There are many excellent examples of the economic benefits of cloud computing for individuals, small businesses, large enterprises, and the public sector alike. However, as our dependency on cloud computing grows so do the increased risk around security and privacy. With such a concentration of system resources and customers, the impact of a major outage will have greater ramifications than ever before. An outage affecting only one organization means that the impact will affect only that organization and their stakeholders. With cloud computing however, an outage or major incident will not only affect one customer, but potentially an entire industry.

Herein lies the risk; as our dependency on cloud computing grows so does the potential impact of any incident. These risks go beyond cyber of course, with natural disasters, bankruptcy, and even law enforcement action against providers those do not undertake appropriate due diligence on what their customers do. Without the requisite transparency, end customers for cloud computing may be completely unaware of such risks until it is too late. Indeed many examples exist where customers realize something is wrong only when they can no longer gain access to their resources.

This book is critical in building the necessary levels of assurance required to protect such valuable resources. Of course the level of assurance will vary, but having the necessary tools is imperative. The Cloud Security Alliance and the authors of this book have provided a comprehensive view of the salient points required to protect assets with cloud service providers with appropriate references to external sources for more detail. Such measures are imperative as we have seen with the advent of the US FedRAMP, but also a multitude of other certification schemes established to build the confidence we all expect when using the cloud.

Cloud computing is here to stay. It promises tremendous opportunities that benefit each and every one of us. This is not lost on cyber criminals, and the need for protecting, or the benefits of, such critical assets has never been so great.

By

Throughout history, great inventions and innovations have been underestimated and even ridiculed, only to exceed all expectations and change the world. The Internet clearly falls into the category of wildly successful innovations, a research network that languished in obscurity for years, only to burst onto the scene in the 1990s and become a pervasive part of business and society. At the same time, many contemporaneous technology trends have failed to fulfill their promise. With the hype that has surrounded cloud computing over the past several years, it is easy to fall into the same complacent thinking—Is not cloud just a new characterization of preexisting computing technologies, such as the mainframe and the World Wide Web?

Cloud computing indeed has a heritage in many familiar computing concepts. Like many transformational technologies, timing is everything. Cloud is transforming computing into a utility—the most powerful utility yet conceived. The idea that any person on Earth, rather than a privileged few, can have access to an unlimited amount of computing power, on demand, is startling in its possibilities. The idea that sophisticated new software-driven businesses can be built in the cloud in days rather than years is mind boggling. With each passing day, Cloud Security Alliance (CSA) receives new evidence that the cloud revolution is upon us. Global enterprises tell us that they are “all in” with the cloud. Financial institutions tell us they have opened their last internal data center. Software companies tell us that in the future, all of their products will exist in the cloud. Entrepreneurs are challenging every existing industry and dreaming up new ones, powered by the cloud. The time for cloud is now. Many of humanity’s most difficult and pressing problems will someday be solved by the power of cloud computing, if we can trust it.

At the CSA, our mission is to build the trusted cloud ecosystem and deliver a broad portfolio of security best practices to enable that trust. We are a nonprofit organization with our presence in many countries. As the CEO of Cloud Security Alliance, I am pleased to provide an introduction to the CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security. I would like to thank Brian Honan and Raj Samani for their vision and efforts in breathing life into this guide. Through their research, skilled writing, and sheer determination, they have produced an eminently readable guide, appropriate for anyone with a career in information technology, information security, and beyond. I would also like to thank the many volunteers within CSA who helped review and edit this publication. Please enjoy this guide with our best wishes.

By