Cloud Storage Security, A Practical Guide
Authors: Aaron Wheeler and Michael Winburn
Pages: 144 pages
Publisher: Elsevier
ISBN: 0128029307
Introduction
Practically everybody keeps at least some of their data in the cloud, although not everybody knows what the cloud is, exactly, or, for that matter, that using most popular online services often results in some of their data ending up in it. This book aims to help individual users and enterprise practitioners gain insight in and evaluate the risks associated with cloud-based data storage.
About the authors
Aaron Wheeler is a Research Scientist at 3 Sigma Research and adjunct faculty at Valencia College. Previously he was a Software Engineer with Modus Operandi and Staff Research Assistant at Los Alamos National Laboratory.
Michael Winburn is the founder of 3 Sigma Research. Serving as Chief Scientist, he has many years of experience in research and development that includes projects conducted for, among others, NASA and DARPA.
Inside the book
The book starts by introducing the concept of cloud, cloud service models (software, platform, and infrastructure) and deployment models (private, communal, public, and hybrid), explains what we mean by data, and what is metadata, and explains the advantages of cloud data storage, as well as introduces the security and privacy risks associated with it.
This is where many novices will be taught for the first time that data that we consider ours can often contain sensitive information about others, and that getting data in and out of the cloud safely is as important at storing it safely. They will also learn about the legal and criminal threats to their cloud storage data and, through a case study, about different cloud storage providers and security features. Finally, there is a little bit about cloud-based data sharing.
This chapter is so succinct and well-written, that I would like it to be mandatory reading for anyone who users computers and the Internet.
The authors then teach the reader about applications that allow users to store and share data in the cloud: email services, cloud backup services, social media as cloud storage, cloud-based office suites, health and fitness apps. For each category there is a case study that compares the privacy and security risks of using the most popular apps. For example, in the email category the authors compare Gmail, Outlook.com, and Yahoo! Mail.
Privacy challenges associated with user data in the cloud is a topic that had to be addressed in light of all the data breaches that we have witnessed and been affected by, and because user data has value to many people, organizations and, unfortunately, criminals.
Chapter four deals with the subject of compliance and explains the requirements of the four US federal laws that govern the issue of data security for the healthcare and financial industries (HIPAA, Dodd-Frank, GLBA, and Sarbanes-Oxley). It then widens the scope, and explains the European Data Protection Directive of 1995, UK’s Data Protection Act 1998, and India’s Information Technology Act 2000.
Privacy tools that users can take advantage of in addition to the privacy protections offered by cloud providers are presented in Chapter 5: two-factor authentication, encryption, secure email, passwords (and password managers) and encryption keys, data deletion, and so on. The authors didn’t go too much in depth, but this is a clear and helpful overview of the most popular ones.
The authors provided a checklist that will help users think about important issues and help probe providers about their offerings and security and privacy protections in order to make the right decision for themselves and their organization. This includes questions about physical and network security, encryption, authentication and access control, and more.
The book ends with a chapter of the future of cloud data privacy and security, going as far forward as quantum computing and data storage in DNA.
Final thoughts
There’s nothing about this book that I didn’t like. It’s very concise, covers all the most important issued and explains them extremely well. This is the ideal book for novice users to learn about information security in the cloud, and could be a good place to start for IT pros that are dealing with cloud data security policies.