企业视角：云计算安全与隐私风险与合规全解析

5星 · 超过95%的资源需积分: 0 21 浏览量更新于2024-08-02 1 收藏 5.44MB PDF 举报

《云安全与隐私：企业视角的风险与合规》是一本针对云计算在企业中的应用提供深入洞察的书籍。随着云计算的普及，它成为众多公司降低成本、提高效率的重要工具。然而，数据安全和隐私保护是使用云服务时不可忽视的关键问题。该书首先审视了当前云计算中数据安全的现状，涵盖了保密性（Confidentiality）、完整性（Integrity）和可用性（Availability）这三个基本要素。理解并确保这些属性在云环境中的保障至关重要，因为它们直接影响到数据的保护和业务连续性。书中着重介绍了身份和访问管理（IAM）实践，探讨了如何通过认证（Authentication）、授权（Authorization）和审计（Auditing）机制来管理和验证用户对云服务的访问权限。这是确保只有授权人员能够访问敏感信息、防止未经授权操作的基础。此外，作者深入分析了适用于云计算的安全管理框架和标准，如NIST（National Institute of Standards and Technology）的云计算框架、ISO/IEC 27001等，帮助读者了解如何在云端建立符合行业标准的安全管理体系。隐私方面，云服务与传统计算模式相比，带来了新的挑战。《云安全与隐私》解释了如何处理个人数据的收集、存储和跨国传输中的隐私问题，以及如何在遵循当地和国际法规的同时，平衡商业利益与用户隐私权益。最后，该书强调了云环境中的审计和合规功能的重要性。企业需要考虑哪些标准和框架，如PCI DSS（Payment Card Industry Data Security Standard）、GDPR（General Data Protection Regulation）等，以确保在享受云计算带来的便利的同时，满足法规要求，降低合规风险。《云安全与隐私》由三位技术安全领域的知名专家撰写，为IT专业人员、信息安全和隐私从业者、企业经理人、服务提供商和投资者提供了实用的指导，无论是在规划还是实施云计算服务时，都是不可或缺的参考资料。这本书不仅提供了全面的概念和定义，还为实际操作者提供了构建安全可靠的云环境的坚实基础。

Chapter 9, Examples of Cloud Service Providers

Provides information on some examples of cloud service providers (CSPs), including who

some of the major CSPs are (in terms of size and influence) and what services they provide.

Chapter 10, Security-As-a-[Cloud] Service

Looks at a different facet of cloud computing security: security delivered as a service unto

itself through the cloud. This security-as-a-[cloud] service (SaaS) is also an emerging

space, and in this chapter we look at what some of those cloud security services are.

Chapter 11, The Impact of Cloud Computing on the Role of Corporate IT

Looks at the impact of cloud computing on organizational IT departments as they exist

today. Although some may feel that cloud computing provides an important complement

to IT departments today, the view from IT departments might be that cloud computing

replaces much of what IT is responsible for.

Chapter 12, Conclusion, and the Future of the Cloud

Summarizes the concepts presented in the book and provides some thoughts on the future

of the cloud.

This book also includes a glossary of terms, as well as three appendixes that discuss relevant

audit formats (SAS 70 Type II and SysTrust) and provide one model of the relationships

between audit controls relevant to cloud computing.

Conventions Used in This Book

The following typographical conventions are used in this book:

Italic

Indicates new terms, URLs, and email addresses

Constant width

Used to refer to language and script elements

N O T E

This icon signifies a tip, suggestion, or general note.

Using Code Examples

This book is here to help you get your job done. In general, you may use the code in this book

in your programs and documentation. You do not need to contact us for permission unless

you’re reproducing a significant portion of the code. For example, writing a program that uses

several chunks of code from this book does not require permission. Selling or distributing a

CD-ROM of examples from O’Reilly books does require permission. Answering a question by

citing this book and quoting example code does not require permission. Incorporating a

xiv

P RE FA CE

Download at WoWeBook.Com

significant amount of example code from this book into your product’s documentation does

require permission.

We appreciate, but do not require, attribution. An attribution usually includes the title, author,

publisher, and ISBN. For example: “Cloud Security and Privacy, by Tim Mather, Subra

Shahed Latif, 978-0-596-80276-9.”

If you feel your use of code examples falls outside fair use or the permission given above, feel

free to contact us at permissions@oreilly.com.

