Tim Mather, Subra Kumaraswamy, Shahed Latif
Cloud Security and Privacy
An Enterprise Perspective on Risks and Compliance
Tim Mather, Subra Kumaraswamy, Shahed Latif
Cloud Security and Privacy
An Enterprise Perspective on Risks and Compliance
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.
Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn…mehr
Andere Kunden interessierten sich auch für
- John ViegaThe Myths of Security27,99 €
- Manisha Kumari DeepCloud Computing. DDoS, Blockchain, Regulation and Compliance17,95 €
- Sarah Ali SiddiquiOn the Road to Resilience91,99 €
- Bryan BurnsSecurity Power Tools52,99 €
- John HoopesVirtualization for Security69,99 €
- Security Issues and Threats in Ubiquitous Computing163,99 €
- Mansura HabibaHybrid Cloud Infrastructure and Operations Explained56,99 €
-
-
-
You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.
Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking.
Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
Discover which security management frameworks and standards are relevant for the cloud
Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
Examine security delivered as a service-a different facet of cloud security
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking.
Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
Discover which security management frameworks and standards are relevant for the cloud
Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
Examine security delivered as a service-a different facet of cloud security
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Theory In Practice
- Verlag: O'Reilly Media
- Seitenzahl: 334
- Erscheinungstermin: 3. November 2009
- Englisch
- Abmessung: 233mm x 179mm x 25mm
- Gewicht: 548g
- ISBN-13: 9780596802769
- ISBN-10: 0596802765
- Artikelnr.: 26551160
- Theory In Practice
- Verlag: O'Reilly Media
- Seitenzahl: 334
- Erscheinungstermin: 3. November 2009
- Englisch
- Abmessung: 233mm x 179mm x 25mm
- Gewicht: 548g
- ISBN-13: 9780596802769
- ISBN-10: 0596802765
- Artikelnr.: 26551160
Tim Mather is an experienced security professional who is currently pursing a graduate degree in information assurance full-time. He is a frequent speaker and commentator on informa-tion security issues, and serves as an Advisor to several security-related start-ups. Most recently, he was the Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec's Office of the Chief Technology Officer, responsible for coordinating the company's long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as Chief Information Security Officer (CISO). As CISO, Tim was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities. He also worked closely with internal products groups on security capabilities in Symantec products. Prior to joining Symantec in September 1999, Tim was the Manager of Security at VeriSign. Additionally, he was formerly Manager of Information Systems Security at Apple Computer. Tim's experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C3I) project, which involved both civilian and military departments and agencies. Tim is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM). He holds Masters Degrees in National Security Studies from Georgetown University, and International Policy Studies from Monterey Institute of International Studies. Tim holds a Bachelor's Degree in Political Economics from the University of California at Berkeley. Subra Kumaraswamy has more than 18 years of engineering and management experience in information security, Internet, and e-commerce technologies. He is currently leading an Identity & Access Management program within Sun Microsystems. Subra has held leadership positions at various Internet-based companies, including Netscape, WhoWhere, Lycos, and Knowledge Networks. He was the cofounder of two Internet-based startups, CoolSync and Zingdata. He also worked at Accenture and the University of Notre Dame in security consulting and software engineering roles. In his spare time, Subra researches emerging technologies such as cloud computing to understand the security and privacy implications for users and enterprises. Subra is one of the authors of Cloud Security and Privacy, which addresses issues that affect any organization preparing to use cloud computing as an option. He's a founding member of the Cloud Security Alliance as well as cochair of the Identity & Access Management and Encryption & Key Management workgroups. Subra has a master's degree in computer engineering and is CISSP certified. Shahed Latif is a partner in KPMG's Advisory practice having extensive IT and business skills. He has over 21 years of experience working with the global fortune 1000 companies focusing on providing business and technology solutions across a variety of areas. Shahed has spent 10 years in the London office working in the financial sector consulting group, Information Risk management group and the assurance practice. He has worked on large global companies giving him the opportunity to have worked in Africa, Asia, and Europe.
Inhaltsverzeichnis
Chapter 1 Introduction
Mind the Gap
The Evolution of Cloud Computing
Summary
Chapter 2 What Is Cloud Computing?
