Rating: 0 out of 5 stars
0 ratings
Ebook270 pages2 hours
Above the Clouds: Managing Risk in the World of Cloud Computing
Rating: 0 out of 5 stars
()
About this ebook
Above the Clouds: Managing Risk in the World of Cloud Computing acts as a primer and strategic guide to identify Cloud Computing best practices and associated risks, and reduce the latter to acceptable levels. From software as a service (SaaS) to replacing the entire IT infrastructure, the author serves as an educator, guide and strategist, from runway to getting the organization above the clouds. Valuable tips on how to choose your provider of Cloud Services are also offered.
Author
Kevin T. McDonald
Kevin T. McDonald is a senior information technology analyst and Cloud strategist for ICF International, Inc., a global consultancy based in Washington, DC. Mr McDonald is an imaginative IT security and project leader with over 25 years of industry and government experience.He specializes in infrastructure protection, cybersecurity,and business continuity planning for government and commercial clients and has published and spoken in a variety of venues. He is a member of the Tech America Cloud Computing Committee, the IAC-ACT Cross-SIG Cloud Computing in Government committee and the Cloud Security Alliance. He holds a Bachelor of Science in business administration (BSBA) Information Systems and Quantitative Analysis program from the University of Arkansas and is currently pursuing graduate studies at Georgetown University in Washington, DC. Mr McDonald holds certifications from the International Information Systems Security Certification Consortium,Inc. ((ISC)²®) as a certified information systems security professional (CISSP), from the Systems Audit and Control Association (ISACA) as a certified information systems auditor (CISA), from the Project Management Institute as a project management professional (PMP) and is a certified business continuity professional (CBCP) from the Disaster Recovery Institute International. He lives in Falls Church, Virginia, with his wife Melanie.
Related to Above the Clouds
Related ebooks
Securing Cloud Services - A pragmatic guide: Second edition Securing Cloud Services: A pragmatic approach to security architecture in the Cloud Rating: 0 out of 5 stars0 ratingsCloud Computing… Commoditizing It: The Imperative Venture for Every Enterprise Rating: 0 out of 5 stars0 ratingsCloud computing: Moving IT out of the office Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsCloud Computing: Assessing the risks Rating: 0 out of 5 stars0 ratingsCyber Risks for Business Professionals: A Management Guide Rating: 0 out of 5 stars0 ratingsCloud Security and Governance: Who's on your cloud? Rating: 1 out of 5 stars1/5CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security Rating: 0 out of 5 stars0 ratingsISO 22301 A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCRISC A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Risk A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsIT Management A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsIT Risk Assessment Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsInformation technology audit The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsInformation Technology Risk A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIT Security Management Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsCybersecurity Risk Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsIT risk Second Edition Rating: 0 out of 5 stars0 ratingsComputer security incident management Standard Requirements Rating: 0 out of 5 stars0 ratingsISO 19770 A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsIncident Management Report The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsIT Outsourcing A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsGrc A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCloud computing security Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsIT Security Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsActive Directory Migrations The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsIT Demand Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratings
Security For You
Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsWindows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Codes and Ciphers Rating: 5 out of 5 stars5/5
Related podcast episodes
CISSP Training - Domain 1 - Lecture 1 0% found this document usefulThe Privacy Paradox with Anna Maria Mandalari 0% found this document usefulEpisode 31: Challenging the Privacy narrative 0% found this document usefulThe Cloudflare mTLS vulnerability - A Deep Dive Analysis 0% found this document usefulHow To Overcome Challenges Every DPO Faces 0% found this document usefulCookie Hijacking - How Linus Tech Tips got Hacked 0% found this document usefulNIST Cybersecurity Framework [Special Edition]: NIST Cybersecurity Framework 0% found this document usefulCybercrime: A Multi-Billion-Dollar Industry 0% found this document usefulJobs of Tomorrow: Windows Insider Podcast Episode 17 100% found this document useful
Related articles
2029 VISION Where Technology Is Taking Business NZBusiness and ManagementArticle
2029 VISION Where Technology Is Taking Business
May 27, 2019
6 min readWhat Should You Know About Cloud Security Solutions? HWM SingaporeArticle
What Should You Know About Cloud Security Solutions?
Apr 9, 2021
3 min readEdge and Cloud Computing Can They Coexist Peacefully? TechfastlyArticle
Edge and Cloud Computing Can They Coexist Peacefully?
Jun 1, 2022
6 min readFor Cybersecurity Companies, It's Time to Shine EntrepreneurArticle
For Cybersecurity Companies, It's Time to Shine
Dec 1, 2015
2 min readHow to Protect Your Small Business Against a Cyber Attack EntrepreneurArticle
How to Protect Your Small Business Against a Cyber Attack
Feb 1, 2013
8 min readBuild A Dynamic App Security Pipeline Linux FormatArticle
Build A Dynamic App Security Pipeline
Sep 21, 2021
8 min readHow It Secures The Data? TechfastlyArticle
How It Secures The Data?
