Because everyone, knowingly or unknowingly, is a user of cloud services, this practical guide is recommended to technical and nontechnical readers alike, to get a compact and to-the-point presentation of risks associated with cloud storage systems from a security and privacy perspective.
With its handy format, the book can be read instantly or saved as a reference, to be consulted in case of need. The first chapter starts with an introduction to key terms and concepts, using well-accepted terminology from the National Institute of Standards and Technology (NIST); continues providing an introduction to privacy and security, with examples of how different commercial providers deal with cloud service provisioning; and is concluded by illustrating the challenges associated with cloud-based data sharing.
The second chapter moves into a more practical realm, by discussing the approaches through which different providers deliver application services. Services covered include email, cloud backup, social media, health applications, and productivity suites, and companies included in the analysis range from mega-players such as Google, Yahoo!, Facebook, and Microsoft, to smaller ones, operating in a niche, such as Carbonite and Mozy. The analysis of the terms of service for the different providers, and of the technical arrangements put in place to deliver the service, contributes to clarifying how diverse the market offering can be: one key takeaway is the big difference in the handling of user privacy between those that offer services for free versus those that do it for a fee.
The topic of privacy is further discussed in chapter 3, covering the legal issues related to geolocation, to data access by employers and insurance companies, to access requests in cases of litigation, as well as psychological and lifestyle profiling.
The safeguards put in place by governments, for example the US, Europe, and India, are discussed in chapter 4, providing a compact explanation of laws such as The Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), and acts such as the European Data Protection Directive.
Going back to the hands-on approach, the authors present privacy tools in chapter 5 to provide two-factor authentication, personal encryption, and secure email, and continue in chapter 6 with a summary of best practices that should be followed by providers to provide effective physical and security controls.
Short, compact, and easy to read, this practical guide on cloud storage security is useful and up to date. While not a milestone in computer science literature, it is surely an honest, useful contribution and a recommended read.