| |
| |
Preface | |
| |
| |
| |
Introduction | |
| |
| |
�Mind the Gap� | |
| |
| |
The Evolution of Cloud Computing | |
| |
| |
Summary | |
| |
| |
| |
What Is Cloud Computing? | |
| |
| |
Cloud Computing Defined | |
| |
| |
The SPI Framework for Cloud Computing | |
| |
| |
The Traditional Software Model | |
| |
| |
The Cloud Services Delivery Model | |
| |
| |
Cloud Deployment Models | |
| |
| |
Key Drivers to Adopting the Cloud | |
| |
| |
The Impact of Cloud Computing on Users | |
| |
| |
Governance in the Cloud | |
| |
| |
Barriers to Cloud Computing Adoption in the Enterprise | |
| |
| |
Summary | |
| |
| |
| |
Infrastructure Security | |
| |
| |
Infrastructure Security: The Network Level | |
| |
| |
Infrastructure Security: The Host Level | |
| |
| |
Infrastructure Security: The Application Level | |
| |
| |
Summary | |
| |
| |
| |
Data Security and Storage | |
| |
| |
Aspects of Data Security | |
| |
| |
Data Security Mitigation | |
| |
| |
Provider Data and Its Security | |
| |
| |
Summary | |
| |
| |
| |
Identity and Access Management | |
| |
| |
Trust Boundaries and IAM | |
| |
| |
Why IAM? | |
| |
| |
IAM Challenges | |
| |
| |
IAM Definitions | |
| |
| |
IAM Architecture and Practice | |
| |
| |
Getting Ready for the Cloud | |
| |
| |
Relevant IAM Standards and Protocols for Cloud Services | |
| |
| |
IAM Practices in the Cloud | |
| |
| |
Cloud Authorization Management | |
| |
| |
Cloud Service Provider IAM Practice | |
| |
| |
Guidance | |
| |
| |
Summary | |
| |
| |
| |
Security Management In The Cloud | |
| |
| |
Security Management Standards | |
| |
| |
Security Management in the Cloud | |
| |
| |
Availability Management | |
| |
| |
SaaS Availability Management | |
| |
| |
PaaS Availability Management | |
| |
| |
IaaS Availability Management | |
| |
| |
Access Control | |
| |
| |
Security Vulnerability, Patch, and Configuration Management | |
| |
| |
Summary | |
| |
| |
| |
Privacy | |
| |
| |
What is Privacy? | |
| |
| |
What Is the Data Life Cycle? | |
| |
| |
What Are the Key Privacy Concerns in the Cloud? | |
| |
| |
Who Is Responsible for Protecting Privacy? | |
| |
| |
Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing | |
| |
| |
Legal and Regulatory Implications | |
| |
| |
U.S. Laws and Regulations | |
| |
| |
International Laws and Regulations | |
| |
| |
Summary | |
| |
| |
| |
Audit and Compliance | |
| |
| |
Internal Policy Compliance | |
| |
| |
Governance, Risk, and Compliance (GRC) | |
| |
| |
Illustrative Control Objectives for Cloud Computing | |
| |
| |
Incremental CSP-Specific Control Objectives | |
| |
| |
Additional Key Management Control Objectives | |
| |
| |
Control Considerations for CSP Users | |
| |
| |
Regulatory/External Compliance | |
| |
| |
Other Requirements | |
| |
| |
Cloud Security Alliance | |
| |
| |
Auditing the Cloud for Compliance | |
| |
| |
Summary | |
| |
| |
| |
Examples Of Cloud Service Providers | |
| |
| |
Amazon Web Services (laaS) | |
| |
| |
Google (SaaS, PaaS) | |
| |
| |
Microsoft Azure Services Platform (PaaS) | |
| |
| |
Proofpoint (SaaS, laaS) | |
| |
| |
RighiScale (laaS) | |
| |
| |
Salesforce.com (SaaS, PaaS) | |
| |
| |
Sun Open Cloud Platform | |
| |
| |
Workday (SaaS) | |
| |
| |
Summary | |
| |
| |
| |
Security-As-A-[Cloud] Service | |
| |
| |
Origins | |
| |
| |
Today's Offerings | |
| |
| |
Summary | |
| |
| |
| |
The Impact of Cloud Computing on The Role of Corporate It | |
| |
| |
Why Cloud Computing Wilt Be Popular with Business Units | |
| |
| |
Potential Threats of Using CSPs | |
| |
| |
A Case Study Illustrating Potential Changes in the IT Profession Caused by Cloud Computing | |
| |
| |
Governance Factors to Consider When Using Cloud Computing | |
| |
| |
Summary | |
| |
| |
| |
Conclusion and The Future of The Cloud | |
| |
| |
Analyst Predictions | |
| |
| |
Survey Says? | |
| |
| |
Security in Cloud Computing | |
| |
| |
Program Guidance for CSP Customers | |
| |
| |
The Future of Security in Cloud Computing | |
| |
| |
Summary | |
| |
| |
| |
Sas 70 Report Content Example | |
| |
| |
| |
Systrust Report Content Example | |
| |
| |
| |
Open Security Architecture for Cloud Computing | |
| |
| |
Glossary | |
| |
| |
Index | |