- Email: [email protected]
Securing cloud and mobility: A practitioner's guide
computers & security xxx (2014) 1
Available online at www.sciencedirect.com
ScienceDirect journal homepage: www.elsevier.com/locate/cose
Book review Securing Cloud and Mobility: A Practitioner’s Guide, I. Lim, E. Coleen Coolidge, P. Hourani, Auerbach Publications, USA (2013).
The authors, Ian Lim, E. Coleen Coolidge and Paul Hourani, argue that their book is one of the few dedicated to virtualization and security, in connection with the cloud and mobile environment. Is a pity that the publisher does not provide the interested reader with a short bio of the authors e something that tends to be considered as a standard practice, nowadays. The book includes 5 parts, which are further divided into 16 chapters, in total. The first part provides the reader with introductory information regarding the cloud and mobility environments. The next three parts focus on the cloud and its features, while the fifth part refers to the current status of the mobility aspect. Although the outline gives promises for a detailed and an in-depth analysis of the two cutting-edge technologies, i.e. cloud and mobility, this appears not to be really the case with the book. In particular, the content of some chapters e although relevant to the subject e suffers by consistency issues. In the first part, the authors introduce the cloud by providing the NIST definition and describing its features (i.e. service and deployment models). This could be considered as a sound and solid introduction to cloud computing. A similar approach is also followed for mobility. In particular, the second chapter provides a very nice view of the currently existing threats (e.g. hacktivism, cyber espionage, etc.), together with how cloud and mobility can deal with them. In the next three parts of the book, which could be easily grouped into one, authors discuss several issues that refer to private and public cloud environments. The reader would expect this part to begin with the existing threats in cloud deployments, in a way similar to “The Notorious Nine” by Cloud Security Alliance (CSA). However, the authors did not adopt such a structure. Moreover, they chose not to refer to either CSA, or to several other major approaches (e.g. ENISA, NIST, ISACA, etc.). What the third part of the book refers to, regarding the private cloud, should be improved in terms of consistency. Each of the chapters of this part could be stand alone and not require from the reader to jump from one chapter to another. The fourth part was expected to include a description and practical analysis over public cloud and its features. However, the authors decided to provide the reader with frameworks for
reviewing cloud services, something that, in our view, can only loosely be linked to the previous chapters. We consider that the book would seriously benefit if the authors had decided to add a separate chapter that would focus on practical legal (and perhaps also ethical) issues regarding cloud and mobility. In the fifth part the authors turn their attention to mobility, with a main focus on available mobile architectures. They begin by introducing RIM’s (Research in Motion) and Microsoft’s mobile architectures. It is neither clear to us, nor it is adequately explained in the book, why authors chose these two architectures, instead of the Android and iOS ones, which are much more popular e to say the least e according to all recent studies. The fourteenth chapter is a pleasant surprise, as it provides the reader with clear and useful insights regarding security issues in smartphone and tablet devices, while analyzing them in a comprehensive way. In contrast, the next chapter refers only vaguely, and thus unexpectedly, to the connection of enterprise and third-party applications to mobile devices. Something else that does not ease the reader is the placement of a number of tables. To a reader’s surprise, there are a few pages where from the reader starts reading a new chapter and then comes across to tables that refer to the previous chapter. We do understand, though, that this might not be the responsibility of the authors only. To summarize, we consider that the book does not adequately provide its reader with a strong and concise analysis of secure cloud and mobility issues. The lack of consistency between chapters, the lack of a chapter that focus on legal issues, the lack of attention to well-known approaches (CSA, NIST, ENISA, ISACA), as well as the lack of analysis of popular mobile architectures (Android, iOS), may be some of the reasons that explain why the book has probably not succeeded in meeting its readers desire. Nikolaos Tsalis Dimitris Gritzalis* Dept. of Informatics, Athens University of Economics & Business, 76 Patission Ave., Athens, GR-10434, Greece *Corresponding author. Tel.: þ30 2105810116. E-mail addresses: [email protected] (N. Tsalis), [email protected] (D. Gritzalis) 0167-4048/$ e see front matter http://dx.doi.org/10.1016/j.cose.2014.02.002
Available online at www.sciencedirect.com
ScienceDirect journal homepage: www.elsevier.com/locate/cose
Book review Securing Cloud and Mobility: A Practitioner’s Guide, I. Lim, E. Coleen Coolidge, P. Hourani, Auerbach Publications, USA (2013).
