You are previewing Above the Clouds: Managing Risk in the World of Cloud Computing.
O'Reilly logo
Above the Clouds: Managing Risk in the World of Cloud Computing

Book Description

If you are interested in ways to make your business more efficient, then Cloud Computing may be just what you have been looking for.

Table of Contents

  1. Copyright
  2. Preface
    1. What is Cloud Computing?
    2. Shared service model
    3. Computing as a commodity service
    4. Simplicity versus complexity
    5. Data center efficiency
    6. The way ahead
  3. About the Author
  4. Acknowledgements
  5. Introduction
    1. Virtualization
    2. Time slice
    3. Hypervisor
    4. Public, private, community and hybrid Clouds
      1. Public Clouds
      2. Private Clouds
      3. Community Clouds
    5. SaaS, IaaS and PaaS
      1. Software as a service
      2. Platform as a service
      3. Infrastructure as a service
    6. Disruptive technology
    7. Trusting the Cloud: stop, go or caution
  6. 1. Setting Course to the Clouds
    1. Renting versus owning infrastructure
    2. Scalability
    3. The larger they are, the less likely they are to fall
    4. Going virtual
    5. Cloud platforms and rapid system prototyping
    6. Consolidating low-use applications
    7. Patch management services
    8. Cloud backup
    9. Cloud bursting: surge capacity
    10. Desktop office suites
    11. Symphony
    12. Zoho Office for SharePoint®
    13. Google™ Docs
    14. Crowdsourcing and social networking
    15. The operating system
    16. Green computing: power and the grid
    17. Major benefits of Cloud Computing
    18. Core competencies of the data center staff
    19. Increased utilization
    20. 24/7 watch centers
    21. Enhanced recovery through server and data replication
    22. Free staff time
    23. Capital expenses replaced with operational expenses
    24. External certification and quality of service
  7. 2. Preflight Check
    1. Computing as a utility
    2. Elasticity
    3. Capacity requirements
    4. Baseline service levels
    5. In-sourcing
    6. Targeting legacy systems
    7. Planning for staff transition
    8. Avoiding self-inflicted wounds
    9. Economies of scale
    10. Bigger pipes are better
    11. Moving big iron (mainframes) to the Clouds
    12. Storage in the Cloud
    13. Bandwidth and try it before you buy it
    14. Instant test beds
    15. Reduce the scope of the implementation
    16. Pod computing reduces configuration time
    17. Project management versus ad hoc
    18. Elasticity reduces need for capacity planning
    19. Calculating cost benefit
  8. 3. Taxi Runway
    1. Start-up risks
    2. Choosing a service provider
    3. Types of Cloud services
      1. Software as a service
      2. Platform as a service
      3. Infrastructure as a service
      4. Everything as a service
    4. Risk assessment and gap analysis
    5. Certifications - caveat emptor, let the buyer beware!
      1. Data center certification
      2. Certainty
    6. Measuring service levels
      1. Agreements limit your liability
    7. Latency
    8. User expectations and response time
    9. Culture of compliance
      1. Exercise versus audit
      2. External audit
    10. Early adoption techniques
      1. Air-gapping networks
      2. Private Clouds
    11. Human resources and background checks
    12. Infrastructure
    13. Multi-tenancy
    14. Avoiding miscommunication with the service provider
      1. Build understanding before you start
      2. Communicating your needs
      3. Agreeing on service levels: the legal frameworks for Cloud Computing
    15. Reduce the risk by converting only new applications
    16. Have an exit strategy
    17. One size does not fit all
    18. People again
      1. What controls does the service provider have in place?
      2. Learning management systems
      3. Company security policies
    19. Disaster recovery and business continuity planning
    20. Depth on the bench
    21. Separation of duties and need to know
    22. Financial health of the service provider
    23. Financial risk
  9. 4. Tower Clearance
    1. Organizational impact: what would happen if?
    2. Mitigation strategies: what can we do to lessen impact?
    3. Continuity plans: keep going if the worst happens
      1. Testing the continuity plan
    4. External versus internal hosting providers
      1. Private Clouds
      2. Public Clouds: there is an app for that
      3. Smart services
      4. Hybrid Clouds
      5. Client defenses
    5. Strategies for managing change
    6. Break the project into smaller parts for pilot projects
    7. Progressive elaboration
    8. Testing
      1. Use case testing
      2. Test scripts
      3. Tabletop testing
      4. Documentation of testing
      5. Risk of loss versus testing costs
    9. Certification of data centers
    10. Pick on the little guy
    11. Continuity of operations planning
    12. Protecting data with encryption
    13. Unencrypted data protection
    14. Data loss prevention
    15. Stay in touch with the Cloud!
    16. People, process, and then technology
    17. Certifications matter
  10. 5. Securing the Cabin
    1. Recognize the risk in order to avoid the consequences
    2. Defense in depth strategies
    3. Cloud security operation centers
    4. User provisioning
    5. Security and authentication in the Cloud
  11. 6. Take Off
    1. If it’s on the Internet, it belongs in the Cloud
    2. E-mail in the Clouds
    3. Linking to expertise
    4. Reducing the noise
    5. Attack surfaces multiply
    6. Security in the Cloud
    7. Server logs
    8. Linking systems dynamically
    9. Mashups
    10. Privacy versus security
    11. Organizing the Cloud environment
    12. The portal model
    13. Pilot projects
    14. Backing up the Cloud
      1. Building in resiliency
      2. Data recovery testing
      3. Business continuity testing
    15. What value is added by the Cloud?
    16. Complexity equals inherent risk
    17. Reduce the complexity of the organization
    18. E-mail service and web hosting
    19. Cloud-based enterprise applications
    20. Using Web 2.0 to support internal clients
    21. Frameworks for process improvement
    22. Quality of service and net neutrality
    23. Data loss prevention
      1. Assessing the risk
      2. Organizational impact assessment
      3. Continuity plans
  12. 7. Above the Clouds
    1. Transition
    2. Convergence
    3. The paradigm of the automated teller machine
    4. Trading functionality for security
    5. Staged conversion: parallel testing
  13. ITG Resources
    1. Other Websites
    2. Pocket Guides
    3. Toolkits
    4. Best Practice Reports
    5. Training and Consultancy
    6. Newsletter