Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Cloud Security and Privacy", Tim Mather/Subra Kumaraswamy/Shahed Latif

Reply
Thread Tools

REVIEW: "Cloud Security and Privacy", Tim Mather/Subra Kumaraswamy/Shahed Latif

 
 
Rob Slade, doting grandpa of Ryan and Trevor
Guest
Posts: n/a
 
      07-04-2010
BKCLSEPR.RVW 20091113

"Cloud Security and Privacy", Tim Mather/Subra Kumaraswamy/Shahed
Latif, 2009, 978-0-596-802769, U$34.99/C$43.99
%A Tim Mather
%A Subra Kumaraswamy
%A Shahed Latif
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 2009
%G 978-0-596-802769 0-596-802765
%I O'Reilly & Associates, Inc.
%O U$34.99/C$43.99 800-998-9938 707-829-0515 http://www.velocityreviews.com/forums/(E-Mail Removed)
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 312 p.
%T "Cloud Security and Privacy"

The preface tells how the authors met, and that they were interested
in writing a book on clouds and security. It provides no definition
of cloud computing. (It also emphasizes an interest in being "first
to market" with a work on this topic.)

Chapter one is supposed to be an introduction. It is very brief, and,
yet again, doesn't say what a cloud is. (The authors aren't very
careful about building background information: the acronym SPI is
widely used and important to the book, but is used before it is
defined. It stands for Saas/Paas/Iaas, or software-as-a-service,
platform-as-a-service, and infrastructure-as-a-service. More simply,
this refers to applications, management/development utilities, and
storage.) A delineation of cloud computing is finally given in
chapter two, stating that it is characterized by multitenancy,
scalability, elasticity, pay-as-you-go options, and self-provisioning.
(As these aspects are expanded, it becomes clear that the scalability,
elasticity, and self-provisioning characteristics the authors describe
are essentially the same thing: the ability of the user or client to
manage the increase or decrease in services used.) The fact that the
authors do not define the term "cloud" becomes important as the guide
starts to examine security considerations. Interoperability is listed
as a benefit of the cloud, whereas one of the risks is identified as
vendor lock-in: these two factors are inherently mutually exclusive.

Chapter three talks about infrastructure security, but the advice
seems to reduce to a recommendation to review the security of the
individual components, including Saas, Paas, and network elements,
which seems to ignore the emergent risks arising from any complex
environment. Encryption is said to be only a small part of data
security in storage, as addressed in chapter four, but most of the
material discusses encryption. The deliberation on cryptography is
superficial: the authors have managed to include the very recent
research on homomorphic encryption, and note that the field will
advance rapidly, but do not mention that homomorphic encryption is
only useful for a very specific subset of data representations. The
identity management problem is outlined in chapter five, and protocols
for managing new systems are reviewed, but the issue of integrating
these protocols with existing systems is not. "Security management in
the Cloud," as examined in chapter six, is a melange of general
security management and operations management, with responsibility
flipping back and forth between the customer and the provider.
Chapter seven provides a very good overview of privacy, but with
almost no relation to the cloud as such. Audit and compliance
standards are described in chapter eight: only one is directed at the
cloud. Various cloud service providers (CSP) are listed in chapter
nine. The terse description of security-as-a-service (confusingly
also listed as Saas), in chapter ten, is almost entirely restricted to
spam and Web filtering. The impact of the use of cloud technology is
dealt with in chapter eleven. It lists the pros and cons, but again,
some of the points are presented without noting that they are mutually
exclusive. Chapter twelve finishes off the book with a precis of the
foregoing chapters.

The authors do raise a wide variety of the security problems and
concerns related to cloud computing. However, since these are the
same issues that need to be examined in any information security
scenario it is hard to say that any cloud-specific topics are
addressed. Stripped of excessive verbiage, the advice seems to reduce
to a) know what you want, b) don't make assumptions about what the
provider provides, and c) audit the provider.

copyright Robert M. Slade, 2009 BKCLSEPR.RVW 20091113

--
======================
(E-Mail Removed) (E-Mail Removed) (E-Mail Removed)
"Dictionary of Information Security," Syngress 1597491152
http://blogs.securiteam.com/index.ph...ves/author/p1/
http://blog.isc2.org/isc2_blog/slade/index.html
http://twitter.com/rslade http://twitter.com/NoticeBored
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to (E-Mail Removed)
or (E-Mail Removed)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LinkedData Planet: Sir Tim Berners-Lee and distinguished faculty taking us from linked documents to web of linked data Ken North XML 0 04-02-2008 08:30 AM
Toolman Tim and Everyone thank you Wereo_SUPREMACY Computer Support 12 06-03-2006 04:39 AM
Interview with Ctrl-Alt-Del Writer Tim Buckley @ ThinkComputers.org Silverstrand Front Page News 0 03-20-2006 02:49 AM
Re: "Off the Rails" by Tim Cope and Chris Hatherly NYC XYZ DVD Video 30 03-07-2006 02:26 AM
REVIEW: "Internet Security", Tim Speed/Juanita Ellis Rob Slade, doting grandpa of Ryan and Trevor Computer Security 0 08-26-2004 04:44 PM



Advertisments