Cloud Security and Privacy: An Enterprise Perspective on... and over one million other books are available for Amazon Kindle. Learn more

Sorry, this item is not available in
Image not available for
Image not available

To view this video download Flash Player


Sign in to turn on 1-Click ordering
Sell Us Your Item
For a $5.58 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Start reading Cloud Security and Privacy on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) [Paperback]

by Tim Mather, Subra Kumaraswamy, Shahed Latif
4.5 out of 5 stars  See all reviews (15 customer reviews)

Buy New
$29.04 & FREE Shipping on orders over $35. Details
In Stock.
Ships from and sold by Gift-wrap available.
In Stock.
Rented by RentU and Fulfilled by Amazon.
Want it tomorrow, April 25? Choose One-Day Shipping at checkout. Details
Free Two-Day Shipping for College Students with Amazon Student


Amazon Price New from Used from
Kindle Edition $15.49  
Paperback $29.04  
Sell Us Your Books
Get up to 80% back when you sell us your books, even if you didn't buy them at Amazon. Learn more

Book Description

October 5, 2009 0596802765 978-0596802769 1

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.

Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking.

  • Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
  • Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
  • Discover which security management frameworks and standards are relevant for the cloud
  • Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
  • Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
  • Examine security delivered as a service-a different facet of cloud security

Frequently Bought Together

Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) + The Lure: The True Story of How the Department of Justice Brought Down Two of The World's Most Dangerous Cyber Criminals + CISSP Guide to Security Essentials
Price for all three: $125.06

Buy the selected items together

Editorial Reviews

Book Description

Enterprise Practices for Risk Management and Compliance

About the Author

Tim Mather is an experienced security professional who is currently pursing a graduate degree in information assurance full-time. He is a frequent speaker and commentator on informa-tion security issues, and serves as an Advisor to several security-related start-ups.

Most recently, he was the Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec's Office of the Chief Technology Officer, responsible for coordinating the company's long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as Chief Information Security Officer (CISO). As CISO, Tim was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities. He also worked closely with internal products groups on security capabilities in Symantec products.

Prior to joining Symantec in September 1999, Tim was the Manager of Security at VeriSign. Additionally, he was formerly Manager of Information Systems Security at Apple Computer. Tim's experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C3I) project, which involved both civilian and military departments and agencies.

Tim is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM). He holds Masters Degrees in National Security Studies from Georgetown University, and International Policy Studies from Monterey Institute of International Studies. Tim holds a Bachelor's Degree in Political Economics from the University of California at Berkeley.

Subra Kumaraswamy has more than 18 years of engineering and management experience in information security, Internet, and e-commerce technologies. He is currently leading an Identity & Access Management program within Sun Microsystems. Subra has held leadership positions at various Internet-based companies, including Netscape, WhoWhere, Lycos, and Knowledge Networks. He was the cofounder of two Internet-based startups, CoolSync and Zingdata. He also worked at Accenture and the University of Notre Dame in security consulting and software engineering roles. In his spare time, Subra researches emerging technologies such as cloud computing to understand the security and privacy implications for users and enterprises. Subra is one of the authors of Cloud Security and Privacy, which addresses issues that affect any organization preparing to use cloud computing as an option. He's a founding member of the Cloud Security Alliance as well as cochair of the Identity & Access Management and Encryption & Key Management workgroups. Subra has a master's degree in computer engineering and is CISSP certified.

Shahed Latif is a partner in KPMG's Advisory practice having extensive IT and business skills. He has over 21 years of experience working with the global fortune 1000 companies focusing on providing business and technology solutions across a variety of areas. Shahed has spent 10 years in the London office working in the financial sector consulting group, Information Risk management group and the assurance practice. He has worked on large global companies giving him the opportunity to have worked in Africa, Asia, and Europe.

Product Details

  • Series: Theory in Practice
  • Paperback: 338 pages
  • Publisher: O'Reilly Media; 1 edition (October 5, 2009)
  • Language: English
  • ISBN-10: 0596802765
  • ISBN-13: 978-0596802769
  • Product Dimensions: 7 x 9.1 x 0.8 inches
  • Shipping Weight: 1.1 pounds (View shipping rates and policies)
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (15 customer reviews)
  • Amazon Best Sellers Rank: #151,326 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews
42 of 52 people found the following review helpful
By Walt C.
Format:Paperback|Verified Purchase
I want to be fair here. I bought this book not to read hype on what looks like an emerging technology, albeit massively overhyped but, rather, to read about legal and business issues that might moderate its acceptance. To be fair, I will return to give my appraisal after I have finished but I was forced to share this so as to, perhaps, give pause to others interested in buying this book. I've seen webinars that refer to cloud computing as 2-10 technology, massively hyped for 2 years and will take the next 10 for the industry to sort out where it fits (and maybe more importantly where it does not.

