Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance [NOOK Book]


You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.

Ideal for IT staffers, information security and privacy practitioners, business managers, ...

See more details below
Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$15.49 price
(Save 44%)$27.99 List Price


You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.

Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking.

  • Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
  • Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
  • Discover which security management frameworks and standards are relevant for the cloud
  • Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
  • Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
  • Examine security delivered as a service-a different facet of cloud security
Read More Show Less

Product Details

  • ISBN-13: 9781449379513
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 9/4/2009
  • Series: Theory in Practice
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 338
  • Sales rank: 862,839
  • File size: 8 MB

Meet the Author

Tim Mather is an experienced security professional who is currently pursing a graduate degree in information assurance full-time. He is a frequent speaker and commentator on informa-tion security issues, and serves as an Advisor to several security-related start-ups.

Most recently, he was the Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec's Office of the Chief Technology Officer, responsible for coordinating the company's long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as Chief Information Security Officer (CISO). As CISO, Tim was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities. He also worked closely with internal products groups on security capabilities in Symantec products.

Prior to joining Symantec in September 1999, Tim was the Manager of Security at VeriSign. Additionally, he was formerly Manager of Information Systems Security at Apple Computer. Tim's experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C3I) project, which involved both civilian and military departments and agencies.

Tim is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM). He holds Masters Degrees in National Security Studies from Georgetown University, and International Policy Studies from Monterey Institute of International Studies. Tim holds a Bachelor's Degree in Political Economics from the University of California at Berkeley.

Subra Kumaraswamy has more than 18 years of engineering and management experience in information security, Internet, and e-commerce technologies. He is currently leading an Identity & Access Management program within Sun Microsystems. Subra has held leadership positions at various Internet-based companies, including Netscape, WhoWhere, Lycos, and Knowledge Networks. He was the cofounder of two Internet-based startups, CoolSync and Zingdata. He also worked at Accenture and the University of Notre Dame in security consulting and software engineering roles. In his spare time, Subra researches emerging technologies such as cloud computing to understand the security and privacy implications for users and enterprises. Subra is one of the authors of Cloud Security and Privacy, which addresses issues that affect any organization preparing to use cloud computing as an option. He's a founding member of the Cloud Security Alliance as well as cochair of the Identity & Access Management and Encryption & Key Management workgroups. Subra has a master's degree in computer engineering and is CISSP certified.

Shahed Latif is a partner in KPMG's Advisory practice having extensive IT and business skills. He has over 21 years of experience working with the global fortune 1000 companies focusing on providing business and technology solutions across a variety of areas. Shahed has spent 10 years in the London office working in the financial sector consulting group, Information Risk management group and the assurance practice. He has worked on large global companies giving him the opportunity to have worked in Africa, Asia, and Europe.

Read More Show Less

Table of Contents

Preface xi

1 Introduction 1

"Mind the Gap" 1

The Evolution of Cloud Computing 2

Summary 2

2 What Is Cloud Computing? 7

Cloud Computing Defined 7

The SPI Framework for Cloud Computing 11

The Traditional Software Model 17

The Cloud Services Delivery Model 17

Cloud Deployment Models 22

Key Drivers to Adopting the Cloud 26

The Impact of Cloud Computing on Users 27

Governance in the Cloud 30

Barriers to Cloud Computing Adoption in the Enterprise 30

Summary 34

3 Infrastructure Security 35

Infrastructure Security: The Network Level 36

Infrastructure Security: The Host Level 44

Infrastructure Security: The Application Level 49

Summary 59

4 Data Security and Storage 61

Aspects of Data Security 61

Data Security Mitigation 65

Provider Data and Its Security 66

Summary 71

5 Identity and Access Management 73

Trust Boundaries and IAM 73

Why IAM? 74

IAM Challenges 76

IAM Definitions 76

IAM Architecture and Practice 77

Getting Ready for the Cloud 80

Relevant IAM Standards and Protocols for Cloud Services 82

IAM Practices in the Cloud 92

Cloud Authorization Management 98

Cloud Service Provider IAM Practice 99

Guidance 104

Summary 107

6 Security Management In The Cloud 109

Security Management Standards 112

Security Management in the Cloud 113

Availability Management 115

SaaS Availability Management 117

PaaS Availability Management 120

IaaS Availability Management 122

Access Control 124

Security Vulnerability, Patch, and Configuration Management 130

Summary 141

7 Privacy 145

What is Privacy? 146

What Is the Data Life Cycle? 146

What Are the Key Privacy Concerns in the Cloud? 149

Who IsResponsible for Protecting Privacy? 150

Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing 151

Legal and Regulatory Implications 155

U.S. Laws and Regulations 155

International Laws and Regulations 162

Summary 164

8 Audit and Compliance 167

Internal Policy Compliance 168

Governance, Risk, and Compliance (GRC) 170

Illustrative Control Objectives for Cloud Computing 174

Incremental CSP-Specific Control Objectives 179

Additional Key Management Control Objectives 180

Control Considerations for CSP Users 181

Regulatory/External Compliance 182

Other Requirements 192

Cloud Security Alliance 192

Auditing the Cloud for Compliance 194

Summary 202

9 Examples Of Cloud Service Providers 203

Amazon Web Services (laaS) 203

Google (SaaS, PaaS) 205

Microsoft Azure Services Platform (PaaS) 206

Proofpoint (SaaS, laaS) 207

RighiScale (laaS) 208 (SaaS, PaaS) 210

Sun Open Cloud Platform 211

Workday (SaaS) 213

Summary 213

10 Security-As-A-[Cloud] Service 217

Origins 218

Today's Offerings 220

Summary 223

11 The Impact of Cloud Computing on The Role of Corporate It 225

Why Cloud Computing Wilt Be Popular with Business Units 226

Potential Threats of Using CSPs 228

A Case Study Illustrating Potential Changes in the IT Profession Caused by Cloud Computing 230

Governance Factors to Consider When Using Cloud Computing 235

Summary 236

12 Conclusion and The Future of The Cloud 239

Analyst Predictions 240

Survey Says? 242

Security in Cloud Computing 245

Program Guidance for CSP Customers 257

The Future of Security in Cloud Computing 260

Summary 265

A Sas 70 Report Content Example 267

B Systrust Report Content Example 273

C Open Security Architecture for Cloud Computing 279

Glossary 293

Index 299

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)