Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Above the Clouds", Kevin T. McDonald

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKABVCLD.RVW 20110323 Above the Clouds , Kevin T. McDonald, 2010, 978-1-84928-031-0, UK#39.95 %A Kevin T. McDonald %D 2010 %G 978-1-84928-031-0
    Message 1 of 1 , Sep 20 4:34 PM
    • 0 Attachment
      BKABVCLD.RVW 20110323

      "Above the Clouds", Kevin T. McDonald, 2010, 978-1-84928-031-0,
      UK#39.95
      %A Kevin T. McDonald
      %D 2010
      %G 978-1-84928-031-0 1-84928-031-2
      %I IT Governance
      %O UK#39.95
      %O http://www.amazon.com/exec/obidos/ASIN/1849280312/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/1849280312/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/1849280312/robsladesin03-20
      %O Audience n+ Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 169 p.
      %T "Above the Clouds: Managing Risk in the World of Cloud Computing"

      The preface does a complicated job of defining cloud computing. The
      introduction does provides a simpler description: cloud computing is
      the sharing of services, at the time you need them, paying for the
      services you need or use. Different terms are listed based on what
      services are provided, and to whom. We could call cloud computing
      time-sharing, and the providers service bureaus. (Of course, if we
      did that, a number of people would think they'd walked into a forty-
      five year time-warp.)

      The text is oddly structured: indeed, it is hard to find any
      organization in the material at all. Chapter one states that the
      cloud allows you to do rapid prototyping because you can use patched
      operating systems. I would agree that properly up-to-date operating
      systems are a good thing, but it isn't made clear what this has to do
      with either prototyping or the cloud. There is a definite (and
      repeated) assertion that "bigger is better," but this idea is
      presented as an article of faith, rather than demonstrated. There is
      mention of the difficulty of maintaining core competencies, but no
      discussion of how you would determine that a large entity has such
      competencies. Some of the content is contradictory: there are many
      statements to the effect that the cloud allows instant access to
      services, but at least one warning that you cannot expect cloud
      services to be instantly accessible. Various commercial products and
      services are noted in one section, but there is almost no description
      or detail in regard to actual services or availability.

      Chapter two does admit that there can be some problems with using
      cloud services. Despite this admission some of the material is
      strange. We are told that you can eliminate capacity planning by
      using the cloud, but are immediately warned that we need to determine
      service levels (which is just a different form of capacity planning).
      In terms of preparation and planning, chapter three does mention a
      numb of issues to be addressed. Even so, it tends to underplay the
      full range of factors that can determine the success or failure of a
      cloud project. (Much content that has been provided previously is
      duplicated here.) There is a very brief section on risk management.
      The process outline is fine, but the example given is rather flawed.
      (The gap analysis fails to note that the vendor does not actually
      answer the question asked.) SAS70 and similar reports are heavily
      emphasized, although the material fails to mention that many of the
      reasons that small businesses will be interested in the cloud will be
      for functions that are beyond the scope of these standards. Chapter
      four appears to be about risk assessment, but then wanders into
      discussion of continuity planning, project management, testing, and a
      bewildering variety of only marginally related topics. There is a
      very terse review of security fundamentals, in chapter five, but it is
      so brief as to be almost useless, and does not really address issues
      specifically related to the cloud. The (very limited) examination of
      security in chapter six seems to imply that a good cloud provider will
      automatically provide additional security functions. In certain
      areas, such as availability and backup, this may be true. However, in
      areas such as access control and identity management, this will most
      probably involve additional charges/costs, and it is not likely that
      the service provider will be able to do a better job than you can,
      yourself. A final chapter suggests that you analyze your own company
      to find functions that can be placed into the cloud.

      Despite the random nature of the book, the breadth of topics means it
      can be used as an introduction to the factors which should be
      considered when attempting to use cloud computing. The lack of detail
      would place a heavy burden of research and work on those charged with
      planning or implementing such activities. In addition, the heavily
      promotional tone of the work may lead some readers to underestimate
      the magnitude of the task.

      copyright, Robert M. Slade 2011 BKABVCLD.RVW 20110323


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      There is nothing in this world constant but inconstancy. - Swift
      victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
      http://blogs.securiteam.com/index.php/archives/author/p1/
      http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.