations [full size]

Figure 6-13. Example Threat Model Diagram

Figure 6-13. Example Threat Model Diagram [full size]

Figure 6-16. Case Study Threat Model

Figure 6-16. Case Study Threat Model [full size]

Chapter 8 - Infrastructure Security

Figure 8-5. Communication paths for zero trust use cases

Figure 8-5. Communication paths for zero trust use cases [full size]

Figure 8-6. Deployment Architecture Diagram - Network Segments

Figure 8-6. Deployment Architecture Diagram - Network Segments [full size]

Figure 8-7. Deployment Architecture Diagram

Figure 8-7. Deployment Architecture Diagram [full size]

Figure 8-8. ZTNA versus micro-segmentation

Figure 8-8. ZTNA versus micro-segmentation [full size]

Figure 8-10. Zero trust based solutions added to the architecture

Figure 8-10. Zero trust based solutions added to the architecture [full size]

Figure 8-11. Simplified Cloud Architecture Diagram

Figure 8-11. Simplified Cloud Architecture Diagram [full size]

Figure 8-12. Case Study Cloud Architecture Diagram

Figure 8-12. Case Study Cloud Architecture Diagram [full size]

Chapter 9 - Architecture Patterns and Decisions

Figure 9-9. Deployment Architecture Diagram with WAF

Figure 9-9. Deployment Architecture Diagram with WAF [full size]

Chapter 11 - Security Operations

Figure 11-11. Vulnerability Scanning Proxy Update

Figure 11-11. Vulnerability Scanning Proxy Update [full size]