This handbook offers a comprehensive overview of cloud computing security technology and implementation, while exploring practical solutions to a wide range of cloud computing security issues. With more organizations using cloud computing and cloud providers for data operations, proper security in these and other potentially vulnerable areas have become a priority for organizations of all sizes across the globe. Research efforts from both academia and industry in all security aspects related to cloud computing are gathered within one reference guide.
Table of Contents
Introduction. Cloud Computing Essentials. Cloud Security Baselines. Software as a Service (SaaS). Infrastructure as a Service (Iaas). Platform as a Service (Paas). Desktop as a Service (DaaS). Software And Data Segregation Security. Risk Analysis and Division of Responsibility. Managing Risks in the Cloud. Dividing Operational Responsibility and Visibility. Retaining Information Security Accountability. Managing User Authentication and Authorization. Negotiating Security Requirements with Vendors. Identifying Needed Security Measures. Establishing a Service Level Agreement (SLA). Ensuring SLAs Meet Security Requirements. Securing the Cloud Infrastructure. Securing the Platform. Restricting Network Access through Security Groups. Configuring Platform-Specific User Access Control. Integrating Cloud Authentication/Authorization Systems. Compartmentalizing Access To Protect Data Confidentiality and Availability. Securing Data in Motion and Data at Rest. Identifying Your Security Perimeter. Cloud Access Control and Key Management. Cloud Computing Architecture and Security Concepts. Secure Cloud Architecture. Designing Resilient Cloud Architectures. Operating System and Network Security. Locking Down Cloud Servers. Scanning for and Patching Vulnerabilities. Controlling and Verifying Configuration Management. Leveraging Provider-Specific Security Options. Defining Security Groups To Control Access. Filtering Traffic by Port Number. Benefiting from the Provider's Built-In Security. Protecting Archived Data. Meeting Compliance Requirements. Managing Cloud Governance. Retaining Responsibility for the Accuracy of the Data. Verifying Integrity in Stored and Transmitted Data. Demonstrating Due Care and Due Diligence. Integrity Assurance for Data Outsourcing. Secure Computation Outsourcing. Integrity and Verifiable Computation. Independent Verification and Validation. Computation Over Encrypted Data. Trusted Computing Technology. Assuring Compliance with Government Certification and Accreditation Regulations. HIPAA. Sarbanes-Oxley. Data Protection Act. PCI DSS. Following Standards for Auditing Information Systems. Negotiating Third-Party Provider Audits. Preparing for Disaster Recovery. Implementing a Plan to Sustain Availability. Distributing Data Across the Cloud to Ensure Availability and Performance. Addressing Data Portability and Interoperability for a Change in Cloud Providers. Exploiting the Cloud for Disaster Recovery Options. Achieving Cost-Effective Recovery Time Objectives. Employing a Strategy of Redundancy to Better Resist DoS. Secure Data Management Within and Across Data Centers. Availability, Recovery and Auditing. Advanced Cloud Computing Security. Advanced Failure Detection and Prediction. Advanced Secure Mobile Cloud. Future Directions in Cloud Computing Security—Risks and Challenges. Cloud Computing with Advanced Security Services. Advanced Security Architectures for Cloud Computing. Appendices.
John Vacca is an information technology consultant, professional writer, editor, reviewer and internationally-known, best-selling author based in Pomeroy, Ohio. Since 1982, he has authored 76 books and more than 600 articles in the areas of advanced storage, computer security, and aerospace technology. He is also a former configuration management specialist, computer specialist, and computer security official (CSO) for NASA’s space station program, Freedom, and the International Space Station Program from 1988 until his retirement from NASA in 1995. In addition, he is also an independent online book reviewer. Finally, he was one of the security consultants for the MGM movie titled "AntiTrust," which was released in January 2001. A detailed copy of the author’s bio can be viewed at http://www.johnvacca.com; email [email protected]