Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) |  | Authors: Tim Mather, Subra Kumaraswamy, Shahed Latif
Publisher: O'Reilly Media
Category: Book
List Price: $34.99
Buy New: $26.39
as of 9/9/2010 04:45 CDT details
You Save: $8.60 (25%)
New (29) Used (16) from $20.59
Seller: davesbooksusa
Rating:  11 reviews
Sales Rank: 22901
Media: Paperback
Edition: 1
Pages: 336
Number Of Items: 1
Shipping Weight (lbs): 1
Dimensions (in): 9.4 x 1.1 x 0.9
ISBN: 0596802765
Dewey Decimal Number: 006.78
EAN: 9780596802769
ASIN: 0596802765
Publication Date: September 22, 2009
Availability: Usually ships in 1-2 business days
| |
| Features:
| • | ISBN13: 9780596802769 | | • | Condition: New | | • | Notes: BUY WITH CONFIDENCE, Over one million books sold! 98% Positive feedback. Compare our books, prices and service to the competition. 100% Satisfaction Guaranteed |
|
| Similar Items:
| |
| Editorial Reviews:
Product Description
You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.
Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking. - Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
- Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
- Discover which security management frameworks and standards are relevant for the cloud
- Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
- Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
- Examine security delivered as a service-a different facet of cloud security
|
| Customer Reviews:
Showing reviews 1-5 of 11
 This should be read before you send anything off "to the cloud"... October 18, 2009
Thomas Duff (Portland, OR United States)
4 out of 5 found this review helpful
The biggest trend (and some would say hype) in computing today is the cloud... the ability to have software and infrastructure all housed offsite in a flexible way that allows you to instantly scale resources and only pay for what you use. But there are so many questions that this approach raises in terms of security and privacy. Tim Mather, Subra Kumaraswamy, and Shahed Latif take on those questions in their new book Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. Before you decide to put anything "in the cloud" for your organization, you really should read this book in order to fully understand the risks and rewards of moving in that direction.
Contents:
Introduction; What Is Cloud Computing?; Infrastructure Security; Data Security and Storage; Identity and Access Management; Security Management in The Cloud; Privacy; Audit and Compliance; Examples of Cloud Service Providers; Security-As-A-[Cloud] Service; The Impact of Cloud Computing on The Role of Corporate IT; Conclusion, and The Future of The Cloud; SAS 70 Report Content Example; Systrust Report Content Example; Open Security Architecture For Cloud Computing; Glossary; Index
There's no doubt that moving to the cloud has the potential for saving an organization significant amounts of money. But what good is saving money if you end up with major security/privacy breaches, or if your application is unreachable due to outages? The authors do an excellent job in explaining exactly what makes up a cloud solution, as well as what considerations come into play when you decide to give up control of part of your infrastructure to someone else. As they accurately point out, there are many cloud risks that are also present in on-premise computing solutions, such as redundancy, security, etc. It just so happens that the cloud tends to magnify those risks because you aren't physically able to say exactly where your data is and what the cloud environment looks like. Going through this book helps you understand those risk levels so that you can decide how best to address them *before* you ship your data off to who knows where.
I think I personally appreciated the fact that they didn't attempt to "sell" the cloud as a solution that fits everybody and every situation. There are some instances where a cloud solution may not work due to regulatory reasons, and they point those out. For instance, HIPAA regulations have some very stringent rules on data security and privacy on personal health information. Given that your data stored in the cloud is not physically under your control, you may well find that you would be in violation of HIPAA regs by using a cloud solution without stringent safeguards. You also have no control over the physical medium on which the data is stored. If your cloud provider were to replace a drive in their storage, can you be assured that they have properly wiped the contents so as to not reveal information should the faulty device not be disposed of securely? And how about their backup media... how and where is your data being backed up? *IS* it being backed up? These are the questions you need to be asking before you decide that $5 per person per month is a great deal.
There are no other books that I know of that attempt to deal with this subject as completely and as comprehensively as does Cloud Security and Privacy. You really do owe it to your organization to read this first in order to be able to ask the right questions. Anything less would be highly negligent on your part.
Disclosure:
Obtained From: Publisher
Payment: Free
THE BLIND MEN AND THE ELEPHANT November 10, 2009
Viken Derderian (Los Angeles, CA)
5 out of 7 found this review helpful
My title is no accident, I heard Marry Ann Davidson CSO of Oracle, use it in an RSA conference referring to cloud computing she also spoke about it in ISF Canada 2009. Where the whole subject has been elevated to theological warfare.
To sort the whole subject out and become familiar with the evolution of cloud computing I searched for a book on the subject and found many. To be fair to the rest of the books out there, I only read one of them, yes you guessed it, Cloud Security and Privacy. Being a security person myself the title had the 2 operative words I needed to see Security and Privacy (and yes, I am shallow).
