Book Review - Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance by Tim Mather, Subra Kumaraswamy, and Shahed Latif
The biggest trend (and some would say hype) in computing today is the cloud... the ability to have software and infrastructure all housed offsite in a flexible way that allows you to instantly scale resources and only pay for what you use. But there are so many questions that this approach raises in terms of security and privacy. Tim Mather, Subra Kumaraswamy, and Shahed Latif take on those questions in their new book Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. Before you decide to put anything "in the cloud" for your organization, you really should read this book in order to fully understand the risks and rewards of moving in that direction.
Introduction; What Is Cloud Computing?; Infrastructure Security; Data Security and Storage; Identity and Access Management; Security Management in The Cloud; Privacy; Audit and Compliance; Examples of Cloud Service Providers; Security-As-A-[Cloud] Service; The Impact of Cloud Computing on The Role of Corporate IT; Conclusion, and The Future of The Cloud; SAS 70 Report Content Example; Systrust Report Content Example; Open Security Architecture For Cloud Computing; Glossary; Index
There's no doubt that moving to the cloud has the potential for saving an organization significant amounts of money. But what good is saving money if you end up with major security/privacy breaches, or if your application is unreachable due to outages? The authors do an excellent job in explaining exactly what makes up a cloud solution, as well as what considerations come into play when you decide to give up control of part of your infrastructure to someone else. As they accurately point out, there are many cloud risks that are also present in on-premise computing solutions, such as redundancy, security, etc. It just so happens that the cloud tends to magnify those risks because you aren't physically able to say exactly where your data is and what the cloud environment looks like. Going through this book helps you understand those risk levels so that you can decide how best to address them *before* you ship your data off to who knows where.
I think I personally appreciated the fact that they didn't attempt to "sell" the cloud as a solution that fits everybody and every situation. There are some instances where a cloud solution may not work due to regulatory reasons, and they point those out. For instance, HIPAA regulations have some very stringent rules on data security and privacy on personal health information. Given that your data stored in the cloud is not physically under your control, you may well find that you would be in violation of HIPAA regs by using a cloud solution without stringent safeguards. You also have no control over the physical medium on which the data is stored. If your cloud provider were to replace a drive in their storage, can you be assured that they have properly wiped the contents so as to not reveal information should the faulty device not be disposed of securely? And how about their backup media... how and where is your data being backed up? *IS* it being backed up? These are the questions you need to be asking before you decide that $5 per person per month is a great deal.
There are no other books that I know of that attempt to deal with this subject as completely and as comprehensively as does Cloud Security and Privacy. You really do owe it to your organization to read this first in order to be able to ask the right questions. Anything less would be highly negligent on your part.
Obtained From: Publisher