ISACA Journal
Volume 3, 2,016 

Book Reviews 

Securing the Virtual Environment: How to Defend the Enterprise Against Attack 

Davi Ottenheimer and Matthew Wallace | Reviewed by A. Krista Kivisild, CISA, CA, CPA 

More than 60 percent of businesses utilize the cloud for performing IT-related operations, and over the next five years there is expected growth of 44 percent annually for public cloud use versus 8.9 percent growth for on-premises computing.1 Securing the Virtual Environment: How to Defend the Enterprise Against Attack explains that some advantages of virtualization include increased IT agility, greater hardware utilization, improved disaster recovery abilities and better business continuity capabilities.

However, there is security risk, which is likely to contribute to an increasingly risky environment associated with cloud use in the future. In fact, ransomware attacks soared by 113 percent in 2014,2 and statistics show that no industry is immune to cybercrimes.3 Even companies that are not yet using the cloud may be doing so in some form soon. Based on the increased amount of cyberattack activity, those who move to the cloud should first have a firm understanding of security and compliance in virtual and cloud computing environments. Securing the Virtual Environment: How to Defend the Enterprise Against Attack can help enterprises begin to understand the challenges associated with the use of new virtual technologies.

This book is aimed at anyone with an interest in security and compliance in virtualized and cloud environments—appealing to both technical and nontechnical readers. For the nontechnical, there is information on the risk and rewards of the virtualized and cloud environments and examples of these are provided throughout the book. The book does not delve deeply into any particular cloud platform, but provides good coverage of the basics of virtualized environments, which makes it an excellent primer on the subject. For technical readers, the authors suggest beginning with the appendix and the included DVD to find instructions on how to build a virtual attack lab for use in the hands-on sections of the book. The authors aim to allow the reader to see that technology can be beneficial—not just for the advantages it brings, but also to empower organizations with tools to better manage their security environment.

One of the most useful aspects of this book is the inclusion of security basics that made what could be a complex topic (attacks in a virtual infrastructure environment) much more understandable. The book leads the reader through that journey, starting with an introduction on the basics of the cloud and security and then addressing attacks, risk, favored attack methods and virtualization compliance. Since virtualization and the cloud change so rapidly, the book also provides suggestions on web resources that can help enterprises navigate through securing their virtual environment. Through this book, readers not only get an education in cloud and virtualization, but gain a better understanding of how this technology has been implemented in their enterprise environment.

Endnotes

1 Woods, J.; “20 Cloud Computing Statistics Every CIO Should Know,” SiliconANGLE, 27 January 2014, http://siliconangle.com/blog/2014/01/27/20-cloud-computing-statistics-tc0114/
2 Symantec, 2015 Internet Security Threat Report, Volume 20, 2015, www.symantec.com/security_response/publications/threatreport.jsp
3 Kassner, M,; “New Ponemon Report Shows Cybercrime Is on the Rise,” TechRepublic, 3 November 2014, www.techrepublic.com/article/new-ponemon-report-shows-cybercrime-is-on-the-rise/

Editor’s Note

Securing the Virtual Environment: How to Defend the Enterprise Against Attack is available from the ISACA Bookstore. For information, visit www.isaca.org/bookstore, email bookstore@isaca.org or telephone +1.847.660.5650.

Reviewed by A. Krista Kivisild, CISA, CA, CPA
Who has had a diverse career in audit while working in government, private companies and public organizations. She has served as a volunteer instructor, training not-for-profit boards on board governance concepts; has worked with the Alberta (Canada) Government Board Development Program; has served as the membership director and CISA director for the ISACA Winnipeg (Manitoba, Canada) Chapter; and is a member of the ISACA Publications Subcommittee.

 

Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.