Cloud forensics: An overview
|
|
- Beatrice Green
- 6 years ago
- Views:
Transcription
1 Cloud forensics: An overview Keyun Ruan, Prof. Joe Carthy, Prof. Tahar Kechadi, Mark Crosbie* Centre for Cybercrime Investigation, University College Dublin, * IBM Ireland Ltd {keyun.ruan, joe.carthy, tahar.kechadi}@ucd.ie, mcrosbie@ie.ibm.com Abstract Cloud computing is estimated to be one of the most transformative technologies in the history of computing. Cloud organizations, including the providers and customers of cloud services, have yet to establish a well-defined forensic capability. Without this they are unable to ensure the robustness and suitability of their services to support investigations of criminal activity. In this paper, we take the first steps towards defining the new area of cloud forensics, and analyze its challenges and opportunities. Keywords: Cloud forensics, cloud computing, digital forensics 1. Introduction Cloud computing has the potential to become one of the most transformative developments in the history of computing, following the footsteps of mainframes, minicomputers, PCs (Personal Computers), and smart phones (Perry et al., 2009). It is radically changing the way how information technology services are created, delivered, accessed and managed. According to a May 2008 forecast by Merrill Lynch (2008), the volume of the cloud computing market opportunity will amount to $160 billion by According to an October 2008 forecast by IDC (International Data Corporation) (Gens, 2008), spending on cloud services is growing at five times the rate of traditional on-premises IT (Information Technology). Even more striking than this high growth rate is the contribution the growth of cloud offerings will soon make to the overall growth of the IT market; Cloud computing services will generate approximately one-third of the net new growth within the IT industry. In March 2009, Gartner (2009) forecasted that the worldwide cloud service market is expected to reach $150.1 billion in Businesses around the world are rapidly adopting cloud computing. The 2009 F5 cloud computing survey (F5 Network and Applied Research West, 2009) found that, 66% of 250 IT managers interviewed have dedicated budget funds for the Cloud, 71% expect cloud computing budgets to grow over the next two years. One conclusion from the survey is that cloud computing is gaining critical mass among large enterprises: 82% of the respondents said they are "in some stage of trial, implementation or use of public clouds" and 83% said the same for use of private clouds. Government agencies are also seeing a shift into cloud adoption. A recent InformationWeek government survey (Foley, 2010) of IT managers in federal government found that 22% planned to implement cloud computing over the next 12 months and another 22% within two years. According to research from INPUT (2009), in the United States, public sector investment in cloud
2 computing is likely to more than double in the next five years, and US Federal government spending on the Cloud will increase steadily, reaching $792 million by Over the last decade, the number of crimes that involve computers and Internet has grown, spurring an increase in companies and products that aim to assist law enforcement in using digital evidence to determine the perpetrators, methods, timing and victims of computer crime. As a result, digital forensics has evolved to assure proper presentation of computer and cyber crime evidentiary data in court. According to Federal Bureau of Investigation [FBI] 2008 statistics, in the United States, the size of the average digital forensic case is growing at the rate of 35% per year from 83 GB in 2003 to 277 GB in With storage capacity growth outpacing network bandwidth and latency improvements, forensic data is not only getting bigger, but is also growing significantly larger relative to the ability to process them in a timely manner, as stated by Roussev et al. (2009). The rise of cloud computing not only has exacerbated the problem of scale for digital forensic activities, but also created a brand new front for cybercrime investigation with various challenges. Digital forensic practitioners must extend digial forensic knowledge and tools into cloud computing environments, and help cloud organizations, including both CSP (Cloud Service Provider) and cloud customers, to establish a forensic capability in order to reduce cloud security risks. Otherwise, cloud organizations will have difficulties in carrying out investigations on critical incidents happened in the Cloud such as criminal intrusions and major policy violations, as well as collaborating with law enforcement in cases of resource confiscation, etc. In this paper, we take the first step to give an overview of the new area, cloud forensics, and analyze its challenges and opportunities. 2. Discussion on the definitions of cloud forensics 2.1 Cloud forensics We propose in this paper the definition of cloud forensics as the application of digital forensics in cloud computing as a subset of network forensics, as shown in Figure 1. Figure 1. Where is cloud forensics? Firstly, we identify cloud forensics as a cross-discipline between cloud computing and digital forensics. There are various definitions for both cloud computing and digital forensics to this date, and in this paper we adopt the current definitions for both cloud computing and digital forensics from NIST:
