REVIEW: "Above the Clouds", Kevin T. McDonald
- BKABVCLD.RVW 20110323
"Above the Clouds", Kevin T. McDonald, 2010, 978-1-84928-031-0,
%A Kevin T. McDonald
%G 978-1-84928-031-0 1-84928-031-2
%I IT Governance
%O Audience n+ Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 169 p.
%T "Above the Clouds: Managing Risk in the World of Cloud Computing"
The preface does a complicated job of defining cloud computing. The
introduction does provides a simpler description: cloud computing is
the sharing of services, at the time you need them, paying for the
services you need or use. Different terms are listed based on what
services are provided, and to whom. We could call cloud computing
time-sharing, and the providers service bureaus. (Of course, if we
did that, a number of people would think they'd walked into a forty-
five year time-warp.)
The text is oddly structured: indeed, it is hard to find any
organization in the material at all. Chapter one states that the
cloud allows you to do rapid prototyping because you can use patched
operating systems. I would agree that properly up-to-date operating
systems are a good thing, but it isn't made clear what this has to do
with either prototyping or the cloud. There is a definite (and
repeated) assertion that "bigger is better," but this idea is
presented as an article of faith, rather than demonstrated. There is
mention of the difficulty of maintaining core competencies, but no
discussion of how you would determine that a large entity has such
competencies. Some of the content is contradictory: there are many
statements to the effect that the cloud allows instant access to
services, but at least one warning that you cannot expect cloud
services to be instantly accessible. Various commercial products and
services are noted in one section, but there is almost no description
or detail in regard to actual services or availability.
Chapter two does admit that there can be some problems with using
cloud services. Despite this admission some of the material is
strange. We are told that you can eliminate capacity planning by
using the cloud, but are immediately warned that we need to determine
service levels (which is just a different form of capacity planning).
In terms of preparation and planning, chapter three does mention a
numb of issues to be addressed. Even so, it tends to underplay the
full range of factors that can determine the success or failure of a
cloud project. (Much content that has been provided previously is
duplicated here.) There is a very brief section on risk management.
The process outline is fine, but the example given is rather flawed.
(The gap analysis fails to note that the vendor does not actually
answer the question asked.) SAS70 and similar reports are heavily
emphasized, although the material fails to mention that many of the
reasons that small businesses will be interested in the cloud will be
for functions that are beyond the scope of these standards. Chapter
four appears to be about risk assessment, but then wanders into
discussion of continuity planning, project management, testing, and a
bewildering variety of only marginally related topics. There is a
very terse review of security fundamentals, in chapter five, but it is
so brief as to be almost useless, and does not really address issues
specifically related to the cloud. The (very limited) examination of
security in chapter six seems to imply that a good cloud provider will
automatically provide additional security functions. In certain
areas, such as availability and backup, this may be true. However, in
areas such as access control and identity management, this will most
probably involve additional charges/costs, and it is not likely that
the service provider will be able to do a better job than you can,
yourself. A final chapter suggests that you analyze your own company
to find functions that can be placed into the cloud.
Despite the random nature of the book, the breadth of topics means it
can be used as an introduction to the factors which should be
considered when attempting to use cloud computing. The lack of detail
would place a heavy burden of research and work on those charged with
planning or implementing such activities. In addition, the heavily
promotional tone of the work may lead some readers to underestimate
the magnitude of the task.
copyright, Robert M. Slade 2011 BKABVCLD.RVW 20110323
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
There is nothing in this world constant but inconstancy. - Swift