Cloud Computing Defined
The SPI Framework for Cloud Computing
The Traditional Software Model
The Cloud Services Delivery Model
Cloud Deployment Models
Key Drivers to Adopting the Cloud
The Impact of Cloud Computing on Users
Governance in the Cloud
Barriers to Cloud Computing Adoption in the Enterprise
Summary
Chapter 3 Infrastructure Security
Infrastructure Security: The Network Level
Infrastructure Security: The Host Level
Infrastructure Security: The Application Level
Summary
Chapter 4 Data Security and Storage
Aspects of Data Security
Data Security Mitigation
Provider Data and Its Security
Summary
Chapter 5 Identity and Access Management
Trust Boundaries and IAM
Why IAM?
IAM Challenges
IAM Definitions
IAM Architecture and Practice
Getting Ready for the Cloud
Relevant IAM Standards and Protocols for Cloud Services
IAM Practices in the Cloud
Cloud Authorization Management
Cloud Service Provider IAM Practice
Guidance
Summary
Chapter 6 Security Management in the Cloud
Security Management Standards
Security Management in the Cloud
Availability Management
SaaS Availability Management
PaaS Availability Management
IaaS Availability Management
Access Control
Security Vulnerability, Patch, and Configuration Management
Summary
Chapter 7 Privacy
What Is Privacy?
What Is the Data Life Cycle?
What Are the Key Privacy Concerns in the Cloud?
Who Is Responsible for Protecting Privacy?
Changes to Privacy Risk Management and Compliance in Relation to
Cloud Computing
Legal and Regulatory Implications
U.S. Laws and Regulations
International Laws and Regulations
Summary
Chapter 8 Audit and Compliance
Internal Policy Compliance
Governance, Risk, and Compliance (GRC)
Illustrative Control Objectives for Cloud Computing
Incremental CSP-Specific Control Objectives
Additional Key Management Control Objectives
Control Considerations for CSP Users
Regulatory/External Compliance
Other Requirements
Cloud Security Alliance
Auditing the Cloud for Compliance
Summary
Chapter 9 Examples of Cloud Service Providers
Amazon Web Services (IaaS)
Google (SaaS, PaaS)
Microsoft Azure Services Platform (PaaS)
Proofpoint (SaaS, IaaS)
RightScale (IaaS)
Salesforce.com (SaaS, PaaS)
Sun Open Cloud Platform
Workday (SaaS)
Summary
Chapter 10 Security-As-a-[Cloud] Service
Origins
Today s Offerings
Summary
Chapter 11 The Impact of Cloud Computing on the
Role of Corporate IT
Why Cloud Computing Will Be Popular with Business Units
Potential Threats of Using CSPs
A Case Study Illustrating Potential Changes in the IT Profession
Caused by Cloud Computing
Governance Factors to Consider When Using Cloud Computing
Summary
Chapter 12 Conclusion, and the Future of the Cloud
Analyst Predictions
Survey Says?
Security in Cloud Computing
Program Guidance for CSP Customers
The Future of Security in Cloud Computing
Summary
Appendix SAS 70 Report Content Example
Section I: Service Auditor s Opinion
Section II: Description of Controls
Section III: Control Objectives, Related Controls, and Tests of Operating Effectiveness
Section IV: Additional Information Provided by the Service
Organization
Appendix SysTrust Report Content Example
SysTrust Auditor s OpinionAmerican Institute of Certified Public Accountants (AICPA),
Trust Services Principles, Criteria and Illustrations for Security,
Availability, Processing Integrity, Confidentiality, and Privacy
(Including WebTrust® and SysTrust®), 2006. Available at . [Trust Services
Principles]
SysTrust Management Assertion
SysTrust System Description
SysTrust Schedule of Controls
Appendix Open Security Architecture for Cloud
Computing
Legend
Description
Key Control Areas
Examples
Assumptions
Typical Challenges
Indications
Contraindications
Resistance Against Threats
References
Control Details
Glossar
Chapter 1 Introduction
Mind the Gap
The Evolution of Cloud Computing
Summary
Chapter 2 What Is Cloud Computing?