3 Digital forensics is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. (Kent et al.,2006) Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing has five essential characteristics, i.e., on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service. It has three service models, i.e., Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS) and Cloud Infrastructure as a Service (IaaS). And it has four deployment models, i.e., private cloud, community cloud, public cloud and hybrid cloud. (Mell and Grance, 2009) Secondly, we recognize cloud forensics as a subset of network forensics (DFRWS, 2001), as network forensics deals with forensic investigations in any kind of public or private networks, and cloud computing is based on broad network access, thus technically, cloud forensics should follow the main phases of network forensic process with extended or novel techniques tailored for cloud computing environment in each phase. 2.2 The three dimensions of cloud forensics As we can see from the NIST definition, cloud computing is an evolving paradigm with complex aspects. Its essential characteristics have dramatically reduced the cost of IT which is driving the global trend in the rapid strategic adopting of cloud computing in businesses and governments (EurActiv, 2011). To ensure service availability and cost-effectiveness, major CSPs, such as Amazon, Salesforce.com, and Google all have data centers around the world in different jurisdictions providing cloud services. Data stored in one data center is replicated to multiple locations to ensure abundance and reduce the risk of single point of failure. Of course these points of replication are potentially under many separate jurisdictions. Segregation of duties between the CSP and the customer in forensic responsibilities becomes different in different service models, and interactions between multiple tenants sharing same cloud resources are different in different deployment models. As a result, multi-jurisdiction and multi-tenancy have become a default setting for cloud forensics, creating much more legal challenges. Sophisticated collaborations between the CSP and the customer, or between multiple tenants sharing same resources, or among international law enforcement are required in most of the cloud forensics cases. In order to analyze the problem more comprehensively, and to emphasize the fact that cloud forensics is a multidimensional issue instead of only a technical issue, we would like to extend the definition of cloud forensics across three major dimensions; organizational, legal and technical, as shown in Figure 2.
4 Figure 2. Cloud forensic three-dimensional model The technical dimension The technical dimension involves a set of tools and procedures to carry out the forensic process in cloud computing environments. We emphasize some of the key aspects in the technical dimension as follows: 1. Forensic data collection Cloud forensic collection is the process of identifying, labelling, recording, and acquiring forensic data from the possible sources of data in the Cloud. These data sources include client-side artefacts that reside on client premises, and provider-side artefacts reside on provider infrastructure. Since the segregation of duties is different in different cloud service models, the tools and procedures to collect forensic data are also different. In different deploy models, provider-side artefacts are different, e.g., in public clouds, provider-side artifacts need to be segregated among multiple tenants, whereas in private clouds, there is no such need. The sequence order in which data is collected is defined according to the volatility of data; highly volatile data (i.e. RAM images) should be collected first, followed by data with lower volatility. The collection process should follow procedures that preserve the integrity of data, with clearly-defined segregation of duties between client and provider, and without breaching law(s) and regulation(s) under the jurisdiction(s) where data is collected, or compromising confidentiality of any other tenant(s) sharing the same resource(s). 2. Elastic, static and live forensics Rapid elasticity is one of the essential characteristics of cloud computing. Cloud compute and storage resources can be provisioned and deprovisioned on demand. As a result, cloud investigation tools also need to be elastic; in most cases large scale static and live forensic tools are required, such as e-discovery, data
5 acquisition, data recovery, evidence examination, evidence analysis tools and tools to collect volatile data. 3. Evidence segregation Another essential characteristic of cloud computing is resource pooling. IT cost is reduced in multi-tenant environments where various resources are shared. However, cloud forensics involves the reverse process of evidence segregation, but the underlying components that make up the cloud infrastructure, e.g., CPU (Central Processing Unit) caches, GPU (Graphis Processing Units), etc., were not designed for strong compartmentalization in a multi-tenant architecture (CSA, 2009). Tools and procedures to segregate forensic data in the cloud among muliple tenants in different deployment models and different service models need to be developed. 4. Investigations in virtualized environments Virtualization is a key technology used to implement cloud services. However tools and procedures are yet to be developed for investigations in virtualized environment, e.g. hypervisor investigations. On the other hand, while operations are mostly virtualized in cloud environments, investigations in most cases require evidence retrieval from physical locations. Loss of data control is one of the major security challenges in the Cloud (CSA, 2009). In cloud forensics, tools and procedures need to be developed to physically locate forensic data at a given timestamp, and physically trace forensic data at a given time period, taking into considerations of the jurisdiction(s) of the physical locations. 5. Pro-active preparations Pro-active measures can be taken as preparations to make forensic investigation easier. Such measures include designing forensic-aware cloud applications, and pro-actively collecting forensic data in the Cloud using tools provided by the CSP or tools developed from the customer side. It often involves a set of design principles, such as conducting regular snapshots to remote storage, regularly tracking authentication and access-control records and performing object-level auditing of all access The organizational dimension
