Buying Options
Cloud Security and Privacy
Print $34.99
Add to Cart
Print+Ebook $38.49
Add to Cart
Ebook $27.99
(Mobi, PDF, ePub)
Add to Cart
Safari Books Online
Add to Cart
What is this?
Print £26.99
Add to Cart
What is this?

Cloud Security and Privacy

An Enterprise Perspective on Risks and Compliance

By
Tim Mather, Subra Kumaraswamy, Shahed Latif
Publisher:
O'Reilly Media
Released:
September 2009
Pages:
336
Description
You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure. This book offers you sound advice from three well-known authorities in the tech security world.
Full Description
Table of Contents

  1. Chapter 1 Introduction

    1. “Mind the Gap”

    2. The Evolution of Cloud Computing

    3. Summary

  2. Chapter 2 What Is Cloud Computing?

    1. Cloud Computing Defined

    2. The SPI Framework for Cloud Computing

    3. The Traditional Software Model

    4. The Cloud Services Delivery Model

    5. Cloud Deployment Models

    6. Key Drivers to Adopting the Cloud

    7. The Impact of Cloud Computing on Users

    8. Governance in the Cloud

    9. Barriers to Cloud Computing Adoption in the Enterprise

    10. Summary

  3. Chapter 3 Infrastructure Security

    1. Infrastructure Security: The Network Level

    2. Infrastructure Security: The Host Level

    3. Infrastructure Security: The Application Level

    4. Summary

  4. Chapter 4 Data Security and Storage

    1. Aspects of Data Security

    2. Data Security Mitigation

    3. Provider Data and Its Security

    4. Summary

  5. Chapter 5 Identity and Access Management

    1. Trust Boundaries and IAM

    2. Why IAM?

    3. IAM Challenges

    4. IAM Definitions

    5. IAM Architecture and Practice

    6. Getting Ready for the Cloud

    7. Relevant IAM Standards and Protocols for Cloud Services

    8. IAM Practices in the Cloud

    9. Cloud Authorization Management

    10. Cloud Service Provider IAM Practice

    11. Guidance

    12. Summary

  6. Chapter 6 Security Management in the Cloud

    1. Security Management Standards

    2. Security Management in the Cloud

    3. Availability Management

    4. SaaS Availability Management

    5. PaaS Availability Management

    6. IaaS Availability Management

    7. Access Control

    8. Security Vulnerability, Patch, and Configuration Management

    9. Summary

  7. Chapter 7 Privacy

    1. What Is Privacy?

    2. What Is the Data Life Cycle?

    3. What Are the Key Privacy Concerns in the Cloud?

    4. Who Is Responsible for Protecting Privacy?

    5. Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing

    6. Legal and Regulatory Implications

    7. U.S. Laws and Regulations

    8. International Laws and Regulations

    9. Summary

  8. Chapter 8 Audit and Compliance

    1. Internal Policy Compliance

    2. Governance, Risk, and Compliance (GRC)

    3. Illustrative Control Objectives for Cloud Computing

    4. Incremental CSP-Specific Control Objectives

    5. Additional Key Management Control Objectives

    6. Control Considerations for CSP Users

    7. Regulatory/External Compliance

    8. Other Requirements

    9. Cloud Security Alliance

    10. Auditing the Cloud for Compliance

    11. Summary

  9. Chapter 9 Examples of Cloud Service Providers

    1. Amazon Web Services (IaaS)

    2. Google (SaaS, PaaS)

    3. Microsoft Azure Services Platform (PaaS)

    4. Proofpoint (SaaS, IaaS)

    5. RightScale (IaaS)

    6. Salesforce.com (SaaS, PaaS)

    7. Sun Open Cloud Platform

    8. Workday (SaaS)

    9. Summary

  10. Chapter 10 Security-As-a-[Cloud] Service

    1. Origins

    2. Today’s Offerings

    3. Summary

  11. Chapter 11 The Impact of Cloud Computing on the Role of Corporate IT

    1. Why Cloud Computing Will Be Popular with Business Units

    2. Potential Threats of Using CSPs

    3. A Case Study Illustrating Potential Changes in the IT Profession Caused by Cloud Computing

    4. Governance Factors to Consider When Using Cloud Computing

    5. Summary

  12. Chapter 12 Conclusion, and the Future of the Cloud

    1. Analyst Predictions

    2. Survey Says?

    3. Security in Cloud Computing

    4. Program Guidance for CSP Customers

    5. The Future of Security in Cloud Computing

    6. Summary

  1. Appendix SAS 70 Report Content Example

    1. Section I: Service Auditor’s Opinion

    2. Section II: Description of Controls

    3. Section III: Control Objectives, Related Controls, and Tests of Operating Effectiveness

    4. Section IV: Additional Information Provided by the Service Organization

