Cloud security and privacy

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.



Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking.

Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services Discover which security management frameworks and standards are relevant for the cloud Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider Examine security delivered as a service-a different facet of cloud security

• Preface p. xi
• 1 Introduction p. 1
• ôMind the Gapö p. 1
• The Evolution of Cloud Computing p. 2
• Summary p. 2
• 2 What Is Cloud Computing? p. 7
• Cloud Computing Defined p. 7
• The SPI Framework for Cloud Computing p. 11
• The Traditional Software Model p. 17
• The Cloud Services Delivery Model p. 17
• Cloud Deployment Models p. 22
• Key Drivers to Adopting the Cloud p. 26
• The Impact of Cloud Computing on Users p. 27
• Governance in the Cloud p. 30
• Barriers to Cloud Computing Adoption in the Enterprise p. 30
• Summary p. 34
• 3 Infrastructure Security p. 35
• Infrastructure Security: The Network Level p. 36
• Infrastructure Security: The Host Level p. 44
• Infrastructure Security: The Application Level p. 49
• Summary p. 59
• 4 Data Security and Storage p. 61
• Aspects of Data Security p. 61
• Data Security Mitigation p. 65
• Provider Data and Its Security p. 66
• Summary p. 71
• 5 Identity and Access Management p. 73
• Trust Boundaries and IAM p. 73
• Why IAM? p. 74
• IAM Challenges p. 76
• IAM Definitions p. 76
• IAM Architecture and Practice p. 77
• Getting Ready for the Cloud p. 80
• Relevant IAM Standards and Protocols for Cloud Services p. 82
• IAM Practices in the Cloud p. 92
• Cloud Authorization Management p. 98
• Cloud Service Provider IAM Practice p. 99
• Guidance p. 104
• Summary p. 107
• 6 Security Management In The Cloud p. 109
• Security Management Standards p. 112
• Security Management in the Cloud p. 113
• Availability Management p. 115
• SaaS Availability Management p. 117
• PaaS Availability Management p. 120
• IaaS Availability Management p. 122
• Access Control p. 124
• Security Vulnerability, Patch, and Configuration Management p. 130
• Summary p. 141
• 7 Privacy p. 145
• What is Privacy? p. 146
• What Is the Data Life Cycle? p. 146
• What Are the Key Privacy Concerns in the Cloud? p. 149
• Who Is Responsible for Protecting Privacy? p. 150
• Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing p. 151
• Legal and Regulatory Implications p. 155
• U.S. Laws and Regulations p. 155
• International Laws and Regulations p. 162
• Summary p. 164
• 8 Audit and Compliance p. 167
• Internal Policy Compliance p. 168
• Governance, Risk, and Compliance (GRC) p. 170
• Illustrative Control Objectives for Cloud Computing p. 174
• Incremental CSP-Specific Control Objectives p. 179
• Additional Key Management Control Objectives p. 180
• Control Considerations for CSP Users p. 181
• Regulatory/External Compliance p. 182
• Other Requirements p. 192
• Cloud Security Alliance p. 192
• Auditing the Cloud for Compliance p. 194
• Summary p. 202
• 9 Examples Of Cloud Service Providers p. 203
• Amazon Web Services (laaS) p. 203
• Google (SaaS, PaaS) p. 205
• Microsoft Azure Services Platform (PaaS) p. 206
• Proofpoint (SaaS, laaS) p. 207
• RighiScale (laaS) p. 208
• Salesforce.com (SaaS, PaaS) p. 210
• Sun Open Cloud Platform p. 211
• Workday (SaaS) p. 213
• Summary p. 213
• 10 Security-As-A-[Cloud] Service p. 217
• Origins p. 218
• Today's Offerings p. 220
• Summary p. 223
• 11 The Impact of Cloud Computing on The Role of Corporate It p. 225
• Why Cloud Computing Wilt Be Popular with Business Units p. 226
• Potential Threats of Using CSPs p. 228
• A Case Study Illustrating Potential Changes in the IT Profession Caused by Cloud Computing p. 230
• Governance Factors to Consider When Using Cloud Computing p. 235
• Summary p. 236
• 12 Conclusion and The Future of The Cloud p. 239
• Analyst Predictions p. 240
• Survey Says? p. 242
• Security in Cloud Computing p. 245
• Program Guidance for CSP Customers p. 257
• The Future of Security in Cloud Computing p. 260
• Summary p. 265
• A Sas 70 Report Content Example p. 267
• B Systrust Report Content Example p. 273
• C Open Security Architecture for Cloud Computing p. 279
• Glossary p. 293
• Index p. 299