Securing the cloud

Vic Winkler

Published by

Syngress

ISBN

9781597495929

RRP

£36.99

Reviewed by

Mehmet Hurer MBCS CITP CEng

Score

8 out of 10

The author states this book will be a practical resource for anyone who is considering using, building or securing a cloud implementation, including infrastructure engineers, integrators, security architects, right up to execute-level management.

The challenge with such a broad audience is pitching the text at the right level; I suspect some security professionals and executives may find the book far too detailed and struggle to gain an overview, whilst security architects and engineers may find a lack of depth of coverage or suitable practical examples.

The second challenge the author faces is the fact that the definition of a ‘cloud’ is evolving fast, with new types of services being introduced very rapidly. Despite this the author does cover the key concepts, theory and security concerns relating to the cloud.

In the first part of the book the author provides an overview of cloud computing architecture before introducing related security, legal and regulatory aspects.

The second part of the book covers the securing of the cloud from three angles: architecture, data and key strategies / best practices. Security architects and designers would find these sections most useful, although there is a lack of detailed practical examples. 

In the next part of the book the author covers elements to take into consideration when building an internal cloud, as well as criteria to be used in selecting an external cloud provider. I found the criteria presented in the latter to be extremely useful, including a table covering the key risk factors to be considered. Also extremely useful is the checklist to evaluate cloud security, which, at over ten pages in length, appeared to be sufficiently complete.

In the final chapter the author covers the operational aspects of managing a secure cloud.

Overall a fairly technical but effective book, although perhaps a little too in-depth for execute-level management.

Further information: Syngress

February 2012