Security book reviews from inside the infosec industry.

The Cloud Security Rules Review



The Cloud Security Rules, a book authored by no less than 18 people is as mixed as you might expect. Best viewed as a collection of essays, there are some brilliantly written articles paired with some that will leave you scratching your head.

The Cloud Security Rules

I received a review copy from Kai Roer (one of the editors and authors), and this book was one of the main reasons I haven't posted a review for a while. I found this book extremely difficult to read, not because of the book but as someone who typically only reads technical security books, I struggled to cope with material that's written for a level significantly different to that which I'm used to. This really is a problem with me as a reviewer and not the book at all and I was in two minds about publishing it.

As I mentioned, with 18 authors this is best approached as a series of essays. There's some real gold here from Anton Chuvakin's essay on logging to Javvad Malik's "Free isn't cheap" piece, which is something I wouldn't expect to see in a book I'd expect to advocate the cloud but is refreshingly honest. Brian Honan has a couple of good essays, in particular his piece on incident management (Disclaimer: I know Brian and Javvad personally). In other areas there's some content that I feel is wrong, no scratch that - I'm fairly certain I could obtain evidence to prove the assumptions are wrong - and a few places where you're left wondering about the relevance of the material being discussed (e.g. DRM). I was particularly unimpressed with what looked like a thinly veiled plug for GFI's mail services in one chapter. Much of the problems with the book stem from the 'too many cooks' problem. It's also this that saves the book as many of the essays are rather short.

Because the chapters are fairly short it's easy to just skip through to the next one if the current one doesn't really do it for you. While the essays are drawn around the cloud theme, the book as a whole comes across as a little incoherent. With this many authors, expecting the essays to flow into each other would probably be a little much.

The chapter on cloud publishing was particularly interesting, unexpected and completely meta, but worth a read and a good example of how the cloud can be used to deliver things that might otherwise be impossible without it.

As I said at the start, I'm not really the target audience for the book. There are some typographical errors, perhaps more than you'd expect but as a self-published book it'd be hard not to recognise the problems with getting the same quality of editing as you'd expect from a fully staffed publishing house. For people who are considering the cloud and want a better understanding of the risks, this is a fairly good book, albeit flawed in places. I'd recommend specific chapters rather than the whole thing, but dig around and you'll find the gold in the book pretty quickly.

The Cloud Security Rules review score: 3/5.

The Cloud Security Rules* is available from Amazon. (What's the *?)

If you like what you've read, please feel free to tip me in bitcoin at 17zNBi3CDhuoaqHJmfyCMNzQcjttiD7e7W

Creative Commons License
Security Book Reviews is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.