This book provides timely guidance for both end users and suppliers of cloud technologies. Predictably, it begins with a discussion of the definition of cloud computing that includes its commonly agreed-upon attributes of multitenancy, massive scalability, elasticity, self-provisioning resources, and a pay-as-you-go business model. This book is not a tutorial or cookbook of methodologies and examples; rather, it details the policy frameworks and practices necessary for managing identity, access, privacy, auditing, and compliance in public and private cloud computing systems.
The book’s primary value is its thorough discussion of security objectives, risk management, and regulatory and compliance requirements for cloud service providers. Chapters on identity access management, the International Organization for Standardization (ISO) and the Information Technology Infrastructure Library (ITIL) security standards, and privacy laws and regulations are particularly informative.
The authors briefly discuss examples of cloud service providers, including Amazon Web Services, Google, Microsoft Azure, Sun’s Open Cloud Platform, and Salesforce.com. They do not describe the security policies or implementations of these systems. The book concludes with chapters on the impact of cloud computing and its future, including a commentary on the risks and benefits of this emerging technology, which is both optimistic and cautionary. Three appendices include extensive references to threat awareness and management, and to policy development and enforcement.