6 Figure 4. Cloud forensic organizational structure Forensic investigations in cloud computing environments always involves at least two parties: the CSP, and the cloud customer. When the CSP outsources services to other parties, the scope of investigation widens. Figure 4 shows the proposed organizational structure needed in order to carry out cloud forensic activities efficiently and effectively with a joint effort Organizational structure for each cloud organization In order to establish a forensic capability, each cloud organization, including the providers and customers of cloud services, is required to define a structure of internal staffing, provider-customer collaboration, and external assistance fulfilling the following roles: Investigators: the investigators (on the provider side and on the customer side) are responsible for collaborative investigation allegations of misconduct in the Cloud and working with external assistance or law enforcement when needed. They not only need knowledge of how to carry
7 out investigations from their own sides, but also need to understand the forensic capabilities of the parties they are interacting with and the segregation of duties among these parties regarding forensic investigation. IT Professionals: this group includes system, network, and security administrators, ethical hackers, cloud security architect, and technical support staff in the cloud organization. They contribute to the investigation with their expertise, facilitate the investigators in accessing the crime scene, and may also perform data collection for the investigators. Incident Handlers: this group responds to a variety of specific security incidents in the Cloud, such as unauthorized data access, accidental data leakage and data loss, breach of tenant confidentiality, inappropriate system usage, malicious code infections, malicious insider attack, (distributed) denial of service sttacks, etc. It is wise for a cloud organization to have a written plan with categorized security incidents on different levels of the Cloud and respective incident handlers to be referred to in cases of forensic investigations. Legal Advisors: It is crucial to include legal advisors in forensic staffing who are familiar with multi-jurisdiction and multi-tenant issues in the Cloud so that any forensic activities will not violate regulations under respective jurisdiction(s) or confidentialities of other tenant(s) sharing the same resource(s). Service Level Agreements (SLAs) must be written with clauses that explain the procedures to follow in the event of a forensic investigation. An internal legal advisor should be involved in drafting these clauses so that they respect the law across all jurisdictions in which the CSP operates. Internal legal advisors are also responsible to communicate and collaborate with external law enforcement during the course of a forensic investigation. External Assistance: in most cases, it is wise for the cloud organizations to rely on a combination of its own staff and external parties to perform forensic tasks such as e-discovery, investigations on civil cases, investigations on external chain of dependencies. It is important for cloud organizations to determine in advance, which actions should be performed by external assistance regaring forensic activities, and make it clear in relevant policies, guidelines and agreements which are transparent to its service customers and law enforcement when necessary Chain of Dependencies CSPs and most cloud applications oftern have dependencies on other CSP(s). The dependencies in a (discrete) chain of CSP(s)/customer(s) can be highly dynamic. In such a situation investigation in the Cloud may depend on the investigations of each one of the links in the chain and level of complexity of the dependencies. Any interruption or corruption in the chain or a lack of coordination of responsibilities
8 between all the parties involved can lead to problems. Essential communications and collaborations regarding forensic activities through this chain need to be facilitated by organizational policies and legally binded in the SLAs. The chain of CSP(s)/cloud customer(s), taking into consideration the chain of dependencies between them, has to communicate and collaborate with the following parties in order to facilitate effective and efficient forensic activities. Law enforcement: the top priority for cloud organizations is the availability of service and the top priority for law enforcement is the prosecution of criminals (DFRWS, 2001). These two different priorities often clash in situations such as evidence collection. Cloud organizations need to work closely with law enforcement to improve mutual understanding, and collaborate much further in the cases such as resource confiscation. Third parties: cloud organizations need to work closely with third parties for auditing and compliance purposes regarding cloud forensics. Academia: cloud organizations need to work closely with academia on cloud forensic research and education in order to contribute to the knowledge of the area, and also to receive up-to-date training for their internal forensic staff The legal dimension Multi-jurisdiction and multi-tenancy Multi-jurisdiction and multi-tenancy challenges have been identified as the top legal concerns among digital forensics experts (Broadhurst, 2006; Liles et al., 2009) and these two issues are both exacerbated in the Cloud. Regulations and agreements have to be developed in the legal dimension of cloud forensics, to secure that forensic activities will not breach any laws or regulations under any jurisdiction(s) where the data resides in, and the confidentiality of other tenants sharing the same infrastructure will not be compromised, throughout the investigation Service Level Agreement SLA defines the terms of use between a pair of CSP and cloud customer. The following terms regarding forensic investigations are not in place at the moment and have to be included into the SLA. (1) Service provided, techniques supported, access granted by the CSP to the customer regarding forensic investigation (2) Trust boundaries, roles and responsibilities between the CSP and the cloud customer regarding forensic investigation (3) How forensic investigations are secured in a multi-jurisdictional environment in terms of legal regulations, confidentiality of customer data, and privacy policies (4) How forensic investigations are secured in a multi-tenant environment in terms of legal regulations, confidentiality of customer data and privacy policies
