There’s certainly been plenty, perhaps too
much, talk on cloud computing. There’s infrastructure-as-a-Service,
software-as-a-Service, platform-as-a-Service - everything is now sold as-a-service.
But aspect of all of this that doesn’t get much attention is how cloud
computing affects incident response. And even if you’ve yet to move to cloud in
a significant way, incident response in the cloud is something you should start
considering long before you make the move.
Anthony Di Bello So how does cloud computing affect incident
response? There are a number of ways. First, and possibly most significantly,
security and incident response in cloud computing are so brand new that
everyone - from cloud providers, security vendors, to enterprises, are still
striving to get their hands fully around the issue. There are a number of
worthwhile organizations that can help with this, such as the European Network
and Information Security Agency (ENISA), which has published some material relating
to cloud security and incident response. In North
America there’s the Cloud Security Alliance (CSA), which has recently created a
cloud computing security incident response team dedicated to cloud incident response.
Interestingly, some of the biggest
challenges around cloud computing aren’t technical at all, they’re legal. The
legal vagaries surrounding cloud make it difficult to understand how incident
response can be executed in the event of a breach or attack. Who owns the data
in the breach? In many cloud contracts, it turns out technically the cloud
service provider owns the data. Is your service provider contractually
obligated to notify you should they be breached? Are you sure about your
answer? Legal experts say that clients need to make certain that their
contracts cover things such as breach notification, the cost of lost downtime
or data that has been destroyed.
Also, are you confident, in the event of a
breach, that your cloud services provider can conduct an incident investigation
- or provide the way for you to investigate the breach against your systems,
data, or applications?
If a customer can’t do it themselves,
should cloud providers be offering incident response and e-Discovery as a
service? That’s a possibility because existing incident response technology
does work in the cloud, but its use is more a matter of data ownership, legal
authority, and accessibility to affected systems that it is about technical
challenges.
As more data moves to the cloud, attackers
are going to increasingly target cloud-based systems. But until the rules about
incident response become more clearly defined, one of the most important things
you can do now to prepare yourself and make sure your cloud provider has the
appropriate incident response capabilities in place, and that you have the
right contractual agreements set for when something goes wrong (and it will,
eventually, at one or more of your cloud services providers).
While most will wait until there is an
actual breach before asking these questions, it’s not the best time to do so.
In actuality, it may be the worst time. That’s because a breached services
provider is not going to be in the mood to go beyond what is detailed in the
contract while they are in the midst of an incident.
So it’s best to have how incident response
will be handled long before that happens. To learn more about how incident
response capabilities are critical to understanding the source, scope and
damages suffered by a suspected attack, visit www.guidancesoftware.com/cybersecurity.
No comments :
Post a Comment