The vision for the book started as a discussion about the perennial multidisciplined, cross-border issues constantly faced by cloud security providers and cloud users.
When we started the process of inviting experts and calling for chapters, cloud computing was starting to become more of a utility than a novelty or a buzzword. The industry has since matured and cloud services are now a critical part of businesses—from start-ups to multinational corporations.
However, one thing remained unchanged—the concerns about the security, trust, and privacy of using cloud services. Varying levels of understanding and expectations of the cloud’s security by different countries and institutions further complicate the widespread adoption of cloud services.
This book attempts to be a slight nudge toward improving the current understanding (and clarifying the confusion), and aims to report on the state-of-the-art advances and notable efforts around the world. One shining example is the Cloud Security Alliance’s Cloud Controls Matrix (CCM) project—a simple but elegant alignment of government regulations from different countries against common cloud control requirements.
Our vision was to encompass as much wisdom and experience as possible, in a burgeoning field like cloud security. With the field being less than a decade old, it is challenging, if not impossible, for a single person to have multidisciplinary domain knowledge in the fast-paced cloud computing industry. This is why we chose the edited book path. Editing this book was a privileged experience for us, as we benefited from the various discussions and contributions from experts in different disciplines and countries.
As expected of information security professionals, we have ordered the chapters in a Plan-Do-Check-Act (cf. Deming) manner:
• Plan: Threats, Risk, and Requirements Landscape
• Do: Cloud Security Approaches and Challenges
• Check: Forensics and Incident Response
• Act: Governance and Auditing
Sequentially, Chapters 2–4 form the “Plan” portion of the book. Having learned about the “Plan” components, we move to the “Do” chapters in Chapters 5–13. After that we “Check” with Chapters 14–19. Finally, we “Act” and improve the security posture and manage risks with Chapters 20–22.
It is our sincere hope that you will gain valuable insights from this book. If you have comments or suggestions, we are happy to hear and learn from you.
February 18, 2015
3.135.213.212