The authors, Ian Lim, E. Coleen Coolidge and Paul Hourani, argue that their book is one of the few dedicated to virtualization and security, in connection with the cloud and mobile environment. Is a pity that the publisher does not provide the interested reader with a short bio of the authors e something that tends to be considered as a standard practice, nowadays. The book includes 5 parts, which are further divided into 16 chapters, in total. The first part provides the reader with introductory information regarding the cloud and mobility environments. The next three parts focus on the cloud and its features, while the fifth part refers to the current status of the mobility aspect. Although the outline gives promises for a detailed and an in-depth analysis of the two cutting-edge technologies, i.e. cloud and mobility, this appears not to be really the case with the book. In particular, the content of some chapters e although relevant to the subject e suffers by consistency issues. In the first part, the authors introduce the cloud by providing the NIST definition and describing its features (i.e. service and deployment models). This could be considered as a sound and solid introduction to cloud computing. A similar approach is also followed for mobility. In particular, the second chapter provides a very nice view of the currently existing threats (e.g. hacktivism, cyber espionage, etc.), together with how cloud and mobility can deal with them. In the next three parts of the book, which could be easily grouped into one, authors discuss several issues that refer to private and public cloud environments. The reader would expect this part to begin with the existing threats in cloud deployments, in a way similar to “The Notorious Nine” by Cloud Security Alliance (CSA). However, the authors did not adopt such a structure. Moreover, they chose not to refer to either CSA, or to several other major approaches (e.g. ENISA, NIST, ISACA, etc.). What the third part of the book refers to, regarding the private cloud, should be improved in terms of consistency. Each of the chapters of this part could be stand alone and not require from the reader to jump from one chapter to another. The fourth part was expected to include a description and practical analysis over public cloud and its features. However, the authors decided to provide the reader with frameworks for
reviewing cloud services, something that, in our view, can only loosely be linked to the previous chapters. We consider that the book would seriously benefit if the authors had decided to add a separate chapter that would focus on practical legal (and perhaps also ethical) issues regarding cloud and mobility. In the fifth part the authors turn their attention to mobility, with a main focus on available mobile architectures. They begin by introducing RIM’s (Research in Motion) and Microsoft’s mobile architectures. It is neither clear to us, nor it is adequately explained in the book, why authors chose these two architectures, instead of the Android and iOS ones, which are much more popular e to say the least e according to all recent studies. The fourteenth chapter is a pleasant surprise, as it provides the reader with clear and useful insights regarding security issues in smartphone and tablet devices, while analyzing them in a comprehensive way. In contrast, the next chapter refers only vaguely, and thus unexpectedly, to the connection of enterprise and third-party applications to mobile devices. Something else that does not ease the reader is the placement of a number of tables. To a reader’s surprise, there are a few pages where from the reader starts reading a new chapter and then comes across to tables that refer to the previous chapter. We do understand, though, that this might not be the responsibility of the authors only. To summarize, we consider that the book does not adequately provide its reader with a strong and concise analysis of secure cloud and mobility issues. The lack of consistency between chapters, the lack of a chapter that focus on legal issues, the lack of attention to well-known approaches (CSA, NIST, ENISA, ISACA), as well as the lack of analysis of popular mobile architectures (Android, iOS), may be some of the reasons that explain why the book has probably not succeeded in meeting its readers desire. Nikolaos Tsalis Dimitris Gritzalis* Dept. of Informatics, Athens University of Economics & Business, 76 Patission Ave., Athens, GR-10434, Greece *Corresponding author. Tel.: þ30 2105810116. E-mail addresses: [email protected] (N. Tsalis), [email protected] (D. Gritzalis) 0167-4048/$ e see front matter http://dx.doi.org/10.1016/j.cose.2014.02.002