9 2.3 Cloud crime We extend the definition of computer crime by Casey (2000) to cloud crime. Cloud crime is any crime that involves cloud computing. The Cloud can be the object, subject or tool of crimes. The Cloud is the object of the crime when the CSP is the target of the crime and is directly affected by the criminal act, e.g. DDOS (Distributed Denial of Service) attacks targeting part(s) of the Cloud or even the entire cloud. The Cloud is the subject of the crime when it is the environment where the crime is committed, e.g., unauthorized modification or deletion of data residing in the Cloud, identity theft of users of the Cloud. The Cloud can also be the tool used to conduct or plan a crime, e.g., evidence related to the crime can be stored and shared in the Cloud and a Cloud that is used to attack other Clouds is called a dark Cloud. 2.4 Usage of cloud forensics There are various usages of cloud forensics. We summarize them as follows: (1) Investigation Investigation on cloud crime and policy violation in multi-jurisdictional and multi-tenant cloud environments Investigation on suspect transactions, operations and systems in the Cloud for incident response Event reconstruction in the Cloud Providing admissible evidence to the court Collaboration with law enforcement in resource confiscation (2) Troubleshooting Locating data file and hosts virtually and physically in cloud environments. To determine the root cause for single events or trends spanning multiple events over time, and to develop new strategies to help prevent recurrence of similar incidents. Tracing an event and assessing the current state of an event in the Cloud Resolving functional issues in cloud applications and cloud services Resolving operational issues in cloud systems Security incident handling in the Cloud (3) Log Monitoring Collecting, analyzing and correlating log entries across multiple systems in the Cloud, assisting in auditing, due diligence, regulatory compliance and other efforts (4) Data and System Recovery Recovering data in the Cloud, that has been accidentally or intentionally deleted or modified Recovering encrypted data in the Cloud, when the encryption key has been lost. Recovering systems from accidental damage or attacks Acquiring data from the Cloud that are being redeployed, retired or need to be sanitized (5) Due Diligence/Regulatory Compliance
10 Helping organizations exercise due diligence and comply with requirements such as protecting sensitive information, maintaining certain records for audit purposes, notifying impacted parties when protected information is exposed, etc. 3. Challenges In order to establish a forensic capability for cloud organizations in all three-dimensions defined above, we are facing enormous challenges. In the technical dimension, we have very limited tools and procedures in all five major components that we emphasize in this paper. In the legal dimension there is currently no agreement among cloud organizations on collaborative investigation, and no terms and conditions are present in SLAs on segregation of duties between CSP and cloud customer. International cyber law and policies must progress to help resolve the issues surrounding multi-jurisdiction investigations. 3.1 Challenges in forensic data collection In all combinations of cloud service and deployment models, the cloud customer faces the challenge of decreased access to forensic data. Access to forensic data varies dependent on the cloud model; IaaS customers enjoy relatively easy access to all data required for a forensic investigation, while SaaS customers may have little to no access to data required. Decreased access to forensic data means the cloud customer generally has no control or knowledge over the exact physical location of their data, and may only be able to specify location at a higher level of abstraction, typically as an object or container identified. CSPs intentionally hide the location of data from customers to facilitate data movement and replication. Moreover, there is a lack of appropriate terms of use in the SLA (Service Level Agreement) to enable general forensic readiness in the Cloud. Many CSPs do not provide services or interfaces for the customers to gather forensic data. For example, SaaS (Software as a Service) providers may not provide access to the IP logs of clients accessing content; IaaS (Infrastructure as a Service) providers may not provide forensic data such as recent VM (Virtual Machine) and disk images. In the Cloud, the customers have decreased access to relevant log files and metadata in all levels as well as a limited ability to audit the operations of the network of their CSP and conduct real-time monitoring on their own networks. 3.2 Challenges in elastic, static and live forensics The proliferation of endpoints, especially mobile endpoints, is a challenge for data discovery and evidence collection. The impact of crimes and the workload of investigation can be exacerbated in cloud computing simply because of the sheer number of resources connected to the Cloud. Time synchronization is crucial to the audit logs that are used as source of evidence in the investigation. Accurate time synchronization has been always an issue in network forensics, and is made all the more challenging in a cloud environment as timestamps must be synchronized across multiple physical machines spread in multiple geographical regions, between cloud infrastructure and remote web clients including numerous end points. Similar to time synchronization, unification of log formats has been a traditional issue in network forensics and the challenge is exacerbated in the Cloud because it is extremely difficult to unify the log formats or make them convertible to each other from the massive resources available in the
