The book is an incredibly effective and valuable guide that details the risks that arise when deploying cloud solutions. More importantly, it provides details on how to test cloud services, to ensure that the proposed cloud service will work as described.
It is a great start to the topic. The 6 chapters detail a paradigm that cloud architects, managers and designers can use to ensure the success of their proposed cloud deployments.
The first two chapters are a very brief introduction to cloud computing. In chapter 3, the authors detail the role of the test manager. They write that the book is meant to give substance to the broadening role of the test manager within cloud computing. They encourage firms to make sure the test manager is involved in all stages of cloud computing; from selection to implementation. In fact, they write that it is only a matter of time until this service will be available in the cloud, in the form of TaaS – Testing as a Service.
Besides the great content, the book is valuable since it has many checklists and questions to ask. One of the reasons cloud hype is so overly pervasive, is that the customers believe what the marketing people say, without asking enough questions. It would have been an added benefit if these questions and checklists would be made available in softcopy to the reader.
In chapter 4, the book details performance risks. As to performance, an important aspect of selecting the correct cloud provider is scalability of the service. This then requires a cloud specific test to determine if the scaling capacity (also known as elasticity) of the provider will work efficiently and effectively in practice.
An extremely important point the authors make is that when choosing a cloud service, many firms don’t immediately think of having a test environment, because the supplier will themselves test the service. The absence of a test environment is a serious risk.
About 2/3 of the book is in chapter 5 – Test Measures. The chapter mostly details the test measures for SaaS, but also does address IaaS and PaaS testing. The chapter spends a lot of time on the importance of performance testing.
An important point detailed in the chapter is that of testing elasticity and manual scalability. This is an important topic since testing elasticity is a new aspect of performances testing. The objectives of elasticity tests are to determine if the performance of the service meets the requirements across the load spectrum and if the capacity is able to effective scale. The chapter details various load tests to perform.
In the section on guarantees and SLAs, the authors make numerous excellent points, especially in reference to cloud providers that may guarantee very high availabilities, but often hide behind contract language. They provide a number of good points to consider in regards to continuity guarantees, including determining what is meant exactly by up- and down-time; for example, is regular maintenance considered downtime or not.
Another key topic detailed is testing migration. The authors write that when an organization is going to use a service for an existing business process, a migration process is necessary. This includes the processes of going into the cloud, and backing the service out of the cloud.
With all of the good aspects to this book, a significant deficiency in it is that it lacks any mention of specific software testing tools to use. Many times the authors write that “there are many tools, both open source and commercial, that can” but fail to name a single tool. The reader is left gasping at a straw knowing of the need to perform tests, but clueless as to what the best tools to use are. Given the authors expertise in the topic, that lacking is significant.
The only other lacking in the book is in section 5.3 on testing security, the authors fail to mention any of the valuable resources on the topic from the Cloud Security Alliance. Specifically the Cloud Controls Matrix (CCM) and Consensus Assessments Initiative (CAI) questionnaire.
With that, Testing Cloud Services: How to Test SaaS, PaaS IaaS should be on the required reading list of everyone tasked with cloud computing. This is the first book to deal with the critical aspect of testing as it related to cloud computing. The ease of moving to the cloud obscures the hard reality of making a cloud solution work. This book details the hard, cold realities of turning the potential of cloud computing, in the reality of a working solution.
Had the designers of the Obamacare website taken into consideration the key elements of this book, it is certain that the debacle that ensued would have been minimize and the administration would not have had to send out a cry for help. The Obamacare website will turn into the poster child of how to not to create a cloud solution. Had they read Testing Cloud Services: How to Test SaaS, PaaS IaaS, things would have been vastly different.
Ben Rothke, CISSP, CISM, CISA is an information security manager with Wyndham Worldwide Corp., the world’s largest hospitality firm. Rothke has over 15 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design & implementation of systems security, encryption, cryptography and security policy development, with a specialization in the financial services and aviation sectors.
|He is the author of “Computer Security – 20 Things Every Employee Should Know” (McGraw-Hill). He is also a frequent speaker at industry conferences, such as RSA and MISTI, and holds numerous industry certifications. – See more at: http://www.rsaconference.com/speakers/ben-rothke#sthash.vszoeEyT.dpuf|