Book Reviews: Information Security Books and Product Reviews – Auditing Cloud Computing

Book Title:  Auditing Cloud Computing

Subtitle: A Security and Privacy Guide

Author: Ben Halpert

Publisher: John Wiley & Sons

Date of Publishing: 26 August 2011

ISBN: 9780470874745

Price:   £45.00


URL of Publisher Site: Wiley Publishing

URL of Amazon UK web page: Auditing Cloud Computing: A Security and Privacy Guide (Wiley Corporate F&A)

URL of Amazon UK (Kindle) web page: Auditing Cloud Computing: A Security and Privacy Guide (Wiley Corporate F&A)

URL of Amazon US web page: Auditing Cloud Computing: A Security and Privacy Guide (Wiley Corporate F&A)

URL of Amazon US (Kindle) web page:  Auditing Cloud Computing: A Security and Privacy Guide (Wiley Corporate F&A)

In my experience, the subject of this book, ‘Cloud Computing,’ is one that tends to polarize views amongst those in the Information Security and Information Assurance communites; with some believing it is a necessary evil and others that it is something to be avoided at all costs. It all comes down to trust: * Where is the data stored exactly? * Who has (or will have) access to it? * Is it properly protected? * Is the data segregated? * Is it encrypted? * Will I always get access to it when I need it?These are just some of the issues surrounding the use of this kind of service, and ‘Auditing Cloud Computing’ goes a long way to help the reader gain sufficient knowledge to ensure he or she gets the answers to these and other significant questions related to storing and managing data in the cloud.The Cloud is a very topical subject at this time. As organizations seek to cut costs in all areas, in particular the ever-increasing need for large quantities of storage, the facilities offered by the Cloud appear more and more attractive. However, as this book points out, there are potentially significant downsides to using the Cloud.  Whilst it may make financial sense to offload the costs associated with the storage and management of data to someone else, if things go wrong, the reputational damage caused by a data breach is unlikely to impact the service provider anywhere near the same extent as the originator/owner of the data. For this reason alone, it makes sense to do all you can to minimize the potential for mistakes; and this book helps by providing sufficient information to sort the wheat from the chaff when it comes to choosing your cloud provider.‘Auditing Cloud Computing’ is aimed primarily at IT Auditors and other IT professionals with audit or information security responsibilities and, through the use of a range of case studies, it provides practical examples and methods for evaluating the security and privacy arrangements of Cloud service providers.The book outlines the history, relevant definitions, deployment models, and challenges of Cloud Computing. The author explains what to expect when creating an audit program for Cloud environments and critically how to implement, extend, and maintain a governance program for ongoing Cloud activities.The author covers cross-Cloud deployments (as even Cloud providers subcontract provision), Cloud-based IT delivery and support, architecture considerations and both Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) aspects associated with Cloud Computing.The reader is presented with key information and practical guidance that helps build a picture of the type of audit necessary security and privacy practices (pointing out the difference between the ‘must haves’ and ‘nice to have’) that should help significantly when choosing to use (or not to use) particular Cloud service providers.I found the information contained within the book to be up-to-date and relevant at this time, including the latest best practice with respect to auditing and assessing assurance and compliance in information technology.

The author has taken some time to ensure the book will appeal to all readers, regardless of country or origin, although at times the book does stray into Americanisms in terms of the syntax, case-studies and legal references

This book will not make the choice of whether to use or not Cloud services for you. What it will do, however, is provide enough information to enable you to ask the right questions.

Knowledge is power, and if you know what to look for and how best to utilize what’s on offer, whilst at the same time being able to effectively manage your data security expectations, you will be better placed to make an informed decision, – a decision that is based on fact, not hype

Marks: 4 out of 5