Jul 1, 2021
1 min readNetwork monitoring 2022 PC Pro MagazineArticle
Network monitoring 2022
Feb 10, 2022
4 min readCyber Safe Facility ManagementArticle
Cyber Safe
Dec 23, 2018
4 min readWeb App Security Linux FormatArticle
Web App Security
Jun 29, 2021
8 min readIdaho Needs To Shore Up Cybersecurity, Task Force Says TechLife NewsArticle
Idaho Needs To Shore Up Cybersecurity, Task Force Says
May 7, 2022
2 min readStaying Safe In The Cloud NZBusiness and ManagementArticle
Staying Safe In The Cloud
Jul 22, 2019
4 min readIn Crosshairs Of Ransomware Crooks, Cyber Insurers Struggle AppleMagazineArticle
In Crosshairs Of Ransomware Crooks, Cyber Insurers Struggle
Jul 9, 2021
5 min readProtect Your Data Maximum PCArticle
Protect Your Data
Mar 3, 2020
13 min readAttacked By Cyber Criminals Saturday StarArticle
Attacked By Cyber Criminals
Jan 9, 2021
4 min readCreate The Perfect People Magazine South AfricaArticle
Create The Perfect
Oct 30, 2019
3 min readIs Your VPN Secure? How To Check For Leaks PCWorldArticle
Is Your VPN Secure? How To Check For Leaks
May 1, 2018
4 min readVulnerability Assessments PC Pro MagazineArticle
Vulnerability Assessments
Jan 7, 2021
3 min readMOVING FORWARD with ERM Advanced Telematics and The Future of Transportation The European Business ReviewArticle
MOVING FORWARD with ERM Advanced Telematics and The Future of Transportation
Oct 3, 2019
11 min readHow To Stop Ransomware Attacks? 1 Proposal Would Prohibit Victims From Paying Up NPRArticle
How To Stop Ransomware Attacks? 1 Proposal Would Prohibit Victims From Paying Up
May 13, 2021
4 min readAWS Vs Azure What’s The Difference? PC Pro MagazineArticle
AWS Vs Azure What’s The Difference?
Sep 11, 2022
7 min readCybersecurity Firm Fireeye Says Was Hacked By Nation State TechLife NewsArticle
Cybersecurity Firm Fireeye Says Was Hacked By Nation State
Dec 12, 2020
3 min readSix Security Holes You Need To Plug Now PC Pro MagazineArticle
Six Security Holes You Need To Plug Now
May 7, 2022
6 min read4 Ways To Protect Your Small Business From Cyberattacks TechLife NewsArticle
4 Ways To Protect Your Small Business From Cyberattacks
May 21, 2022
3 min readCreating a Cybersecurity Checklist Residential Tech TodayArticle
Creating a Cybersecurity Checklist
Aug 25, 2021
Cybersecurity technology has experienced a tremendous surge in consumer interest in 2021 that has shown no signs of slowing down. The trend is largely because developers are introducing numerous innovations in this realm, at a pace that meets market
4 min readCybersecurity May Be Beating Cyber Fear The Christian Science MonitorArticle
Cybersecurity May Be Beating Cyber Fear
Apr 5, 2018
Despite the drumbeat of data breaches, such as Facebook’s, the good news is that companies and governments are putting security first, according to a new survey.
1 min readMailserver MAILSERVER Linux FormatArticle
Mailserver MAILSERVER
Nov 16, 2021
4 min readGlobal Cybersecurity Guide For Directors NZBusiness and ManagementArticle
Global Cybersecurity Guide For Directors
Apr 25, 2021
Cybersecurity failure is a “clear and present danger” and critical global threat, yet responses from board directors have been fragmented, risks not fully understood and collaboration between industries limited, according to the World Economic Forum.
2 min readTaking Guard Business TodayArticle
Taking Guard
Sep 2, 2021
6 min readCybersecurity Courses Ramp Up Amid Shortage Of Professionals AppleMagazineArticle
Cybersecurity Courses Ramp Up Amid Shortage Of Professionals
Jun 17, 2022
7 min read
Reviews for Above the Clouds
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Above the Clouds - Kevin T. McDonald
9781849280990
PREFACE
What is Cloud Computing?
Figure 1: Cloud Computing paradigm
Let’s start with a definition. In the simplest, cocktail-hour terms, Cloud Computing is managed, shared applications, development platforms or computing infrastructure accessible via a network such as the Internet.
If you have a Gmail or Yahoo® account, you are already using Cloud Computing. You really don’t know where your e-mail and contacts are stored; you access your account via the Internet or on a smartphone with the same simplicity and belief with which you turn on a light switch.
Cloud Computing provides options like bandwidth and computing power on demand, with elastic abilities usually paid for as a metered service or chargeback. Your organization may already provide a service like that without calling it Cloud Computing.
Shared service model
The concept of shifting computing to a shared service provider is not new. What may be new is that the cost of Cloud Computing is falling so dramatically that considering outsourcing to the Cloud is no longer rare, and it is now accessible enough that any individual or organization can use it to their advantage.
