PREFACE

Cloud computing represented a major change to the IT services landscape. For the first time, enterprise grade computing power was made available to all without the need to invest in the associated hosting environments, operations staff or complicated procurement activities. Unfortunately, this flexibility did not come without compromise or risk.

Security remains one of the major concerns of chief information officers (CIOs) considering a move to Cloud-based services. The aim of this book is to provide pragmatic guidance on how organisations can achieve a consistent and cohesive security posture across their IT services – regardless of whether those services are hosted on-premises, on Cloud services or using a combination of both.

This book provides an overview of security architecture processes and how these may be used to derive an appropriate set of security controls to manage the risks associated with working 'in the Cloud'. This guidance is provided through the application of a Security Reference Model to the different Cloud delivery models of Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). It also considers the required changes in approach to work securely with the newer Function as a Service (FaaS) model.

Please note that this book is not a hands-on technical reference manual; those looking for code snippets or detailed designs should look elsewhere.