“Securing the Cloud” – Mike Smith reviews latest book

The author, Vic (JR) Winkler, is regarded as an international authority on applications engineering and information security, having published many conference papers, articles and books.  Securing the Cloud : Cloud Computer Security Techniques and Tactics is aimed at a wide audience, ranging from readers who need a sound introduction to cloud computing to technical managers with responsibilities for selecting, managing and auditing cloud-based architectures and systems.

Securing the Cloud

Securing the Cloud describes security issues in detail, including those of risk, data ownership and data privacy legislation.  These provide a relevant and useful lead-in to the next three chapters (chapters 4, 5 and 6) that describe the various cloud architectures, security arrangements, key strategies and best practice for cloud-based systems.  This section of the book goes into some detail on a whole range of both general security and cloud-specific topics, together with some excellent references to the control and ownership of cloud-based data, an overview of standards, and the economics of cloud computing. Interestingly, the limitations of data encryption are referred to which might alert the less technically orientated reader to the dangers of assuming that encryption is the answer to all information security concerns!  A further useful feature of this section is the glossary of definitions, whilst confidentiality, integrity and availability are dealt with concisely in a section in which monitoring as a service is discussed. 

Some very useful checklists for evaluating cloud security are included in Chapter 9, providing a framework for addressing information security in a cloud-based environment.  These checklists could also be used to devise appropriate measures for monitoring cloud security in both an internal or external cloud situation.

Evaluation

The book is well written and logically organised with useful end-of-chapter summaries.  These are effective in providing concise overviews of each main topic at a glance, acting as a guide to specific areas of interest should the reader wish to delve back into the book after a first reading! 

Although some chapters appear at first glance to be quite technical in their approach, each section is logically arranged and should appeal to readers with a highly technical background and managers with responsibility for or involvement in the selection or operation of a cloud-based computing environment.  It will certainly help alert newcomers to cloud computing to the potential pitfalls, specifically those relating to information security, and remove some of the misconceptions surrounding this mode of computing. 

Given current economic pressures to reduce infrastructure and operational costs in business, and the perception that cloud computing can be a quick and relatively straightforward model for deployment with reduced need for IT-savvy staff, it is no bad thing that the security pros and cons of cloud computing are highlighted.  It is for this reason that the book is recommended for a broad range of readers, including infrastructure engineers, information security specialists and systems integrators.  Even those charged with selecting and managing cloud facilities without the benefit of a highly technical background will find the text of great use in, for example, drafting and monitoring service level agreements with cloud providers!

Securing the Cloud: Cloud Computer Security Techniques and Tactics is available to buy from IT Governance UK and USA websites.