Cloud Computing Assessing the Risks

Jared Carstensen is an internationally recognised and renowned information security specialist working for Deloitte & Touche. He is a certified industry professional by the International Information Systems Security Consortium (ISC)2, Information Systems Audit and Control Association (ISACA), British Standards Institute (BSI), Cloud Security Alliance (CSA), City & Guilds, and the NCC (UK). Jared has contributed and led projects for numerous Fortune 500 companies, government and state bodies, financial institutions, large multinationals, intelligence and law enforcements bodies, and blue-chip firms around the world. These include projects in Ireland, the United Kingdom, the United Arab Emirates, Nigeria, South Africa and the United States. Jared has also led a number of highly complex flagship projects in West Africa, South Africa and the United States. He regularly contributes as a member of the following organisations - International Information Systems Security Consortium (ISC)2, Information Systems Audit and Control Association (ISACA), the British Standards Institute (BSI), and Standards.org. Jared has been a featured speaker at numerous international events on security and best-practice related topics, and was selected as a member of the IT Governance Expert Panel (10+ Domains) and an advisory panel member for Standards.org. || JP Morgenthal is one of the world's foremost experts in IT strategy and Cloud Computing. He has been applying technology solutions to complex business problems for more than 25 years. He is a respected author and is the Lead Cloud Computing Editor for InfoQ. JP is also President of the Cloud Security Alliance Washington DC, USA Chapter. || Bernard Golden is the CEO of HyperStratus, a Silicon Valley Cloud Computing consultancy which works with clients throughout the world. Bernard is the Cloud Computing Advisor for CIO Magazine and an award-winning blogger. He has been described as a Top 100 'Most Powerful Voice' in security. He is a well-known writer and speaker on Cloud Computing.

Do you trust the Cloud? Should you trust the Cloud?'Cloud Computing' are the words on everyone's lips - it's the latest technology, the way forward. But how safe is the Cloud? Is it reliable? How secure will your information be?Cloud Computing: Assessing the risks looks at these challenges from a real-world perspective, with industry experts sharing experiences and answers to these 'unknowns'. This book provides an up-to-date, clear, concise and comprehensive guide to Cloud Computing, giving invaluable insights to the various risks and challenges associated with the Cloud.Written by three internationally renowned experts, this book will ensure that your expectations of Cloud are both realistic and practical, while showing you how to manage the risks and challenges effectively. You will learn how to seize the many business opportunities and potential benefits Cloud Computing offers, minimising disruption and unforeseen challenges by successfully managing the associated risks and threats. You will also discover how Cloud can benefit your security, governance, risk, and compliance practices, as well as its potential benefits for business continuity and disaster recovery.The legal implications of international data protection and privacy laws are a vital aspect of Cloud Computing. This book will teach you how to protect your most critical business assets and secure a long and successful path to Cloud Computing.Jared Carstensen is an internationally renowned information technology and information security specialist. Jared has led numerous flagship projects around the world, and has been a featured guest speaker on information security and best practice on events from the USA to South Africa.Bernard Golden is the CEO of a Cloud Computing consultancy. He is the Cloud Computing Advisor for CIO Magazine, an award-winning blogger, and a well-known writer and speaker on Cloud Computing.JP Morgenthal is one of the world's foremost experts in IT strategy and Cloud Computing. He is a respected author and is the Lead Cloud Computing Editor for InfoQ.

Chapter 1: Cloud Computing Explained The potential of Cloud Computing Cloud Computing defined Key characteristics of Cloud Computing Characteristic One: On-demand self-service Characteristic Two: Broad network access Characteristic Three: Resource pooling Characteristic Four: Rapid elasticity Characteristic Five: Measured service Summary of Cloud Computing characteristics Cloud Computing definition summary What The New York Times tells us about Cloud Computing Chapter 2: How Cloud Computing Changes Security, Governance, Risk and Compliance Relationship between security, compliance and risk Governance, compliance and risk in a Cloud environment Security in a Cloud Computing environment Conclusion Chapter 3: Governance of Cloud Computing Which governance framework is right for Cloud? Role of the service catalogue Dude, where's my server? (The need for policy management) Conclusion Chapter 4: Cloud Computing Top Security Risks Security - the shift from static to dynamic Breakdown of security assumptions Conclusion Chapter 5: Assessing Security in the Cloud Assessing Cloud security Peeking below the trust boundary The challenge of evaluation Role of certification Certifications and audits Mapping the CAI and CCM to the security stack Conclusion Chapter 6: Cloud Computing Application Security Identity management and role-based access controls Network security Data security Instance security Application architecture and deployment topology Code update and patch management Conclusion Chapter 7: Organisational Risks Associated with Cloud Computing Organisational risks of Cloud Computing Cloud Computing does and doesn't change everything Impact of Cloud Computing on executive decision-making roles Impact of Cloud Computing on traditional IT roles Instituting DevOps Developing for a multi-tenant universe The runaway train: Cloud sprawl Delivering IT-as-a-Service Chapter 8: Business Continuity and Disaster Recovery in Cloud Computing Business continuity overview Disaster recovery overview Differences between Cloud vs. traditional BC and DR SaaS business continuity challenges PaaS business continuity challenges IaaS business continuity challenges Possible benefits Possible issues and challenges Important considerations What to ask your Cloud provider Cloud-based BC and DR offerings Restructuring plans and procedures Testing and walkthrough of updated plans Recent business continuity/disaster recovery case study Chapter 9: Investigations and Forensics in the Cloud Forensics overview Forensics: what has changed? Who conducts these investigations? Forensic procedures and requirements Forensic investigations vs. analysis Traditional forensics vs. Cloud forensics Data in transit Encryption and investigations Custom Cloud APIs Cloud solution forensic tools In summary Chapter 10: Cloud Computing Borders - National and International Deployment Data location Legislation and regulatory (including privacy) Data protection and data privacy Data retention EU Data Protection/Privacy Recent reporting trends European Privacy Directive 2002/58/EC Current EU data protection and privacy challenges Where to next for EU data protection? United States data protection and privacy International privacy at a glance (USA/EU/APEC) Guidelines for success In summary Chapter 11: Evaluating Compliance in the Cloud Compliance overview Need for compliance functions Compliance vs. internal audit Value of compliance done correctly Cloud first - compliance second? What changes for compliance functions? Who is responsible for what? Compliance strategy and framework The domino effect Governance Regulatory challenges Cost of compliance (or non-compliance!) Cloud Computing standards and compliance Recent trends and surveys Segregation of duties SOD in Cloud environments Where to start? Chapter 12: Where Cloud Computing is Heading ITG Resources