Book Title: Securing the Cloud
Subtitle: Cloud Computer Security Techniques and Tactics
Author: Vic (J.R.) Winkler
Date of Publishing: May 2011
Price (UK&US price – full price, not discounted price): £36.99, $59.95
URL of Amazon UK web page: Securing the Cloud: Cloud Computer Security Techniques and Tactics
URL of Amazon UK (Kindle) web page: Securing the Cloud: Cloud Computer Security Techniques and Tactics
URL of Amazon US web page: Securing the Cloud: Cloud Computer Security Techniques and Tactics
URL of Amazon US (Kindle) web page: Securing the Cloud: Cloud Computer Security Techniques and Tactics
In 2010 and 2011, a large number of books were published on both cloud computing and virtualization. So, it was with interest that I started reading this book, if only to establish whether it set the bar high enough on cloud security; more on the answer to that question later.At 290 pages, ‘Securing the Cloud’ provides the reader with a comprehensive overview of cloud security. It consists of 10 chapters, progressing from an introductory chapter, through the architectures and technologies involved in cloud computing, until finally looking at the selection, implementation and operation of a cloud. The book is designed for those professionals or organisations that require a good, high-level framework in which to systemically design security from “cradle to grave”.Chapter 1 introduces the reader to the overall concept of cloud computing in the context of information security. It provides a historical view of the subject matter and describes the evolution from the mainframe computer to the present day. It also begins the journey of explaining the role of virtualisation in cloud computing. Chapter 2 then goes on to describe a number of different cloud computer architectures and service models before Chapter 3 delves into the examination of the risks of using a cloud, along with regulation, legal considerations and, in particular, privacy and confidentiality concerns.Chapters 5, 6 and 7 drill into how you should go about securing a cloud based network solution, for each of the different cloud architectures discussed in the previous chapters. This chapter looks at the security controls one needs to consider during this process, including those you would implement in a “normal” architecture (but with a “cloud” spin). For instance, what does it mean to perform security monitoring in a cloud-based architecture? Chapter 7 provides best-practice guidance on how to implement strategies for effectively managing risk in the cloud.Chapter 8, entitled, ‘Selecting an External Cloud Provider,’ is an extremely useful chapter and readers will find it invaluable. The chapter goes through all of the criteria you should use when selecting a cloud provider. Another very useful chapter is Chapter 9, which provides an information security framework for assessing the security of a cloud. In particular, it provides seventeen individual checklists for evaluating different aspects of cloud security. These checklists could be used either during the procurement cycle, or, indeed, when you are considering an ISO 27001 style of audit of an existing cloud solution. The final chapter discusses running a cloud-based system, looking specifically at topics such as patching, security monitoring, and incident response.
Whilst this is an excellent book, it is, however, not without its faults, which is why I’ve only given it a rating of 4 stars. The most perplexing aspects are the discussions (endnotes) at the end of each chapter and the use of “ibid”. For many readers, this will be confusing, especially when the endnotes at the end of Chapter 2 have three references to the same NIST publication.
Securing the Cloud is the most useful and informative of all the books published to date on cloud security. If you are going to procure a cloud solution, or are already operating a cloud system, I would strongly recommend that you buy a copy.
Marks: 4 out of 5