11 Cloud. Furthermore, proprietary or unusual log formats of one party can become major roadblocks in joint investigations. In computer forensics, recovered deleted data is an important source of evidence, so it is in the Cloud. In AWS (Amazon Web Service) the right to alter or delete the original snapshot is explicitly reserved for the AWS account that created the volume. When item and attribute data are deleted within a domain, removal of the mapping within the domain starts immediately, and is also generally complete within seconds. Once the mapping is removed, there is no remote access to the deleted data. Storage space occupied by the data elements deleted is made available for future write operations and the it is likely that storage space will be overwritten by newly stored data. However, some deleted data might be still present in the snapshot after deletion (Amazon, 2010). A simple challenge is: how to recover deleted data, identify the ownership of deleted data, and use deleted data as sources of event reconstruction in the Cloud? 3.3 Challenges in evidence segregation In the Cloud, different instances running on the same physical machine are logically isolated from each other via hypervisor. An instance s neighbours have no more access to that instance than any other host on the Internet and can be treated as if they are on separate physical hosts. Customer instances have no access to raw disk devices, but instead are presented with virtualized disks. On the physical level system audit logs of shared resources and other forensic data are shared among multiple tenants. Currently, the provisioning and de-provisioning technologies still need to be much improved in the Cloud (CSA, 2009), and it remains a challenge for the CSP and law enforcement to keep the same segregating in the whole process of investigation without breaching the confidentiality of other tenants sharing the same infrastructure and ensure the admissibility of the evidence. Another issue is that the easy-to-use feature of cloud models results in a weak registration system, facilitating anonymity that is easy to be abused and making it easier for cloud criminals to conceal their identities and harder for investigators to identify and trace suspects as well as segregate evidence. Moreover, encryption is used in the Cloud to separate data hosting of the CSPs and data usage of the cloud customers and most of the major CSPs encourage customers to encrypt their sensitive data before uploading to the Cloud if encryption is not provided by the CSP by default (Amazon, 2010; Force.com, 2010; Google, 2010). Unencrypted data in the Cloud can be considered lost from a strict security perspective. A chain of separation is required to segregate key management from the CSP hosting the data and needs to be standardized in contract language. Agreement has to be made among the law enforcement, the cloud customer and the CSP on granting access to keys of forensic data, otherwise evidence can be easily compromised when encryption key is destoryed. 3.4 Challenges in virtualized environments Cloud computing claims to provide data and compute redundancy by replicating and distributing resources. However in reality most CSPs implement instances of a cloud computer environment in a virtualized environment. Instances of servers run as virtual machines, monitored and provisioned by a hypervisor. The hypervisor in a Cloud is analogous to a kernel in the traditional operating
12 system. Attackers will aim to focus their attacks against the hypervisor; compromise of the hypervisor amplifies any attack as many compute resources rely on its security. For law enforcement and cloud investigators, however, there is a huge lack of policies, procedures and techniques on hypervisor level to facilitate investigation. In the Cloud, mirroring data for delivery by edge networks, its redundant storage in multiple jurisdictions and the lack of transparent real-time information about where data is stored introduces difficulties for investigation. Investigators may unknowingly violate regulations, especially if clear information is not provided about the jurisdiction of storage (ENISA,2009). The CSPs cannot provide tools for the customer to locate at a given time, or trace at a given period of time, precisely and physically the multiple locations of a piece of data across all the geographical regions where the Cloud resides. Furthermore, the distributed nature of cloud computing forces a stronger international collaboration between law enforcement and industry, in cases such as confiscating a Cloud since the agency of a single nation cannot manage it when the physical servers are spread across different countries. 3.5 Challenges in internal staffing Today most cloud organizations are dealing with investigations with traditional network forensic tools and staffing, or are simply neglecting the issue. The major challenge in establishing a cloud forensic organizational structure is the lack of forensic expertise and relevant legal experience. The deep-rooted reasons for this challenge, which is also a challenge for the whole discipline of digital forensics, are firstly, the relative slow progress of forensic research compare to the rapidly evolving technology and secondly, the slow progress of relevant laws and international regulations. With only a decade of research and development, the discipline of digital forensics is still in its infancy, new forensic research areas in non-standard systems (Beebe, 2009), such as cloud computing, need to be explored, techniques need to be developed, regulations need to catch up, law advisors need to be trained, staff need to be equipped with new knowledge and skills to deal with the new grounds for cyber crimes created by the rapid rise of new models such as cloud computing. 