Have you found yourself retagging your music collection (like, really who has an offline collection these days?) and how many films and streaming series can you watch before sticking a fork in your eye might be a worthy distraction?

I came across the Google Site Reliability Engineering website and this gem of an O’Reilly publication titled “Building Secure and Reliable Systems”. Sure it’s a PDF but it’s the entire book, all 557 pages free and with the compliments of Google Cloud 🙂

From the Google Cloud blog:

This book was inspired by a couple of fundamental questions: Can a system be considered truly reliable if it isn’t fundamentally secure? Or can it be considered secure if it’s unreliable? At Google, we’ve spent a lot of time considering these concepts. When we published the SRE book (now inducted into a cybersecurity hall of fame!), security was one rather large topic that we didn’t have the bandwidth to delve into, given the already large scope of the book.

Now, in the SRS book, we specifically explore how these concepts are intertwined. Because security and reliability are everyone’s responsibility, this book is relevant for anyone who designs, implements, or maintains systems. We’re challenging the dividing lines between the traditional professional roles of developers, SREs, and security engineers. We argue that everyone should be thinking about reliability and security from the very beginning of the development process, and should be integrating those principles as early as possible into the system life cycle.

In the book, we examine security and reliability through multiple perspectives:

  • Design strategies: For example, best practices to design for understandability, resilience, and recovery, as well as specific design principles such as least privilege
  • Recommendations for coding, testing, and debugging practices
  • Strategies to prepare for, respond to, and recover from incidents
  • Cultural best practices to help teams across your organization collaborate effectively

“Building Secure and Reliable Systems” is available now. You can find a freely downloadable copy on the Google SRE website. You can also purchase a physical copy from your preferred retailer.

Back in “the day” I treasured several of my O’Reilly hardcopy books: Sendmail, DNS and Bind and 802.11 Wireless Networks. In the 2000’s I ran a rack of gear in my home for the fun of it, directly connected to the Internet with ESX Vi firewalls powered by Fedora Linux, hosting my own primary DNS and sendmail with spamassassin, apache, snort probes, x509 based wifi security…fun times. The primitives still haven’t changed though. I was initially surprised that “security” became a separate profession around that time, as to me a system wasn’t ready for commissioning unless it was secure, secure by default and secure by design.

Enjoy the O’Reilly book, it covers many important areas to ensure that systems are both reliable and secure.