Cloud Security: A Comprehensive Guide to Secure Cloud Computing

( 1 )

Overview

Well-known security experts decipher the most challenging aspect of cloud computing-security

Cloud computing allows for both large and small organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. However, these benefits are accompanied by a myriad of security issues, and this ...

See more details below
Paperback
$37.59
BN.com price
(Save 24%)$50.00 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (16) from $3.79   
  • New (10) from $4.48   
  • Used (6) from $3.79   

Overview

Well-known security experts decipher the most challenging aspect of cloud computing-security

Cloud computing allows for both large and small organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. However, these benefits are accompanied by a myriad of security issues, and this valuable book tackles the most common security challenges that cloud computing faces.

The authors offer you years of unparalleled expertise and knowledge as they discuss the extremely challenging topics of data ownership, privacy protections, data mobility, quality of service and service levels, bandwidth costs, data protection, and support.

As the most current and complete guide to helping you find your way through a maze of security minefields, this book is mandatory reading if you are involved in any aspect of cloud computing.

Coverage Includes:

  • Cloud Computing Fundamentals
  • Cloud Computing Architecture
  • Cloud Computing Software Security Fundamentals
  • Cloud Computing Risks Issues
  • Cloud Computing Security Challenges
  • Cloud Computing Security Architecture
  • Cloud Computing Life Cycle Issues
  • Useful Next Steps and Approaches
Read More Show Less

Editorial Reviews

From the Publisher
"This worthwhile addition to the growing library of cloud security books contains very helpful prescriptions for security policies and practices." (Computing Reviews, January 2011)
Read More Show Less

Product Details

  • ISBN-13: 9780470589878
  • Publisher: Wiley
  • Publication date: 8/21/2010
  • Edition number: 1
  • Pages: 384
  • Sales rank: 1,494,486
  • Product dimensions: 9.54 (w) x 11.06 (h) x 0.87 (d)

Meet the Author

Ronald L. Krutz, PhD, is a senior information systemssecurity consultant with more than 30 years of experience. Hefounded the CMRI Cybersecurity Center at Carnegie MellonUniversity.

Russell Dean Vines is Chief Security Advisor for GothamTechnology Group, LLC, and has been an information systems securityexpert for over 25 years. They coauthored the bestselling CISSPPrep Guide.