3.6 Challenges in external chain of dependency As mentioned in the organizational dimension of cloud forensics, CSPs and most cloud applications often have dependencies on other CSPs. For example, a CSP providing an application (SaaS) may depend on a 3rd party provider to host log-files (PaaS), who in turn may rely on a partner to provide infrastructure to store log files (IaaS). Although many predict the industry is moving towards federated or integrated Cloud in the near future, today every CSP has a different approach to solving this problem. Correlation of activities across CSPs is a big challenge. Investigation in the chain of dependencies between CSPs may depend on the investigations of each one of the links in the chain and level of complexity of the dependencies. Any interruption or corruption in the chain or a lack of coordination of responsibilities between all the parties involved can lead to problems. Currently threre are no tool, procedure, policy or agreement regarding crossprovider forensic investigations. 3.7 Challenges regarding SLA
13 Important terms regarding forensic investigations are not included in the SLA at the moment. This is because there is a lack of customer awareness, a lack of CSP transparency and a lack of international regulations. Most cloud customers are still not aware of the potential issues that might rise regarding forensic investigations in the Cloud and their significance. The consequence is that they might end up not knowing anything at all about what has happened in the Cloud in cases when their data is lost in criminal activities and has no right to claim any compensation. CSPs are not willing to ensure transparency to the customers regarding forensic investigations because they either do not know how to investigate cloud crimes themselves or the methods and techniques they are using are likely to be problematic in the highly complex and dynamic multi-jurisdiction and multi-tenancy cloud environment. The progress of any law and regulations including law and regulations of cyber crimes is very slow, while cloud computing is rapidly emerging as a new battlefield of cyber crimes for hackers who are equipped by the most updated techniques, investigators, law enforcement and various cloud organizations. 3.8 Challenges regarding Multi-Jurisdiction and multi-tenancy The legal challenges of multi-jurisdiction and multi-tenancy concern the differences among legislations in all the countries (states) the Cloud and its customers reside in. The differences between jurisdictions affects on issues such as what kind of data can be accessed and retrieved in the jurisdiction(s) where the physical machine(s) from which data is accessed and retrieved, how to conduct evidence retrieval without breaching privacy or privilege rights of tenants according to the privacy policis and regulations in the organizations and specific jurisdiction where multiple tenants data is located, what kind of evidence is admissible to the court in the specific jurisdiction, what kind of chain of custody is needed in the evidence preservation in the jurisdiction(s) where forensic data has passed during an investigation in the Cloud. Multi-jurisdiction issues also concern lack of legislative mechanism that facilitates collaboration between industry and law enforcement around the world, in cases such as resource seizure, cloud confiscation, evidence retrieval, data exhchange between countries, etc. 4. Opportunities 4.1 Cost Effectiveness Everything is less expensive when implemented on a larger scale, including security and forensic services. Cloud computing is currently very attractive to SMEs (Small and Medium Enterprises) due to the cost advantage which also applies to forensic implementations. SMEs that cannot afford dedicated internal or external forensics implementations or services may have an upgrade at relatively low cost when adopting cloud computing. 4.2 Data Abundance Amazon S3 and Amazon Simple DB ensure object durability by storing objects multiple times across multiple Availability Zones on the initial write and then actively doing further replication in the event of device unavailability or detected bit-rot to reduce the risk of single point of failure (Amazon, 2010). Data abundance generated in the Cloud is helpful to investigations as full data deletion cannot be guaranteed and investigators can take advantage of it to recover data as evidence. Scaled up to the Cloud, when a request to delete a cloud resource is made it actually
14 technically can never result in true wiping of the data. Full data deletion may only be guaranteed by destroying the resource that is shared with other cloud tenants. Thus pieces or segments of data that is crucial to investigation are very likely to remain somewhere in the Cloud for the investigators to discover. 4.3 Overall Robustness Some of the cloud technologies help to improve the overall robustness of forensics in the Cloud. For example, Amazon S3 generates an MD5 hash automatically when you store an object. So theoretically, the cloud customers do not need to look for external tools to generate timeconsuming MD5 checksums. IaaS offerings support on-demand cloning of virtual machines. As a result, in the event of a suspected security breach, the customer can take an image of a live virtual machine for offline forensic analysis, leading to less downtime for analysis. Multiple clones can also be created and analysis activities parallelized to reduce investigation time. This improves the analysis of security incidents and increases the probability of tracking attackers and patching weaknesses. Amazon S3 allows customer to use Versioning to preserve, retrieve, and restore every version of every object stored in the S3 bucket. An Amazon S3 bucket can be configured to log access to the bucket and objects within it. The access log contains details about each access request including request type, the request resource, the requestor s IP, and the time and date of the request (Amazon, 2010). All of these can be used to investigate abnormal incidents and application failures. 