With cloud computing quickly becoming a standard in today's IT environments, many security experts are raising concerns regarding security and privacy in outsourced cloud environments-requiring a change in how we evaluate risk and protect information, processes, and people.
Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud explains how to address the security risks that can arise from outsourcing or adopting cloud technology. Providing you with an understanding of the fundamentals, it supplies authoritative guidance and examples on how to tailor the right risk approach for your organization.
Covering onshore, offshore, and cloud services, it provides concrete examples and illustrative case studies that describe the specifics of what to do and what not to do across a variety of implementation scenarios. This book will be especially helpful to managers challenged with an outsourcing situation-whether preparing for it, living it day to day, or being tasked to safely bring back information systems to the organization.
Many factors can play into the success or failure of an outsourcing initiative. This book not only provides the technical background required, but also the practical information about outsourcing and its mechanics.
By describing and analyzing outsourcing industry processes and technologies, along with their security and privacy impacts, this book provides the fundamental understanding and guidance you need to keep your information, processes, and people secure when IT services are outsourced.
|Publisher:||Taylor & Francis|
|Product dimensions:||6.90(w) x 9.40(h) x 0.80(d)|
About the Author
Frank Siepmann is a Security Executive with over 29 years of IT experience. In 1996 he started focusing on IT Security. Mr. Siepmann has been leading security organizations and programs with globally dispersed teams and has been known to challenge the status quo by creating new value propositions. He has spent over 7 years of his career at leading Big-4 consulting companies in executive or senior management roles. During this time and after it he had the opportunity to work with many Fortune 100 companies.
Some of Mr. Siepmann's roles have included Director of Information Security for a $4B business unit, Security Executive (CISO) for the largest outsourcing deal of a Big-4 consulting company and Security Architect for the cloud initiative of a Fortune 10 financial institution. In 2008 he established his own security consulting company, 1SSA, with a focus on providing services to U.S. government entities and commercial companies globally. He has presented at International Security Conferences and has published throughout his whole career.
Table of Contents
History of Outsourcing
The Early Days of Outsourcing
Business Transformation Outsourcing
Business Process Outsourcing
Knowledge Process Outsourcing
The Internals of Outsourcing
Typical Financial Outsourcing Model
The Top Outsourcing Countries
Former Employees of Clients
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
What the Cloud Is and Is Not
Beyond the Cloud
Virtual Private Cloud
Standardization between CSPs
Compliance in the Cloud
Security and Privacy Issues with Cloud Computing
Scalability versus Elasticity
Denial of Service
Cloud Network Configuration
Firewalls in the Cloud
Availability and Service Level Agreements
Authentication, Authorization, Accounting
Address the Cloud Security/Privacy Dilemma
SAS-70, SOC 1, and SOC 2 Audits
Cryptography and the Cloud
Encryption Keys and the Cloud
Third-Party Cloud Security Providers
FedRAMP and the Federal Cloud
How to Securely Move to the Cloud
Before You Decide to Outsource
Security and Privacy Impacts
Letter and Parcels
Network Address Translation (NAT) Issues
Single Sign-On and Federation (SAML/XACML)
Remote Desktop Support
Trouble Ticket Systems
Ready to Outsource
The Perfect Outsourcing Company
Doing Your Homework
Understand What Is Offered
Is BTO the Right Choice?
Ask the Right Questions
Dedicated Resources or Not?
Talking with Existing Clients
What Matters for the Outsourcing Company?
Challenges Outsourcing Companies Face
Which Security ControlsOurs or Theirs?
Complete Outsourced Operation
Next StepClean House
Alignment of IT and Security Strategy
Information Security Policy
Organization of Information Security
External Parties’ Security
Information Classification Security
Prior to Employment Security
During Employment Security
Termination or Change-of-Employment Security
Outsourcing Security Readiness Assessment
Tactical GoalsNow or Later?
Day One and Beyond
Enabling the Outsourcer
Access to Required Information
The Stable Years
Outsourcing Personnel Turnover
When We Part
How to Prepare
Analysis of What Needs to Be Done
The Exit Plan
When the Day Comes
British Health Records
Transportation Strike in Bangalore
Submarine Cable Cuts
T-Mobile: Sidekick in Danger of the Microsoft Cloud
Outages at Amazon Are Sometimes Due to "Gossip"
Google Services Impacted by Cloud Outages
Microsoft’s Azure and Hotmail
Salesforce.com’s Cloud Goes Down
Background Investigation Lacking
Privacy LawsNot Here
Can You Hear Me Now? CDMA Limitations
Transformation SuccessfulPatient Dead
Public Instant MessengerShare the Joy