  2. Appendix SysTrust Report Content Example

    1. SysTrust Auditor’s OpinionAmerican Institute of Certified Public Accountants (AICPA), Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®), 2006. Available at . [Trust Services Principles]

    2. SysTrust Management Assertion

    3. SysTrust System Description

    4. SysTrust Schedule of Controls

  3. Appendix Open Security Architecture for Cloud Computing

    1. Legend

    2. Description

    3. Key Control Areas

    4. Examples

    5. Assumptions

    6. Typical Challenges

    7. Indications

    8. Contraindications

    9. Resistance Against Threats

    10. References

    11. Control Details

  4. Glossary

  5. Colophon

View Full Table of Contents
Product Details
Title:
Cloud Security and Privacy
By:
Tim Mather, Subra Kumaraswamy, Shahed Latif
Publisher:
O'Reilly Media
Formats:
  • Print
  • Ebook
  • Safari Books Online
Print Release:
September 2009
Ebook Release:
September 2009
Pages:
336
Print ISBN:
978-0-596-80276-9
| ISBN 10:
0-596-80276-5
Ebook ISBN:
978-0-596-80750-4
| ISBN 10:
0-596-80750-3
Customer Reviews
About the Authors

  1. Tim Mather

    Tim Mather is an experienced security professional who is currently pursing a graduate degree in information assurance full-time. He is a frequent speaker and commentator on informa-tion security issues, and serves as an Advisor to several security-related start-ups.

    Most recently, he was the Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec's Office of the Chief Technology Officer, responsible for coordinating the company's long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as Chief Information Security Officer (CISO). As CISO, Tim was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities. He also worked closely with internal products groups on security capabilities in Symantec products.

    Prior to joining Symantec in September 1999, Tim was the Manager of Security at VeriSign. Additionally, he was formerly Manager of Information Systems Security at Apple Computer. Tim's experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C3I) project, which involved both civilian and military departments and agencies.

    Tim is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM). He holds Masters Degrees in National Security Studies from Georgetown University, and International Policy Studies from Monterey Institute of International Studies. Tim holds a Bachelor's Degree in Political Economics from the University of California at Berkeley.

    View Tim Mather's full profile page.

  2. Subra Kumaraswamy

    Subra Kumaraswamy has more than 18 years of engineering and management experience in information security, Internet, and e-commerce technologies. He is currently leading an Identity & Access Management program within Sun Microsystems. Subra has held leadership positions at various Internet-based companies, including Netscape, WhoWhere, Lycos, and Knowledge Networks. He was the cofounder of two Internet-based startups, CoolSync and Zingdata. He also worked at Accenture and the University of Notre Dame in security consulting and software engineering roles. In his spare time, Subra researches emerging technologies such as cloud computing to understand the security and privacy implications for users and enterprises. Subra is one of the authors of Cloud Security and Privacy, which addresses issues that affect any organization preparing to use cloud computing as an option. He's a founding member of the Cloud Security Alliance as well as cochair of the Identity & Access Management and Encryption & Key Management workgroups. Subra has a master's degree in computer engineering and is CISSP certified.

    View Subra Kumaraswamy's full profile page.

  3. Shahed Latif

    Shahed Latif is a partner in KPMG's Advisory practice having extensive IT and business skills. He has over 21 years of experience working with the global fortune 1000 companies focusing on providing business and technology solutions across a variety of areas. Shahed has spent 10 years in the London office working in the financial sector consulting group, Information Risk management group and the assurance practice. He has worked on large global companies giving him the opportunity to have worked in Africa, Asia, and Europe.

    View Shahed Latif's full profile page.

Colophon

The cover image is from Getty Images. The cover fonts are Akzidenz Grotesk and Orator. The text font is Adobe's Meridien; the heading font is ITC Bailey.

  • Book cover of Cloud Security and Privacy
Got a Question?
icons
Favicon Service and support by Satisfaction