Cloud Computing Defined
The SPI Framework for Cloud Computing
The Traditional Software Model
The Cloud Services Delivery Model
Cloud Deployment Models
Key Drivers to Adopting the Cloud
The Impact of Cloud Computing on Users
Governance in the Cloud
Barriers to Cloud Computing Adoption in the Enterprise
Summary
Chapter 3 Infrastructure Security
Infrastructure Security: The Network Level
Infrastructure Security: The Host Level
Infrastructure Security: The Application Level
Summary
Chapter 4 Data Security and Storage
Aspects of Data Security
Data Security Mitigation
Provider Data and Its Security
Summary
Chapter 5 Identity and Access Management
Trust Boundaries and IAM
Why IAM?
IAM Challenges
IAM Definitions
IAM Architecture and Practice
Getting Ready for the Cloud
Relevant IAM Standards and Protocols for Cloud Services
IAM Practices in the Cloud
Cloud Authorization Management
Cloud Service Provider IAM Practice
Guidance
Summary
Chapter 6 Security Management in the Cloud
Security Management Standards
Security Management in the Cloud
Availability Management
SaaS Availability Management
PaaS Availability Management
IaaS Availability Management
Access Control
Security Vulnerability, Patch, and Configuration Management
Summary
Chapter 7 Privacy
What Is Privacy?
What Is the Data Life Cycle?
What Are the Key Privacy Concerns in the Cloud?
Who Is Responsible for Protecting Privacy?
Changes to Privacy Risk Management and Compliance in Relation to
Cloud Computing
Legal and Regulatory Implications
U.S. Laws and Regulations
International Laws and Regulations
Summary
Chapter 8 Audit and Compliance
Internal Policy Compliance
Governance, Risk, and Compliance (GRC)
Illustrative Control Objectives for Cloud Computing
Incremental CSP-Specific Control Objectives
Additional Key Management Control Objectives
Control Considerations for CSP Users
Regulatory/External Compliance
Other Requirements
Cloud Security Alliance
Auditing the Cloud for Compliance
Summary
Chapter 9 Examples of Cloud Service Providers
Amazon Web Services (IaaS)
Google (SaaS, PaaS)
Microsoft Azure Services Platform (PaaS)
Proofpoint (SaaS, IaaS)
RightScale (IaaS)
Salesforce.com (SaaS, PaaS)
Sun Open Cloud Platform
Workday (SaaS)
Summary
Chapter 10 Security-As-a-[Cloud] Service
Origins
Today s Offerings
Summary
Chapter 11 The Impact of Cloud Computing on the
Role of Corporate IT
Why Cloud Computing Will Be Popular with Business Units
Potential Threats of Using CSPs
A Case Study Illustrating Potential Changes in the IT Profession
Caused by Cloud Computing
Governance Factors to Consider When Using Cloud Computing
Summary
Chapter 12 Conclusion, and the Future of the Cloud
Analyst Predictions
Survey Says?
Security in Cloud Computing
Program Guidance for CSP Customers
The Future of Security in Cloud Computing
Summary
Appendix SAS 70 Report Content Example
Section I: Service Auditor s Opinion
Section II: Description of Controls
Section III: Control Objectives, Related Controls, and Tests of Operating Effectiveness
Section IV: Additional Information Provided by the Service
Organization
Appendix SysTrust Report Content Example
SysTrust Auditor s OpinionAmerican Institute of Certified Public Accountants (AICPA),
Trust Services Principles, Criteria and Illustrations for Security,
Availability, Processing Integrity, Confidentiality, and Privacy
(Including WebTrust® and SysTrust®), 2006. Available at . [Trust Services
Principles]
SysTrust Management Assertion
SysTrust System Description
SysTrust Schedule of Controls
Appendix Open Security Architecture for Cloud
Computing
Legend
Description
Key Control Areas
Examples
Assumptions
Typical Challenges
Indications
Contraindications
Resistance Against Threats
References
Control Details
Glossar
Inhaltsverzeichnis
Chapter 1 Introduction
Mind the Gap
The Evolution of Cloud Computing
Summary
Chapter 2 What Is Cloud Computing?
