I wrote a pre-emptive review on Amazon some time ago for this book based upon an advance copy I was fortunate enough to receive. Since then there has been a revision of a number of chapters, and I have therefore had a chance to read the book again, including the revisions, and decided to post another more accurate review.

(Once I work out how to update my original post on Amazon I will do so).

As one reviewer on Amazon wrote, the book is like a series of disjointed blog articles. To my mind this is both a strength and possible weakness. The weakness being just what it says; sometimes the different writing styles and approaches, as well as the chapter changes can be a little jarring as you mentally shift gears from one chapter to another.

That said, I have long realised that books like this, written for large complex subjects, are not exactly meant to be read as novels! And this is where this books strength comes out. The contributing authors (at least the ones I recognise) are well respected experts in their fields and can therefore provide best of breed advice and guidance on their relevant areas.

The ability to either dip in and out at random and learn something, or even to search for a particular topic that you need advice on is the books greatest strength. Want to know how ISO27001 can help you? Chapter/Rule 9. Is free really free in the cloud? Chapter/Rule 25. How about the effective approaches to risk management? Chapter/Rule 6.

This book is not the definitive piece on technology and security in the cloud (does that book even exist?), but it is an effective and simple approach to a large and complex subject that in many cases will stop many traditional IT and security manager in their tracks. It may not even answer all of your questions, but it will definitely ensure you know what questions to ask, and that in itself is the most important lesson.

Score: 4 out of 5