Computing as a commodity service
The commoditization of software and hardware that will appear and run the same whether they are set up by in-house IT staff or somewhere out in the ether are also factors. If the result is the same, the risks are more or less equivalent and the cost per transaction is dropping much faster outside the organization than when being performed in-house, the question that should be asked is when, not why.
Simplicity versus complexity
Another driver is simplicity. Information technology grows more complex over time. This complexity comes at a high price. The more complex the environment, the more prone it is to failure. The more prone to failure, the more difficult and intransigent systems are to change.
As our information systems have grown more complex, the data center bureaucracy has become more entrenched. We also may have lost sight of what they were supposed to accomplish for us in the first place. As a result, the percentage of work in IT that is dedicated to simply keeping the lights on and the machines humming has grown year to year. Meanwhile the actual amount of usable information from our information
systems has not kept pace.
Data center efficiency
Studies indicate that a data center only uses, on average, 10 to 15% of its available capacity. By using a shared-resource Cloud model, we can regain much of this idle capacity and lower operating costs to as much as 80% below dedicated computing models. This explains in part why so much buzz surrounds Cloud Computing. The ability to rent IT services versus buy them, run existing IT resources more efficiently and throw the resources back when they aren’t needed is very attractive in an era of increasingly tighter budgets.
The way ahead
If discussing factors such as reduced cost, commodity services, simplicity and efficiency, leaves you with that gnawing feeling that your organization is missing something in this complex IT arena, do not despair. It is likely your competitors are not performing any better.
There will always likely be a gap between where you are and where you could be on the scale of operational efficiency. Clues to the existence and magnitude of the gap lie in the geometric growth of things like chillers and pipes, routers and firewalls with no corresponding improvement in performance.
What if we could just jettison all of the details and get back to concentrating on functions and capabilities? Back to the days when the high priests of IT in white lab coats ushered in solutions instead of problems and fear.
Cloud Computing creates the impression that we no longer need to have a handle on the details, just as we don’t need to understand electricity to use it. Cloud Computing holds the promise that we just need to step up, flip the switch and let data flow from the Cloud. Can we trade the data center utility for a utility bill?
That is, of course, the promise. The question is how do we get there?
ABOUT THE AUTHOR
Kevin T. McDonald is a senior information technology analyst and Cloud strategist for ICF International, Inc., a global consultancy based in Washington, DC. Mr McDonald is an imaginative IT security and project leader with over 25 years of industry and government experience. He specializes in infrastructure protection, cybersecurity, and business continuity planning for government and commercial clients and has published and spoken in a variety of venues.
He is a member of the Tech America Cloud Computing Committee, the IAC-ACT Cross-SIG Cloud Computing in Government committee and the Cloud Security Alliance.
He holds a Bachelor of Science in business administration (BSBA) Information Systems and Quantitative Analysis program from the University of Arkansas and is currently pursing graduate studies at Georgetown University in Washington, DC.
as a certified information systems security professional (CISSP), from the Systems Audit and Control Association (ISACA) as a certified information systems auditor (CISA), from the Project Management Institute as a project management professional (PMP) and is a certified business continuity professional (CBCP) from the Disaster Recovery Institute International. He lives in Falls Church, Virginia, with his wife Melanie.
ACKNOWLEDGEMENTS
There is not enough space to thank all who have contributed to this work. Great thanks to Angela at IT Governance for her unflagging cheer and patience and to Chris Peters and Andy Robison at ICF for their early and continuous support. To my father Paul, for sharing his love of ideas, and my mother Kathleen, for sharing the wisdom to bring them into reality. And finally, for Melanie, my wife, my friend and my muse; nothing happened until she happened. Falls Church, 2009.
CONTENTS
INTRODUCTION
When discussing Cloud Computing, it is helpful to have a lexicon of common terms handy. Additional resources and expanded definitions are available on the National Institute of Standards and Technology website that have contributed greatly to the discussion of Cloud Computing.
http://csrc.nist.gov/groups/SNS/cloudcomputing/
Cloud Computing provides widely accessible, on-demand, elastic computing power. These services are metered and charged back based on usage.
The capital investment in the data center is assumed by the Cloud provider and operation costs are passed on to the Cloud data center users. This shifting from a capital-intensive model to an operating-expense model shifts the material risk somewhat from the service user to the service provider.
The service provider is stuck with the equipment and data center assets. The service user is usually on a month-to-month or an annual contract to the service provider. Cancel the contract and the service user is not obligated for the disposal of the equipment.
Contrast that with a data center owner/operator. The hardware and software expense must be sufficient to provide services for the high-water mark of demand. If demand falls, they are still on the hook for the equipment.
Virtualization
Figure 2: Virtualization
One of the features of Cloud Computing is that the computing power and storage capacity are elastic and can grow or shrink based upon your needs. One way to imagine how this is done is to visualize a magic refrigerator.
Enjoying the preview?
Page 1 of 1