Cloud Computing Defined
The SPI Framework for Cloud Computing
The Traditional Software Model
The Cloud Services Delivery Model
Cloud Deployment Models
Key Drivers to Adopting the Cloud
The Impact of Cloud Computing on Users
Governance in the Cloud
Barriers to Cloud Computing Adoption in the Enterprise
Summary
Chapter 3 Infrastructure Security
Infrastructure Security: The Network Level
Infrastructure Security: The Host Level
Infrastructure Security: The Application Level
Summary
Chapter 4 Data Security and Storage
Aspects of Data Security
Data Security Mitigation
Provider Data and Its Security
Summary
Chapter 5 Identity and Access Management
Trust Boundaries and IAM
Why IAM?
IAM Challenges
IAM Definitions
IAM Architecture and Practice
Getting Ready for the Cloud
Relevant IAM Standards and Protocols for Cloud Services
IAM Practices in the Cloud
Cloud Authorization Management
Cloud Service Provider IAM Practice
Guidance
Summary
Chapter 6 Security Management in the Cloud
Security Management Standards
Security Management in the Cloud
Availability Management
SaaS Availability Management
PaaS Availability Management
IaaS Availability Management
Access Control
Security Vulnerability, Patch, and Configuration Management
Summary
Chapter 7 Privacy
What Is Privacy?
What Is the Data Life Cycle?
What Are the Key Privacy Concerns in the Cloud?
Who Is Responsible for Protecting Privacy?
Changes to Privacy Risk Management and Compliance in Relation to
Cloud Computing
Legal and Regulatory Implications
U.S. Laws and Regulations
International Laws and Regulations
Summary
Chapter 8 Audit and Compliance
Internal Policy Compliance
Governance, Risk, and Compliance (GRC)
Illustrative Control Objectives for Cloud Computing
Incremental CSP-Specific Control Objectives
Additional Key Management Control Objectives
Control Considerations for CSP Users
Regulatory/External Compliance
Other Requirements
Cloud Security Alliance
Auditing the Cloud for Compliance
Summary
Chapter 9 Examples of Cloud Service Providers
Amazon Web Services (IaaS)
Google (SaaS, PaaS)
Microsoft Azure Services Platform (PaaS)
Proofpoint (SaaS, IaaS)
RightScale (IaaS)
Salesforce.com (SaaS, PaaS)
Sun Open Cloud Platform
Workday (SaaS)
Summary
Chapter 10 Security-As-a-[Cloud] Service
Origins
Today s Offerings
Summary
Chapter 11 The Impact of Cloud Computing on the
Role of Corporate IT
Why Cloud Computing Will Be Popular with Business Units
Potential Threats of Using CSPs
A Case Study Illustrating Potential Changes in the IT Profession
Caused by Cloud Computing
Governance Factors to Consider When Using Cloud Computing
Summary
Chapter 12 Conclusion, and the Future of the Cloud
Analyst Predictions
Survey Says?
Security in Cloud Computing
Program Guidance for CSP Customers
The Future of Security in Cloud Computing
Summary
Appendix SAS 70 Report Content Example
Section I: Service Auditor s Opinion
Section II: Description of Controls
Section III: Control Objectives, Related Controls, and Tests of Operating Effectiveness
Section IV: Additional Information Provided by the Service
Organization
Appendix SysTrust Report Content Example
SysTrust Auditor s OpinionAmerican Institute of Certified Public Accountants (AICPA),
Trust Services Principles, Criteria and Illustrations for Security,
Availability, Processing Integrity, Confidentiality, and Privacy
(Including WebTrust® and SysTrust®), 2006. Available at . [Trust Services
Principles]
SysTrust Management Assertion
SysTrust System Description
SysTrust Schedule of Controls
Appendix Open Security Architecture for Cloud
Computing
Legend
Description
Key Control Areas
Examples
Assumptions
Typical Challenges
Indications
Contraindications
Resistance Against Threats
References
Control Details
Glossar
Chapter 1 Introduction
Mind the Gap
The Evolution of Cloud Computing
Summary
Chapter 2 What Is Cloud Computing?
