BKABVCLD.RVW 20110323 "Above the Clouds", Kevin T. McDonald, 2010, 978-1-84928-031-0, UK#39.95 %A Kevin T. McDonald %D 2010 %G 978-1-84928-031-0 1-84928-031-2 %I IT Governance %O UK#39.95 %O http://www.amazon.com/exec/obidos/ASIN/1849280312/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1849280312/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1849280312/robsladesin03-20 %O Audience n+ Tech 1 Writing 1 (see revfaq.htm for explanation) %P 169 p. %T "Above the Clouds: Managing Risk in the World of Cloud Computing" The preface does a complicated job of defining cloud computing. The introduction does provides a simpler description: cloud computing is the sharing of services, at the time you need them, paying for the services you need or use. Different terms are listed based on what services are provided, and to whom. We could call cloud computing time-sharing, and the providers service bureaus. (Of course, if we did that, a number of people would think they'd walked into a forty- five year time-warp.) The text is oddly structured: indeed, it is hard to find any organization in the material at all. Chapter one states that the cloud allows you to do rapid prototyping because you can use patched operating systems. I would agree that properly up-to-date operating systems are a good thing, but it isn't made clear what this has to do with either prototyping or the cloud. There is a definite (and repeated) assertion that "bigger is better," but this idea is presented as an article of faith, rather than demonstrated. There is mention of the difficulty of maintaining core competencies, but no discussion of how you would determine that a large entity has such competencies. Some of the content is contradictory: there are many statements to the effect that the cloud allows instant access to services, but at least one warning that you cannot expect cloud services to be instantly accessible. Various commercial products and services are noted in one section, but there is almost no description or detail in regard to actual services or availability. Chapter two does admit that there can be some problems with using cloud services. Despite this admission some of the material is strange. We are told that you can eliminate capacity planning by using the cloud, but are immediately warned that we need to determine service levels (which is just a different form of capacity planning). In terms of preparation and planning, chapter three does mention a number of issues to be addressed. Even so, it tends to underplay the full range of factors that can determine the success or failure of a cloud project. (Much content that has been provided previously is duplicated here.) There is a very brief section on risk management. The process outline is fine, but the example given is rather flawed. (The gap analysis fails to note that the vendor does not actually answer the question asked.) SAS70 and similar reports are heavily emphasized, although the material fails to mention that many of the reasons that small businesses will be interested in the cloud will be for functions that are beyond the scope of these standards. Chapter four appears to be about risk assessment, but then wanders into discussion of continuity planning, project management, testing, and a bewildering variety of only marginally related topics. There is a very terse review of security fundamentals, in chapter five, but it is so brief as to be almost useless, and does not really address issues specifically related to the cloud. The (very limited) examination of security in chapter six seems to imply that a good cloud provider will automatically provide additional security functions. In certain areas, such as availability and backup, this may be true. However, in areas such as access control and identity management, this will most probably involve additional charges/costs, and it is not likely that the service provider will be able to do a better job than you can, yourself. A final chapter suggests that you analyze your own company to find functions that can be placed into the cloud. Despite the random nature of the book, the breadth of topics means it can be used as an introduction to the factors which should be considered when attempting to use cloud computing. The lack of detail would place a heavy burden of research and work on those charged with planning or implementing such activities. In addition, the heavily promotional tone of the work may lead some readers to underestimate the magnitude of the task. copyright, Robert M. Slade 2011 BKABVCLD.RVW 20110323