Oh! yes about the book, this is by far the best book I have read for a long time, what impressed me is the way it is written, there are questions in nearly every chapter, as you read the question you realize that you were thinking that exact question, or you would have if you knew what to think. For example "what is cloud computing?" Ok I know that's given but stay with me; now here are some of the rest of the questions, "What Is Privacy?" I think that is one hell of a question and the answers given by the author are not ground breaking, however "What Is the Data Life Cycle?" "What Are the Key Privacy Concerns in the Cloud? ", "Who Is Responsible for Protecting Privacy?" put all these questions and more together and properly answer them all, you end up with a near masterpiece.
By the end of Chapter 3 you are not only familiar with cloud computing but you are now able to speak IAAS, PAAS, SAAS and actually understand the infrastructure security as it relates to IAAS.
I specially liked Chapter 6. Security management in the cloud, a very well written chapter about security management as it relates to the cloud computing, both ITIL and ISO27001 controls are mapped to the cloud.
Chapter Seven which deals with Privacy is one of the most important chapters, Privacy may be the single most important factor in deciding whether one chooses to use the cloud computing or not. The author includes a very reach sampling of many of the laws related to Privacy acts throughout the glob and yet in the beginning of the chapter you'll find the following dilemma " but although it may be possible to transfer liability via contractual agreements, it is never possible to transfer accountability." -Cloud Security and Privacy. I may argue that this chapter should have been the second chapter of the book.
In conclusion:
I could write a book about this book, but that would not be fair to you (as you may have noticed, I do not have the talent). Simply buy the book and read it yourself, it is not that expensive and it certainly looks more intelligent than those other books you have about Hacking something or other.
Best Fishes and thank you for reading.
Vik
Important and timely topic - excellent coverage October 23, 2009
Wesley H. Higaki (Silicon Valley, USA)
2 out of 3 found this review helpful
Cloud computing is such a hot topic in today's IT world. The business reasons for adopting cloud computing to run SMB and enterprise IT operations is so strong that it is almost inevitable that we will see a movement toward more and more cloud services being offered. Perhaps a dark cloud that hangs over cloud computing is the question of security (and privacy). The authors of "Cloud Security and Privacy" have done an excellend job of describing today's landscape and the security issues swirling around cloud computing. They provide a good mix of perspectives from IT InfoSec to auditor to cloud provider. They provide a clear and organized view of the security challenges. I would recoomend this book for anyone who is thinking about using or providing cloud services.
A great coverage on Cloud security July 24, 2010
Andy Zhang (Washington, DC)
For organizations that are planning going to the cloud, security is usually a top concern. This book has a comprehensive coverage on security--infrastructure security, data and storage security, identity and management. What I liked the most in this book is its coverage on Federated Identity and regulatory compliance. This book can a good resource for people who are planning on cloud computing solutions.
Preparation for the coming cloud reality October 16, 2009
Aaron H. Miller (Mountain View, CA USA)
3 out of 5 found this review helpful
If we learn nothing else from the recent (10/2009) Microsoft/Danger Sidekick data loss and recovery debacle, it should be that with great promise comes great responsibility. While that particular incident post-dated the publication of the book, what the authors accomplish in "Cloud Security & Privacy" is just such a prescient view of the current state of cloud computing. The promises of the cloud vendors must be tempered with a clearer understanding of exactly what we are abdicating responsibility for, for at times privacy, security, and portability are at stake.
I'll be honest, when I first picked up the book, I thought the entire subject too new to warrant book treatment. However, the authors' careful and thorough approach to the build-up to cloud computing presents a convincing case that it has been more a steady evolution than overnight revolution (despite what Benioff might claim). Their inclusion of homomorphic encryption, though brief, shows they are also current, and their frequent citations of reference URLs make for multi-layered and modern self-discovery. So, trends of our current microblogging, texting, instant messaging, email is too slow culture aside, serious topics still deserve serious thought and nothing yet can beat a book for such coverage. In this light, this tome's timely treatment of the subject should be considered required reading for those in the industry, and recommended reading for those with inquisitive minds who store their data in the cloud (not always knowingly).
Some additional, somewhat random comments:
* in a very matter-of-fact, yet approachable and intriguing way, the authors' outline not only the impacts of cloud computing on IT, but expand it into larger society and international government considerations;
* leave it to security experts to hold us accountable for the promises cloud computing provides while grounding it in sound fundamentals and the implications of not building security in;
* if i may inject my own observation here (which seems fair, it is my review after all): despite the wide reach of Java, there have been amazingly few known exploits because the security model was designed in early on and is relatively unobtrusive...let's hope cloud architects follow a similar route.
All in all, a valuable, informative, and timely book that guides with logic and data tempered by experience...well worth your time and hard-earned money. Thank you Tim, Subra, and Shahed!
Showing reviews 1-5 of 11
|
|
|