The first two glaring take-aways I've seen in this book is 1) the mashing of social web to cloud computing, vis-a-vis considering MySpace, FaceBook, and other social web sites as examples of cloud computing, they are not; 2) the notion that end users will be writing their own programs in the clouds vs. the, since the dawn of software development, programmer (or more recently developers) writing the programs, tech writers writing the documentation, marketeers hyping the program and end users buying or using, with embedded ads, the software. Both of these are orthogonal to 'cloud computing'. While it may be someday, in a "Battlestar Gallactica" age end users may speak to their computer in whatever language they speak and tell it what they'd like it to do. For now it takes specialized training and while the computer languages used are different syntactically from those used in the '60s and '70s, fundamentally they are not different at all. Of course someday maybe everyone will be flying their cars to work and to play.
Read more ›
Was this review helpful to you?
10 of 12 people found the following review helpful
4.0 out of 5 stars Very comprehensive, but a bit dry February 19, 2010
It goes without saying that I was very excited to pick up the first book on cloud security and privacy. Due to my Cloud Security Alliance (CSA) involvement, I was extremely interested in Tim's take on the subject. The book is indeed a comprehensive treatise on everything cloud, and everything cloud security. The author team covers the topics based on IaaS/PaaS/SaaS (SPI) for infrastructure, platform, and software as a service model. They address stored data confidentiality, cloud provider operations, identity and access management in the cloud, availability management as well as privacy. My favorite chapter was of course the one on audit and compliance - chapter 8. Another fun chapter was chapter 12 on conclusions and the future of the cloud (which is, BTW, all but assured...).

One of the most important things I picked from the book was a very structured view on separation of security responsibilities between the cloud provider and the customer for all of the SPI scenarios. This alone probably justifies getting your own copy.

As far as technical contents, the book stays fairly high-level even though it touches on the details of SAML and other authentication protocols.

The only downside of the book is its extremely dry writing style. There are only a few examples and case studies. Following "just the facts" model sometimes might lead the reader towards losing interest, no matter how important the subject is - and this subject is pretty darn important. To put this in the context, I do read security books for fun, not only for work.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
5.0 out of 5 stars Necessary read. April 2, 2013
Format:Paperback|Verified Purchase
Users and Managers need to understand the cloud. The cloud is powerful and should be used. But get your heads out of the cloud regarding privacy.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
3.0 out of 5 stars Nebulous as a cloud November 23, 2012
By Curious
Format:Paperback|Verified Purchase
The work is okay, but it left me a bit underwhelmed. Metaphorically, it is like a tiny portion of a meal at an expensive dinner. I found that I was still hungry for more information after finishing the reading.
Comment | 
Was this review helpful to you?
7 of 10 people found the following review helpful
5.0 out of 5 stars THE BLIND MEN AND THE ELEPHANT November 10, 2009
My title is no accident, I heard Marry Ann Davidson CSO of Oracle, use it in an RSA conference referring to cloud computing she also spoke about it in ISF Canada 2009. Where the whole subject has been elevated to theological warfare.

To sort the whole subject out and become familiar with the evolution of cloud computing I searched for a book on the subject and found many. To be fair to the rest of the books out there, I only read one of them, yes you guessed it, Cloud Security and Privacy. Being a security person myself the title had the 2 operative words I needed to see Security and Privacy (and yes, I am shallow).

Oh! yes about the book, this is by far the best book I have read for a long time, what impressed me is the way it is written, there are questions in nearly every chapter, as you read the question you realize that you were thinking that exact question, or you would have if you knew what to think. For example "what is cloud computing?" Ok I know that's given but stay with me; now here are some of the rest of the questions, "What Is Privacy?" I think that is one hell of a question and the answers given by the author are not ground breaking, however "What Is the Data Life Cycle?" "What Are the Key Privacy Concerns in the Cloud? ", "Who Is Responsible for Protecting Privacy?" put all these questions and more together and properly answer them all, you end up with a near masterpiece.

By the end of Chapter 3 you are not only familiar with cloud computing but you are now able to speak IAAS, PAAS, SAAS and actually understand the infrastructure security as it relates to IAAS.

I specially liked Chapter 6.
Read more ›
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
5.0 out of 5 stars Excellent and Comprehensive
This is an excellent explanation of security issues touching cloud computing. It tries to help security professionals understand why cloud computing is experiencing such rampant... Read more
Published on October 25, 2010 by Ernest Mueller
3.0 out of 5 stars Good attempt. Lack of objectivity.
One of the authors focuses heavily on Sun. While I appreciate Sun technology, it is not at the forefront of this topic. Read more
Published on September 17, 2010 by Jovita Nsoh
5.0 out of 5 stars A great coverage on Cloud security
For organizations that are planning going to the cloud, security is usually a top concern. This book has a comprehensive coverage on security--infrastructure security, data and... Read more
Published on July 23, 2010 by Andy Zhang
4.0 out of 5 stars Wondering how your business or business unit can benefit from the...
The authors of Cloud Security and Privacy recommend this book for technically savvy business persons who are thinking about using cloud computing and are interested in protecting... Read more
Published on April 22, 2010 by Emmy B. Gengler
5.0 out of 5 stars For programmers trying to adopt cloud computing methods and offers an...
Tim Mather,'s CLOUD SECURITY AND PRIVACY: AN ENTERPRISE PERSPECTIVE ON RISKS AND COMPLIANCE blends theory and applications in a powerful survey of Cloud computing and on... Read more
Published on January 11, 2010 by Midwest Book Review
5.0 out of 5 stars Cloudy no more
There are two kinds of reactions I get when talking to various folks about Cloud computing - either they love it or hate it. Read more
Published on November 8, 2009 by SR
5.0 out of 5 stars Important and timely topic - excellent coverage
Cloud computing is such a hot topic in today's IT world. The business reasons for adopting cloud computing to run SMB and enterprise IT operations is so strong that it is almost... Read more
Published on October 23, 2009 by Wesley H. Higaki
5.0 out of 5 stars If you want to be well informed on Security in Cloud...this book is...
"Cloud Computing" has been the buzz word for a while now and fortune
1000 companies are drawn to this new trend. Read more
Published on October 19, 2009 by Sudhager Karuppaiah
Search Customer Reviews
Only search this product's reviews


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in

Look for Similar Items by Category