Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Cloud security and privacy : an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009. 336 pp. Type: Book (9780596802769)
Date Reviewed: Jan 26 2010

An important aspect that is often overlooked in the hype around cloud computing--the security of data that is processed and stored through cloud computing--is covered in this book. It is written from a customer’s point of view and provides an in-depth introduction to the field of cloud computing and how to secure one’s data.

The authors make the interesting point that cloud computing is not so much a new technology, as an innovative combination of already available technologies. From a security perspective, integrating different technologies often introduces additional risks that need to be managed adequately. These concerns are addressed in the next four chapters, starting with infrastructure security.

The chapter on infrastructure security focuses mostly on what customers can do to protect the part of the cloud for which they are responsible. Mather et al. consider applications part of the infrastructure, and provide a detailed overview of securing applications that are run in a cloud. They cover the importance of service level agreements to clearly define the responsibilities of cloud vendor and client.

The aspect of confidentiality is further covered in chapter 5, which deals with identity and access management. Cloud computing makes the so-called trust boundary more dynamic, since organizations are no longer in charge of every aspect of the network. This means that organizations need to put their own houses in order, before engaging in cloud computing.

Once the identity life cycle is properly controlled, the organization can focus on the specific challenges related to cloud computing through identity access and management. The authors provide a solid overview of four major considerations and the related technological solutions: Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML), Extensible Access Control Markup Language (XACML), and open authentication (OAuth). As the authors rightfully state: “Handling identity and access management in the cloud remains one of the major hurdles for enterprise adoption of cloud services.” Further chapters discuss privacy, cross border data flows, and the international legal framework.

Overall, the book is well structured and straightforward; it provides a good introduction to the field of cloud computing. It will be of great help to those who are looking for guidance on this new technological development.

Reviewer:  Riemer Brouwer Review #: CR137667 (1101-0004)
Bookmark and Share
  Featured Reviewer  
 
Cloud Computing (C.2.4 ... )
 
 
Security and Protection (C.2.0 ... )
 
 
General (C.2.0 )
 
 
Security and Protection (K.6.5 )
 
 
System Management (K.6.4 )
 
Would you recommend this review?
yes
no
Other reviews under "Cloud Computing": Date
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (1 of 3)
Dec 14 2009
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (3 of 3)
Mar 18 2010
Cloud computing for the masses
Fouquet M., Niedermayer H., Carle G.  U-NET 2009 (Proceedings of the 1st ACM Workshop on User-provided Networking: Challenges and Opportunities, Rome, Italy, Dec 1, 2009)31-36, 2009. Type: Proceedings
Apr 15 2010
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy