Cloud Security and Privacy:an Enterprise Perspective on Risks and Comp  (English, Paperback, Mather Tim)

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.

Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking.

• Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
• Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
• Discover which security management frameworks and standards are relevant for the cloud
• Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
• Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
• Examine security delivered as a service-a different facet of cloud security

About The Author

Tim Mather is an experienced security professional who is currently pursuing a graduate degree in information assurance full-time. He is a frequent speaker and commentator on informa-tion security issues, and serves as an Advisor to several security-related start-ups. Most recently, he was the Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec's Office of the Chief Technology Officer, responsible for coordinating the company's long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as Chief Information Security Officer (CISO). As CISO, Tim was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities. He also worked closely with internal products groups on security capabilities in Symantec products.

Subra Kumaraswamy has more than 18 years of engineering and management experience in information security, Internet, and e-commerce technologies. He is currently leading an Identity & Access Management program within Sun Microsystems. Subra has held leadership positions at various Internet-based companies, including Netscape, Who Where, Lycos, and Knowledge Networks. He was the cofounder of two Internet-based startups, Cool Sync and Zingdata. He also worked at Accenture and the University of Notre Dame in security consulting and software engineering roles. In his spare time, Subra researches emerging technologies such as cloud computing to understand the security and privacy implications for users and enterprises. Subra is one of the authors of Cloud Security and Privacy, which addresses issues that affect any organization preparing to use cloud computing as an option. He's a founding member of the Cloud Security Alliance as well as cochair of the Identity & Access Management and Encryption & Key Management work groups. Subra has a master's degree in computer engineering and is CISSP certified.

Shahed Latif is a partner in KPMG's Advisory practice having extensive IT and business skills. He has over 21 years of experience working with the global fortune 1000 companies focusing on providing business and technology solutions across a variety of areas. Shahed has spent 10 years in the London office working in the financial sector consulting group, Information Risk management group and the assurance practice. He has worked on large global companies giving him the opportunity to have worked in Africa, Asia, and Europe.

Table of Contents

Chapter 1 Introduction

Chapter 2 What Is Cloud Computing?

Chapter 3 Infrastructure Security

Chapter 4 Data Security and Storage

Chapter 5 Identity and Access Management

Chapter 6 Security Management in the Cloud

Chapter 7 Privacy

Chapter 8 Audit and Compliance

Chapter 9 Examples of Cloud Service Providers

Chapter 10 Security-As-a-[Cloud] Service

Chapter 11 The Impact of Cloud Computing on the Role of Corporate IT

Chapter 12 Conclusion, and the Future of the Cloud

Appendix SAS 70 Report Content Example

Appendix Sys Trust Report Content Example

Appendix Open Security Architecture for Cloud Computing

Colophon