By Vic (J.R.) Winkler; Reviewed by David O. Best, CPP, ISP, CBM
This book is much too detailed for the layman security professional or executive-level manager and is better suited to cloud infrastructure engineers.
***** Securing the Cloud. By Vic (J.R.) Winkler. Elsevier Inc., www.elsevier.com; 314 pages; $59.95.
Author Vic (J.R.) Winkler begins the text by suggesting that this book will be a practical resource for anyone who is considering using, building, or securing a cloud implementation. In fact, this book is much too detailed for the layman security professional or executive-level manager and is better suited to cloud infrastructure engineers, services engineers, and integrators.
In presenting the key strategies and best practices associated with security in the cloud, the author addresses an overall strategy of managing security risks through multiple activities that extend over time through the use of security controls. The author stresses the importance of having a strong security policy to support the cloud model. He also highlights the importance of areas such as configuration management, change control, auditing, vulnerability scanning, and security monitoring and analysis.
The final portion of the text takes the reader through the criteria involved in building and deploying an internal cloud, and the risk to be considered in selecting a public (external) cloud. The author completes the examination of cloud security by suggesting an information security framework consisting of checklists to guide readers in developing their cloud security structure.
Overall, this book is effective in delivering its message. However, it is very technical in nature; readers should be aware that it is more than a basic level text for understanding the requirements to be considered in securing cloud computing networks.
Reviewer: David O. Best, CPP, ISP (Industrial Security Professional), CBM (Certified Business Manager), is a senior program analyst with the federal government in Washington, D.C. He is a member of ASIS International.