Cloud Security and Privacy

jwyin_cn

C O N T E N T S
PREFACE xi
1 INTRODUCTION 1
“Mind the Gap” 1
The Evolution of Cloud Computing 2
Summary 5
2 WHAT IS CLOUD COMPUTING? 7
Cloud Computing Defined 7
The SPI Framework for Cloud Computing 11
The Traditional Software Model 17
The Cloud Services Delivery Model 17
Cloud Deployment Models 22
Key Drivers to Adopting the Cloud 26
The Impact of Cloud Computing on Users 27
Governance in the Cloud 30
Barriers to Cloud Computing Adoption in the Enterprise 30
Summary 34
3 INFRASTRUCTURE SECURITY 35
Infrastructure Security: The Network Level 36
Infrastructure Security: The Host Level 44
Infrastructure Security: The Application Level 49
Summary 59
4 DATA SECURITY AND STORAGE 61
Aspects of Data Security 61
Data Security Mitigation 65
Provider Data and Its Security 66
Summary 71
5 IDENTITY AND ACCESS MANAGEMENT 73
Trust Boundaries and IAM 73
Why IAM? 74
IAM Challenges 76
IAM Definitions 76
IAM Architecture and Practice 77
Getting Ready for the Cloud 80
Relevant IAM Standards and Protocols for Cloud Services 82
IAM Practices in the Cloud 92
Cloud Authorization Management 98
Cloud Service Provider IAM Practice 99
Guidance 104
Summary 107
6 SECURITY MANAGEMENT IN THE CLOUD 109
Security Management Standards 112
Security Management in the Cloud 113
Availability Management 115
SaaS Availability Management 117
PaaS Availability Management 120
IaaS Availability Management 122
Access Control 124
Security Vulnerability, Patch, and Configuration Management 130
Summary 141
7 PRIVACY 145
What Is Privacy? 146
What Is the Data Life Cycle? 146
What Are the Key Privacy Concerns in the Cloud? 149
Who Is Responsible for Protecting Privacy? 150
Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing 151
Legal and Regulatory Implications 155
U.S. Laws and Regulations 155
International Laws and Regulations 162
Summary 164
8 AUDIT AND COMPLIANCE 167
Internal Policy Compliance 168
Governance, Risk, and Compliance (GRC) 170
Illustrative Control Objectives for Cloud Computing 174
Incremental CSP-Specific Control Objectives 179
Additional Key Management Control Objectives 180
Control Considerations for CSP Users 181
Regulatory/External Compliance 182
Other Requirements 192
Cloud Security Alliance 192
Auditing the Cloud for Compliance 194
Summary 202
9 EXAMPLES OF CLOUD SERVICE PROVIDERS 203
Amazon Web Services (IaaS) 203
Google (SaaS, PaaS) 205
Microsoft Azure Services Platform (PaaS) 206
Proofpoint (SaaS, IaaS) 207
RightScale (IaaS) 208
Salesforce.com (SaaS, PaaS) 210
Sun Open Cloud Platform 211
Workday (SaaS) 213
Summary 213
10 SECURITY-AS-A-[CLOUD] SERVICE 217
Origins 218
Today’s Offerings 220
Summary 223
11 THE IMPACT OF CLOUD COMPUTING ON THE ROLE OF CORPORATE IT 225
Why Cloud Computing Will Be Popular with Business Units 226
Potential Threats of Using CSPs 228
A Case Study Illustrating Potential Changes in the IT Profession Caused by Cloud Computing 230
Governance Factors to Consider When Using Cloud Computing 235
Summary 236
12 CONCLUSION, AND THE FUTURE OF THE CLOUD 239
Analyst Predictions 240
Survey Says? 242
Security in Cloud Computing 245
Program Guidance for CSP Customers 257
The Future of Security in Cloud Computing 260
Summary 265
A SAS 70 REPORT CONTENT EXAMPLE 267
B SYSTRUST REPORT CONTENT EXAMPLE 273
C OPEN SECURITY ARCHITECTURE FOR CLOUD COMPUTING 279
GLOSSARY 293
INDEX 299

admin

谢谢您的分享,金币已奖励!