You are previewing Cloud Computing: Assessing the Risks.
O'Reilly logo
Cloud Computing: Assessing the Risks

Book Description

Do you trust the Cloud? Should you trust the Cloud?

'Cloud Computing' are the words on everyone's lips – it's the latest technology, the way forward. But how safe is it? Is it reliable? How secure will your information be?

Questions ...

Cloud Computing: Assessing the risks answers these questions and many more. Using jargon-free language and relevant examples, analogies and diagrams, it is an up-to-date, clear and comprehensive guide the security, governance, risk, and compliance elements of Cloud Computing.

Written by three internationally renowned experts, this book discusses the primary concerns of most businesses leaders – the security and risk elements of the Cloud. But 'security and risk' are just two elements of Cloud Computing, and this book focuses on all the critical components of a successful cloud programme including – compliance, risk, reliability, availability, areas of responsibility, Cloud Computing borders, legalities, digital forensics and business continuity. This book covers them all.

... and answers

This book will enable you to:

  • understand the different types of Cloud and know which is the right one for your business
  • have realistic expectations of what a Cloud service can give you, and enable you to manage it in the way that suits your business
  • minimise potential disruption by successfully managing the risks and threats
  • make appropriate changes to your business in order to seize opportunities offered by Cloud
  • set up an effective governance system and benefit from the consequential cost savings and reductions in expenditure
  • understand the legal implications of international data protection and privacy laws, and protect your business against falling foul of such laws
  • know how Cloud can benefit your business continuity and disaster recovery planning.
  • What others are saying about this book …

    "I am convinced that you will find equal delight in absorbing the sage advice and pragmatic guidance that the team offers in this book and look forward to seeing it perched on the shelves amongst my other go-to guides for Cloud Computing." Christopher Hoff

    "… It should be a most welcome read to any senior stakeholders looking to embrace the new Cloud Computing wave." Eugene Kaspersky, Chairman and CEO, Kaspersky Lab

    "Remarkable work of synthesis performed by the authors, this book is a must-have for anyone willing to have both a clear and pragmatic approach, as well as a better understanding of impacts on business when dealing with Cloud Computing." Ludovic Petit, Chief Information Security Officer, SFR

    Table of Contents

    1. Cover
    2. Title
    3. Copyright
    4. Foreword
    5. About the Authors
    6. Acknowledgements
    7. Contents
    8. Chapter 1: Cloud Computing Explained
      1. The potential of Cloud Computing
      2. Cloud Computing defined
      3. Key characteristics of Cloud Computing
      4. Characteristic One: On-demand self-service
      5. Characteristic Two: Broad network access
      6. Characteristic Three: Resource pooling
      7. Characteristic Four: Rapid elasticity
      8. Characteristic Five: Measured service
      9. Summary of Cloud Computing characteristics
      10. Cloud Computing definition summary
      11. What The New York Times tells us about Cloud Computing
    9. Chapter 2: How Cloud Computing Changes Security, Governance, Risk and Compliance
      1. Relationship between security, compliance and risk
      2. Governance, compliance and risk in a Cloud environment
      3. Security in a Cloud Computing environment
      4. Conclusion
    10. Chapter 3: Governance of Cloud Computing
      1. Which governance framework is right for Cloud?
      2. Role of the service catalogue
      3. Dude, where’s my server? (The need for policy management)
      4. Conclusion
    11. Chapter 4: Cloud Computing Top Security Risks
      1. Security – the shift from static to dynamic
      2. Breakdown of security assumptions
      3. Conclusion
    12. Chapter 5: Assessing Security in the Cloud
      1. Assessing Cloud security
      2. Peeking below the trust boundary
      3. The challenge of evaluation
      4. Role of certification
      5. Certifications and audits
      6. Mapping the CAI and CCM to the security stack
      7. Conclusion
    13. Chapter 6: Cloud Computing Application Security
      1. Identity management and role-based access controls
      2. Network security
      3. Data security
      4. Instance security
      5. Application architecture and deployment topology
      6. Code update and patch management
      7. Conclusion
    14. Chapter 7: Organisational Risks Associated with Cloud Computing
      1. Organisational risks of Cloud Computing
      2. Cloud Computing does and doesn’t change everything
      3. Impact of Cloud Computing on executive decision-making roles
      4. Impact of Cloud Computing on traditional IT roles
      5. Instituting DevOps
      6. Developing for a multi-tenant universe
      7. The runaway train: Cloud sprawl
      8. Delivering IT-as-a-Service
    15. Chapter 8: Business Continuity and Disaster Recovery in Cloud Computing
      1. Business continuity overview
      2. Disaster recovery overview
      3. Differences between Cloud vs. traditional BC and DR
      4. SaaS business continuity challenges
      5. PaaS business continuity challenges
      6. IaaS business continuity challenges
      7. Possible benefits
      8. Possible issues and challenges
      9. Important considerations
      10. What to ask your Cloud provider
      11. Cloud-based BC and DR offerings
      12. Restructuring plans and procedures
      13. Testing and walkthrough of updated plans
      14. Recent business continuity/disaster recovery case study
    16. Chapter 9: Investigations and Forensics in the Cloud
      1. Forensics overview
      2. Forensics: what has changed?
      3. Who conducts these investigations?
      4. Forensic procedures and requirements
      5. Forensic investigations vs. analysis
      6. Traditional forensics vs. Cloud forensics
      7. Data in transit
      8. Encryption and investigations
      9. Custom Cloud APIs
      10. Cloud solution forensic tools
      11. In summary
    17. Chapter 10: Cloud Computing Borders – National and International Deployment 244
      1. Data location
      2. Legislation and regulatory (including privacy)
      3. Data protection and data privacy
      4. Data retention
      5. EU Data Protection/Privacy
      6. Recent reporting trends
      7. European Privacy Directive 2002/58/EC
      8. Current EU data protection and privacy challenges
      9. Where to next for EU data protection?
      10. United States data protection and privacy
      11. International privacy at a glance (USA/EU/APEC)
      12. Guidelines for success
      13. In summary
    18. Chapter 11: Evaluating Compliance in the Cloud
      1. Compliance overview
      2. Need for compliance functions
      3. Compliance vs. internal audit
      4. Value of compliance done correctly
      5. Cloud first – compliance second?
      6. What changes for compliance functions?
      7. Who is responsible for what?
      8. Compliance strategy and framework
      9. The domino effect
      10. Governance
      11. Regulatory challenges
      12. Cost of compliance (or non-compliance!)
      13. Cloud Computing standards and compliance
      14. Recent trends and surveys
      15. Segregation of duties
      16. SOD in Cloud environments
      17. Where to start?
    19. Chapter 12: Where Cloud Computing is Heading
    20. ITG Resources