With cloud computing quickly becoming a standard in today's IT environments, many security experts are raising concerns regarding security and privacy in outsourced cloud environments-requiring a change in how we evaluate risk and protect information, processes, and people.
Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud explains how to address the security risks that can arise from outsourcing or adopting cloud technology. Providing you with an understanding of the fundamentals, it supplies authoritative guidance and examples on how to tailor the right risk approach for your organization.
Covering onshore, offshore, and cloud services, it provides concrete examples and illustrative case studies that describe the specifics of what to do and what not to do across a variety of implementation scenarios. This book will be especially helpful to managers challenged with an outsourcing situation-whether preparing for it, living it day to day, or being tasked to safely bring back information systems to the organization.
Many factors can play into the success or failure of an outsourcing initiative. This book not only provides the technical background required, but also the practical information about outsourcing and its mechanics.
By describing and analyzing outsourcing industry processes and technologies, along with their security and privacy impacts, this book provides the fundamental understanding and guidance you need to keep your information, processes, and people secure when IT services are outsourced.
The information on the different countries ... provides a great perspective as to what is going on in the world and why it is so important to know who and what country you are dealing with. -Todd Fitzgerald, Global Information Security Director, Grant Thornton International, Ltd.
Outsourcing History of Outsourcing The Early Days of Outsourcing Current State Delivery Models Onshoring Nearshoring Offshoring Outsourcing Types Technology Outsourcing Business Transformation Outsourcing Business Process Outsourcing Knowledge Process Outsourcing The Internals of Outsourcing The Phases Typical Financial Outsourcing Model Geographical Regions The Top Outsourcing Countries India Indonesia Estonia Singapore China Bulgaria Philippines Thailand Lithuania Malaysia Outsourcing Personnel Consulting Personnel Former Employees of Clients Internal Resources Third-Party Personnel Hired Personnel Teams Salaries Growth Strategies The Cloud Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Private Cloud Community Cloud Public Cloud Hybrid Clouds What the Cloud Is and Is Not Beyond the Cloud Virtual Private Cloud Standardization between CSPs Compliance in the Cloud Security and Privacy Issues with Cloud Computing Scalability versus Elasticity On-Demand Self-Service Rapid Elasticity Resource Pooling Outages Denial of Service Virtualization Security Metering Hypervisor Security Virtual Networks Memory Allocation/Wiping Cloud Network Configuration Firewalls in the Cloud Self-Service Malicious Insiders Availability and Service Level Agreements Authentication, Authorization, Accounting Tenant Credibility Address the Cloud Security/Privacy Dilemma SAS-70, SOC 1, and SOC 2 Audits Cryptography and the Cloud Encryption Keys and the Cloud Third-Party Cloud Security Providers FedRAMP and the Federal Cloud How to Securely Move to the Cloud Before You Decide to Outsource Security and Privacy Impacts Secure Communication Telephone e-Mail Mobile/Cell Phones Smartphone BlackBerry Instant Messenger Letter and Parcels Organizational Impacts Legal Aspects Personnel Issues Technical Challenges Network Address Translation (NAT) Issues Single Sign-On and Federation (SAML/XACML) Backup Technologies Remote Desktop Support Trouble Ticket Systems Business Continuity Ready to Outsource The Perfect Outsourcing Company Doing Your Homework Understand What Is Offered Audit Reports Is BTO the Right Choice? Ask the Right Questions Dedicated Resources or Not? Talking with Existing Clients What Matters for the Outsourcing Company? Challenges Outsourcing Companies Face Which Security Controls-Ours or Theirs? Staff Augmentation Complete Outsourced Operation Cost Savings Security Controls Next Step-Clean House Maturity Level Alignment of IT and Security Strategy Gap Analysis Outsourcing Preparation Information Security Policy Organization of Information Security External Parties' Security Information Classification Security Prior to Employment Security During Employment Security Termination or Change-of-Employment Security Outsourcing Security Readiness Assessment Tactical Goals-Now or Later? Strategic Objectives-When? Day One and Beyond Enabling the Outsourcer Access to Required Information Documentation Personnel Transition Phase The Stable Years Security Incidents Outsourcing Personnel Turnover Regular Activities Reporting When We Part How to Prepare The Contract Analysis of What Needs to Be Done The Exit Plan When the Day Comes Taking Control Outsourcing Anecdotes British Health Records Transportation Strike in Bangalore Submarine Cable Cuts Cloud Outages T-Mobile: Sidekick in Danger of the Microsoft Cloud Outages at Amazon Are Sometimes Due to "Gossip" Google Services Impacted by Cloud Outages Microsoft's Azure and Hotmail Salesforce.com's Cloud Goes Down CloudFlare DDoS Background Investigation Lacking Privacy Laws-Not Here Can You Hear Me Now? CDMA Limitations Overlooked Transformation Successful-Patient Dead Public Instant Messenger-Share the Joy
Tertiary; University or College
Number Of Pages: 244
Published: 9th December 2013
Dimensions (cm): 23.5 x 15.6
Weight (kg): 0.48