Safari® Books Online

Safari Books Online is an on-demand digital library that lets you easily search

over 7,500 technology and creative reference books and videos to find the

answers you need quickly.

With a subscription, you can read any page and watch any video from our library online. Read

books on your cell phone and mobile devices. Access new titles before they are available for

print, and get exclusive access to manuscripts in development and post feedback for the

authors. Copy and paste code samples, organize your favorites, download chapters, bookmark

key sections, create notes, print out pages, and benefit from tons of other time-saving features.

O’Reilly Media has uploaded this book to the Safari Books Online service. To have full digital

access to this book and others on similar topics from O’Reilly and other publishers, sign up for

free at http://my.safaribooksonline.com.

How to Contact Us

Please address comments and questions concerning this book to the publisher:

O’Reilly Media, Inc.

1005 Gravenstein Highway North

Sebastopol, CA 95472

800-998-9938 (in the United States or Canada)

707-829-0515 (international or local)

707-829-0104 (fax)

We have a web page for this book, where we list errata, examples, and any additional

information. You can access this page at:

http://oreilly.com/catalog/9780596802769

To comment or ask technical questions about this book, send email to:

bookquestions@oreilly.com

P RE FA CE xv

Download at WoWeBook.Com

For more information about our books, conferences, Resource Centers, and the O’Reilly

Network, see our website at:

http://oreilly.com

Acknowledgments

We want to thank the many people from cloud service providers who took the time to talk

with us about security and privacy in the cloud. Even though a significant amount of that

material was told to us on a non-attribution basis, it was nevertheless invaluable for us to

understand the providers’ perspectives on this topic. We also spoke with several customers of

cloud computing services and got some great insights into their real-world concerns and

experiences.

In putting this book together, we felt it was important to capture the latest solutions and trends

in the market. To this end, we met with a number of companies to understand the current

trends. Organizations we talked to included Microsoft, the National Institute of Standards and

Technology, Salesforce.com, and Sun Microsystems. With that in mind, we would like to thank

the following people who helped us: John Dutra, John Howie, Peter Mell, Izak Mutlu, and

Rajen Sheth.

We also owe a big thank you to several people who took the time to review our manuscript

and keep us accurate technically, as well as helping us with readability. Thank you specifically

to Dan Blum, Robert Fly, Tim Grance, Chris Hoff, Jim Reavis, Laura Robertson, and Rodney

Thayer. Although any errors or omissions in the book are strictly our own responsibility, these

individuals helped ensure that we made fewer of them.

Several KPMG employees also helped us significantly in our efforts, and we need to recognize

them. They did everything from providing content and helping with graphics, to putting

together the glossary, coordinating our meetings, and handling a number of other tasks that

made our work easier. Thank you very much to Graham Hill, Vijay Jajoo, Mark Lundin, Bob

Quicke, Ismail Rahman, Doron Rotman, and Nadeem Siddiqui.

Finally, there is a saying in Silicon Valley about “eating your own dog food.” Marketing

personnel generally translate this phrase to “using your own products.” Well, when it came to

writing this book, we endeavored to eat our own dog food—that is, we used cloud services

wherever possible in this effort. We used cloud-based email, calendaring, and our own cloud-

based website for document and graphics management, as well as for coordinating with our

editor at O’Reilly (thanks, Mike Loukides!), our reviewers, our contributors, and Lasselle-

Ramsay, which helped significantly in making our material presentable.

xvi

P RE FA CE

Download at WoWeBook.Com

剩余335页未读，继续阅读

zhengxiang3396y

粉丝: 1
资源: 20

企业视角：云计算安全与隐私风险与合规全解析

企业视角：云安全与隐私风险及合规指南

"云安全控制矩阵CCM_v3.0中英文版控制规范更新与应用

"基于云计算的微博敏感信息挖掘系统研究

「渗透测试」AI_and_Machine_Learning：Managing_the_Risks_of_Major_Law

Y2K costs & compliance: A perspective from the United Kingdom

A survey of state-level contacts for school psychology regarding retention/promotion practices: Are we evaluating the risks and benefits?

Interview: Brazil: Risks and opportunities-An interview with Alexandre Barros, President of Early Warning, a political risk firm in Brazil

Risks and Security of Internet and Systems论文集

Blockchain_and_dlt_security_risks_threats_and_vulnerabilitie

「防火墙」Blockchain_and_dlt_security_risks_threats_and_vulnerabil

最新资源