Read More Show Less

Table of Contents

Foreword xxi

Introduction xxiii

Chapter 1 Cloud Computing Fundamentals 1

What Cloud Computing Isn’t 7

Alternative Views 8

Essential Characteristics 9

On-Demand Self-Service 9

Broad Network Access 10

Location-Independent Resource Pooling 10

Rapid Elasticity 10

Measured Service 11

Architectural Influences 11

High-Performance Computing 11

Utility and Enterprise Grid Computing 14

Autonomic Computing 15

Service Consolidation 16

Horizontal Scaling 16

Web Services 17

High-Scalability Architecture 18

Technological Influences 18

Universal Connectivity 18

Commoditization 19

Excess Capacity 20

Open-Source Software 21

Virtualization 22

Operational Influences 23

Consolidation 23

Outsourcing 26

Outsourcing Legal Issues 26

Business Process Outsourcing (BPO) Issues 28

IT Service Management 30

Automation 31

Summary 31

Chapter 2 Cloud Computing Architecture 33

Cloud Delivery Models 34

The SPI Framework 34

SPI Evolution 34

The SPI Framework vs. the Traditional IT Model 35

Cloud Software as a Service (SaaS) 37

Benefits of the SaaS Model 38

Cloud Platform as a Service (PaaS) 39

Cloud Infrastructure as a Service (IaaS) 41

Cloud Deployment Models 43

Public Clouds 44

Community Clouds 46

Private Clouds 48

Hybrid Clouds 49

Alternative Deployment Models 50

The Linthicum Model 50

The Jericho Cloud Cube Model 51

Expected Benefits 55

Flexibility and Resiliency 56

Reduced Costs 57

Centralization of Data Storage 58

Reduced Time to Deployment 58

Scalability 58

Summary 59

Chapter 3 Cloud Computing Software Security Fundamentals61

Cloud Information Security Objectives 62

Confidentiality, Integrity, and Availability 63

Confidentiality 63

Integrity 64

Availability 64

Cloud Security Services 64

Authentication 64

Authorization 64

Auditing 65

Accountability 66

Relevant Cloud Security Design Principles 66

Least Privilege 67

Separation of Duties 67

Defense in Depth 67

Fail Safe 68

Economy of Mechanism 68

Complete Mediation 68

Open Design 69

Least Common Mechanism 69

Psychological Acceptability 69

Weakest Link 70

Leveraging Existing Components 70

Secure Cloud Software Requirements 70

Secure Development Practices 71

Handling Data 71

Code Practices 72

Language Options 73

Input Validation and Content Injection 73

Physical Security of the System 73

Approaches to Cloud Software Requirements Engineering 74

A Resource Perspective on Cloud Software Security Requirements75

Goal-Oriented Software Security Requirements 76

Monitoring Internal and External Requirements 77

Cloud Security Policy Implementation and Decomposition 78

Implementation Issues 79

Decomposing Critical Security Issues into Secure Cloud SoftwareRequirements 81

NIST 33 Security Principles 85

Secure Cloud Software Testing 86

Testing for Security Quality Assurance 87

Conformance Testing 89

Functional Testing 90

Performance Testing 92

Security Testing 94

Cloud Penetration Testing 99

Legal and Ethical Implications 100

The Three Pre-Test Phases 103

Penetration Testing Tools and Techniques 105

Regression Testing 111

Cloud Computing and Business Continuity Planning/Disaster

Recovery 113

Definitions 113

General Principles and Practices 114

Disaster Recovery Planning 114

Business Continuity Planning 117

Using the Cloud for BCP/DRP 119

Redundancy Provided by the Cloud 119

Secure Remote Access 120

Integration into Normal Business Processes 120

Summary 120

Chapter 4 Cloud Computing Risk Issues 125

The CIA Triad 125

Confidentiality 125

Integrity 126

Availability 126

Other Important Concepts 127

Privacy and Compliance Risks 127

The Payment Card Industry Data Security Standard (PCI DSS)128

Information Privacy and Privacy Laws 130

Threats to Infrastructure, Data, and Access Control 141

Common Threats and Vulnerabilities 141

Logon Abuse 143

Inappropriate System Use 143

Eavesdropping 143

Network Intrusion 144

Denial-of-Service (DoS) Attacks 144

Session Hijacking Attacks 144

Fragmentation Attacks 145

Cloud Access Control Issues 145

Database Integrity Issues 146

Cloud Service Provider Risks 147

Back-Door 148

Spoofing 148

Man-in-the-Middle 148

Replay 148

TCP Hijacking 149

Social Engineering 149

Dumpster Diving 149

Password Guessing 150

Trojan Horses and Malware 150

Summary 151

Chapter 5 Cloud Computing Security Challenges 153

Security Policy Implementation 154

Policy Types 154

Senior Management Statement of Policy 155

Regulatory Policies 155

Advisory Policies 155

Informative Policies 155

Computer Security Incident Response Team (CSIRT) 156

Virtualization Security Management 157

Virtual Threats 158

Hypervisor Risks 163

Increased Denial of Service Risk 164

VM Security Recommendations 165

Best Practice Security Techniques 165

VM-Specific Security Techniques 169

Hardening the Virtual Machine 169

Securing VM Remote Access 172

Summary 173

Chapter 6 Cloud Computing Security Architecture 177

Architectural Considerations 178

General Issues 178

Compliance 178

Security Management 179

Information Classification 181

Employee Termination 185

Security Awareness, Training, and Education 186

Trusted Cloud Computing 188

Trusted Computing Characteristics 188

Secure Execution Environments and Communications 191

Secure Execution Environment 191

Secure Communications 191

Microarchitectures 203

Identity Management and Access Control 204

Identity Management 205

Passwords 205

Tokens 206

Memory Cards 207

Smart Cards 207

Biometrics 207

Implementing Identity Management 209

Access Control 210

Controls 210

Models for Controlling Access 211

Single Sign-On (SSO) 212

Autonomic Security 213

Autonomic Systems 213

Autonomic Protection 215

Autonomic Self-Healing 215

Summary 216

Chapter 7 Cloud Computing Life Cycle Issues 217

Standards 218

Jericho Forum 218

The Distributed Management Task Force (DMTF) 219

The DMTF Open Virtualization Format (OVF) 219

The DMTF Open Cloud Standards Incubator 220

The International Organization for Standardization (ISO) 220

ISO 27001 220

ISO 27002 222

ISO 27003 222

ISO 27004 223

ISO 27005 223

ISO 27006 224

International Organization for Standardization/InternationalElectrotechnical Commission ISO/IEC 29361, ISO/IEC 29362, andISO/IEC 29363 Standards 224

Distributed Application Platforms and Services 225

The European Telecommunications Standards Institute (ETSI)226

The Organization for the Advancement of Structured InformationStandards (OASIS) 226

Storage Networking Industry Association (SNIA) 226

Open Grid Forum (OGF) 227

The Open Web Application Security Project (OWASP) 227

OWASP Top Ten Project 227

OWASP Development Guide 228

OWASP Code Review Guide 229

OWASP Testing Guide 230

Incident Response 231

NIST Special Publication 800-61 231

Preparation 232

Detection and Analysis 232

Containment, Eradication, and Recovery 233

Post-Incident Activity 234

NIST Incident-Handling Summary 234

Internet Engineering Task Force Incident-Handling Guidelines234

Layered Security and IDS 236

Intrusion Detection 236

IDS Issues 240

Computer Security and Incident Response Teams 241

CERT/CC 242

FedCIRC 242

Forum of Incident Response and Security Teams 243

Security Incident Notification Process 243

Automated Notice and Recovery Mechanisms 244

Encryption and Key Management 246

VM Architecture 246

Key Protection Countermeasures 247

Hardware Protection 248

Software-Based Protection 249

Data Deduplication 250

Hashing 251

Retirement 252

VM Life Cycle 252

Overwriting 253

Degaussing 254

Destruction 254

Record Retention 255

Data Remanence 255

Due Care and Due Diligence 255

Documentation Control 256

Summary 256

Chapter 8 Useful Next Steps and Approaches 259

Getting Answers 259

What Services Should Be Moved to the Cloud? 260

What Questions Should You Ask Your Cloud Provider? 261

When Should You Use a Public, Private, or Hybrid Cloud? 262

Getting Help 264

Cloud Security Alliance 264

Cloud Computing Google Groups 265

Cloud Computing Interoperability Forum 266

Open Cloud Consortium 266

Getting Started 267

Top Ten List 267

1. Assess Your Data’s Sensitivity 268

2. Analyze the Risks vs. Benefits of Cloud Computing 271

3. Define Business Objectives 273

4. Understand the Underlying Structure of Your Network 273

5. Implement Traditional Best Practice Security Solutions274

6. Employ Virtualization Best Practices 274

7. Prevent Data Loss with Backups 275

8. Monitor and Audit 275

9. Seek Out Advice 276

10. Employ Deception 277

Parting Words 277

Glossary of Terms and Acronyms 279

References 345

Index 349

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star

(1)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted October 3, 2012

    Glimmer

    A silver shecat with black paws was sitting in a clearing. As soon as the first cat came she lifted her ears and said "is it you"

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)