Cloud Computing Defined
The SPI Framework for Cloud Computing
The Traditional Software Model
The Cloud Services Delivery Model
Cloud Deployment Models
Key Drivers to Adopting the Cloud
The Impact of Cloud Computing on Users
Governance in the Cloud
Barriers to Cloud Computing Adoption in the Enterprise
Summary
Chapter 3 Infrastructure Security
Infrastructure Security: The Network Level
Infrastructure Security: The Host Level
Infrastructure Security: The Application Level
Summary
Chapter 4 Data Security and Storage
Aspects of Data Security
Data Security Mitigation
Provider Data and Its Security
Summary
Chapter 5 Identity and Access Management
Trust Boundaries and IAM
Why IAM?
IAM Challenges
IAM Definitions
IAM Architecture and Practice
Getting Ready for the Cloud
Relevant IAM Standards and Protocols for Cloud Services
IAM Practices in the Cloud
Cloud Authorization Management
Cloud Service Provider IAM Practice
Guidance
Summary
Chapter 6 Security Management in the Cloud
Security Management Standards
Security Management in the Cloud
Availability Management
SaaS Availability Management
PaaS Availability Management
IaaS Availability Management
Access Control
Security Vulnerability, Patch, and Configuration Management
Summary
Chapter 7 Privacy
What Is Privacy?
What Is the Data Life Cycle?
What Are the Key Privacy Concerns in the Cloud?
Who Is Responsible for Protecting Privacy?
Changes to Privacy Risk Management and Compliance in Relation to
Cloud Computing
Legal and Regulatory Implications
U.S. Laws and Regulations
International Laws and Regulations
Summary
Chapter 8 Audit and Compliance
Internal Policy Compliance
Governance, Risk, and Compliance (GRC)
Illustrative Control Objectives for Cloud Computing
Incremental CSP-Specific Control Objectives
Additional Key Management Control Objectives
Control Considerations for CSP Users
Regulatory/External Compliance
Other Requirements
Cloud Security Alliance
Auditing the Cloud for Compliance
Summary
Chapter 9 Examples of Cloud Service Providers
Amazon Web Services (IaaS)
Google (SaaS, PaaS)
Microsoft Azure Services Platform (PaaS)
Proofpoint (SaaS, IaaS)
RightScale (IaaS)
Salesforce.com (SaaS, PaaS)
Sun Open Cloud Platform
Workday (SaaS)
Summary
Chapter 10 Security-As-a-[Cloud] Service
Origins
Today s Offerings
Summary
Chapter 11 The Impact of Cloud Computing on the
Role of Corporate IT
Why Cloud Computing Will Be Popular with Business Units
Potential Threats of Using CSPs
A Case Study Illustrating Potential Changes in the IT Profession
Caused by Cloud Computing
Governance Factors to Consider When Using Cloud Computing
Summary
Chapter 12 Conclusion, and the Future of the Cloud
Analyst Predictions
Survey Says?
Security in Cloud Computing
Program Guidance for CSP Customers
The Future of Security in Cloud Computing
Summary
Appendix SAS 70 Report Content Example
Section I: Service Auditor s Opinion
Section II: Description of Controls
Section III: Control Objectives, Related Controls, and Tests of Operating Effectiveness
Section IV: Additional Information Provided by the Service
Organization
Appendix SysTrust Report Content Example
SysTrust Auditor s OpinionAmerican Institute of Certified Public Accountants (AICPA),
Trust Services Principles, Criteria and Illustrations for Security,
Availability, Processing Integrity, Confidentiality, and Privacy
(Including WebTrust® and SysTrust®), 2006. Available at . [Trust Services
Principles]
SysTrust Management Assertion
SysTrust System Description
SysTrust Schedule of Controls
Appendix Open Security Architecture for Cloud
Computing
Legend
Description
Key Control Areas
Examples
Assumptions
Typical Challenges
Indications
Contraindications
Resistance Against Threats
References
Control Details
Glossar