Authors : Kissell Joe - Kumaraswamy Subra - Latif Shahed
Title : Cloud security and privacy An enterprise perspective on risks and compliance
Year : 2009
Link download : Mather_Tim_-_Cloud_security_and_privacy.zip
Preface. In February 2008, I ran into Subra Kumaraswamy, of Sun Microsystems, at the quarterly meeting of the Electronic Crimes Task Force put on by the San Francisco office of the U.S. Secret Service. Subra and I have attended a number of these meetings, and we knew each other from similar, previous professional events. Both of us are information security practitioners, and that is a small world in Silicon Valley, where we both have lived and worked for many years. Subra asked what I was up to, and I told him I was considering writing a book on cloud computing and security. Even in February 2008, the hype about cloud computing was very evident in Silicon Valley. Similarly, lots of concerns were being voiced about the apparent lack of (information) security provided in cloud computing. As Subra and I discussed, though, at that time no substantive or articulate information was available on this topic—hence my musings about writing a book on the subject. Subra told me that he too was spending time researching cloud computing and had failed to find any substantive or articulate information on the topic. I asked Subra whether he was interested in helping me write such a book, and he responded yes. (Having been through the anguish of writing a book previously, I was looking for some very competent help, and Subra certainly fits that description.) So began our book odyssey. Originally, our effort was intended to be one chapter in another O’Reilly book on cloud computing. However, after we went substantially over the O’Reilly guideline on length for not just one but two chapters, we pitched the idea of an entire book on cloud security and privacy. O’Reilly accepted our proposal, and what we thought was going to be a 20-page effort became a 200-page effort. That was no small increase in the amount of work we needed to complete—and quickly, if ours was to be one of the first such books to market. In late 2008, Subra and I started giving a series of presentations to different technically savvy audiences in Silicon Valley outlining our findings on cloud computing and security. We were excited about the reaction we got from these audiences. No one felt we were off the mark technically, and the audiences were hungry for more information and more detail. After one such meeting, a KPMG employee said he wanted to talk with us further about cloud computing and auditing. Still in need of good material for the book, Subra and I readily agreed to a meeting. Well, the meeting wasn’t quite what we were expecting. We were hoping to get some information from KPMG about concerns and trends around auditing of cloud-based services. Instead, one of the partners, Shahed Latif, asked whether he could join our book effort. Subra and I talked it over and agreed to let him join. We needed good audit information, and Shahed certainly brings credibility to the subject. (In addition to his other extensive audit experience, Shahed is the KPMG partner for providing a number of services for a major cloud service provider that Subra and I were already aware of, given that we had some fairly extensive discussions with senior information security personnel for that same cloud service provider. Additionally, I knew Shahed professionally. I have been on the pointed end of the KPMG audit spear three times in my career: at Apple, VeriSign, and Symantec. In fact, while I was chief information security officer at Symantec, Shahed was the KPMG IT audit partner. So, Shahed was a known entity to us. ...
Demolins Edmond - L'éducation nouvelle
Auteur : Demolins Edmond Ouvrage : L'éducation nouvelle Année : 1898 Lien de téléchargement :...