4.4 Scalability and Flexibility Cloud computing allows scalable and flexible usage of resources which also applies to forensic services. For example, it can provide unlimited pay-per-use storage of logs, allowing more comprehensive logging without compromising performance. It can also massively increase the efficiency of indexing, searching and various queries of the logs. Cloud instances can be scaled as needed based on the logging load. Furthermore, forensic activities only take place when incidents happen which can largely take advantage of the cost-effectiveness of cloud computing. Customers have the choice to build their own dedicated forensic server(s) in the Cloud, ready to use only in need. 4.5 Standards and Policies Forensics has often been an after-thought when technology develops, creating many so-called bandage solutions and ad-hoc solutions (Meyers and Rogers, 2004). Cloud computing is a transformative technology which is changing the way IT is managed and generating a new wave of innovations. Cloud computing is still at its early stage and this is a unique opportunity to lay a foundation of standards and policies for cloud forensics that will evolve together with the technology until it matures. 4.6 Forensics-as-a-Service The concept of Security as a Service is emerging in cloud computing. For example, research has shown the advantages of a cloud platform for large-scale forensic computing (Roussev et al.,2009) and cloud-based anti-virus software (Oberheide et al., 2008). The emerging delivery models include established information security vendors changing their delivery methods to include
15 services delivered through the Cloud, and start-up information security companies play as pure CSPs and provide security only as a cloud service and do not provide traditional client/server security products for networks, hosts, and/or applications. Likewise, Forensics as a [Cloud] Service can be developed in the same way to make use of the massive computing power to facilitate cyber criminal investigations on all levels. 5. Future work and conclusions The rise of cloud computing is pushing digital forensics into a new horizon. Many existing challenges are exacerbated in the Cloud, including jurisdictional issue and the lack of international collaboration, while the new environment also brings unique opportunities for foundational standards and policies. Cloud computing is a new battlefield of cyber crime, as well as a new ground for novel investigative approaches. Cloud forensics is a new area of research, much has to be done and this paper merely signposts the way forward. 6. References Amazon (2010) Amazon Web Services: Overview of Security Processes. Beebe, N. (2009) Digital forensic research: The good, the bad and the unaddressed. Advances in Digital Forensics V: p Casey, E. (2000) Digital Evidence and Computer Crime. Academic Press. Cloud Security Alliance [CSA] 2009 Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. Digital Forensic Research Workshop [DFRWS] 2001 A Road Map for Digital Forensic Research. EurActiv (2011) Cloud computing: A legal maze for Europe. EurActiv February 11. European Network and Information Security Agency [ENISA] 2009 Cloud Computing: Benefits, risks and recommendations for information security. F5 Networks and Applied Research West (2009) The 2009 F5 cloud computing survey. Federal Bureau of Investigation [FBI] 2008 Regional Computer Forensics Laboratory (RCFL) Program Annual Report for Fiscal Year Foley, J., (2010) Federal agencies shift into cloud adoption. Information Week June 14. Force.com (2010) Secure, private, and trustworthy: enterprise cloud computing with Force.com. Gartner (2009) Worldwide Cloud service revenue will grow 21.3 percent in Google (2010) Security Whitepaper: Google Apps Messaging and Collaboration Products.
16 Broadhurst, R. (2006) Developments in the global law enforcement of cyber-crime, Policing: International Journal of Police Strategies and Management, Vol.20, No 3: p Gens, F. (2008) IT Cloud services forecast 2008 to 2012: A key driver of new growth. IDC INPUT (2009) Evolution of the Cloud: The future of cloud computing in government. Kent, K., Chevalier, S., Grance, T., Dang, H. (2006) NIST Guide to Integrating Forensic Techniques into Incident Response. NIST. Mell, P., Grance, T. (2009) The NIST Definition of Cloud Computing Version 15. NIST Merrill Lynch (2008) The Cloud wars: $100+ billion at stake. Meyers, M., Rogers, M. (2004) Computer forensics: The need for standardization and certification. International Journal of Digital Evidence, Vol 3 No 2. Liles, S., Rogers, M., Hoebich, M. (2009) A survey of the legal issues facing digital forensic experts, Advances in Digital Forensics V: p Oberheide, J., Cooke, E., Jahanian, F. (2008) CloudAV:N-Version Antivirus in the Network Cloud. In Proceedings of USENIX Security 2008: p July, San Jose. Perry, R., Hatcher, E., Mahowald, R.P., Hendrick, S.D. (2009) Force.com Cloud platform drives huge time to market and cost savings. IDC Roussev, V., Wang, L., Richard, G., Marziale, L. (2009) A cloud computing platform for large-scale forensic computing, Advances in Digital Forensics V: p
CLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa
CLOUD FORENSICS : AN OVERVIEW Kumiko Ogawa What is Cloud Forensics Forensic Science - Application of science to the criminal and civil laws that are enforced by police agencies in a criminal justice system.
More informationCloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results
Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results Keyun Ruan, Joe Carthy, Tahar Kechadi, Ibrahim Baggili Digital Investigation 10, No.1, pp
More informationCloud Forensics. Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie. To cite this version: HAL Id: hal https://hal.inria.
Cloud Forensics Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie To cite this version: Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie. Cloud Forensics. Gilbert Peterson; Sujeet Shenoi. 7th Digital
More informationSurvey on Cloud Forensics and Critical Criteria for Cloud Forensic Capability: A Preliminary Analysis
University of New Haven Digital Commons @ New Haven Electrical & Computer Engineering and Computer Science Faculty Publications Electrical & Computer Engineering and Computer Science 2011 Survey on Cloud
More informationAn Integrated Research Analysis of Cloud Forensics for Secured Computing Environment
An Integrated Research Analysis of Cloud Forensics for Secured Computing Environment 1 N.Jaswanth Department of CSE, Sree Vidyanikethan Engg College, Tirupati.AP,INDIA 2 J.Durga Assistant Professor, Department
More informationDIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING
17.09.24 DIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING FORENSICS FRAMEWORK FOR CLOUD COMPUTING OUTLINE Abstract Introduction Challenges in cloud forensics Proposed solution Conclusion Opinion
More informationMitigating Risks with Cloud Computing Dan Reis
Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationKroll Ontrack VMware Forum. Survey and Report
Kroll Ontrack VMware Forum Survey and Report Contents I. Defining Cloud and Adoption 4 II. Risks 6 III. Challenging Recoveries with Loss 7 IV. Questions to Ask Prior to Engaging in Cloud storage Solutions
More informationSecurity Models for Cloud
Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More informationA guide for IT professionals. implementing the hybrid cloud
A guide for IT professionals implementing the hybrid cloud A guide for IT professionals implementing the hybrid cloud Cloud technology is maturing and advancing rapidly. And for schools today, hybrid cloud
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationHyper-Converged Infrastructure: Providing New Opportunities for Improved Availability
Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability IT teams in companies of all sizes face constant pressure to meet the Availability requirements of today s Always-On
More informationCOMPTIA CLO-001 EXAM QUESTIONS & ANSWERS
COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Number: CLO-001 Passing Score: 800 Time Limit: 120 min File Version: 39.7 http://www.gratisexam.com/ COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Exam Name: CompTIA
More informationProfessional Training Course - Cybercrime Investigation Body of Knowledge -
Overview The expanded use of the Internet has facilitated rapid advances in communications, systems control, and information sharing. Those advances have created enormous opportunities for society, commerce
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationSupporting the Cloud Transformation of Agencies across the Public Sector
SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter
More informationHow to Create, Deploy, & Operate Secure IoT Applications
How to Create, Deploy, & Operate Secure IoT Applications TELIT WHITEPAPER INTRODUCTION As IoT deployments accelerate, an area of growing concern is security. The likelihood of billions of additional connections
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationJim Reavis CEO and Founder Cloud Security Alliance December 2017
CLOUD THREAT HUNTING Jim Reavis CEO and Founder Cloud Security Alliance December 2017 A B O U T T H E BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT C L O U D S E C U R I T Y A L L I A N C E GLOBAL,
More informationLeveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group
Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. FEDERAL EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Federal agency data is under siege. Over half of all agency IT security
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationService Provider Consulting
From Microsoft Services 1 Industry Overview More and more businesses are looking to outsource IT, decrease management requirements and ultimately save money. With worldwide public cloud spending expected
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationCYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME
FACULTY OF LAW DEPARTEMENT: CIVIL LAW MASTER STUDY THEME: CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME Mentor: Prof. Ass. Dr. Xhemajl Ademaj Candidate: Abdurrahim Gashi Pristinë, 2015 Key words List
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationNetworking for a smarter data center: Getting it right
IBM Global Technology Services October 2011 Networking for a smarter data center: Getting it right Planning the network needed for a dynamic infrastructure 2 Networking for a smarter data center: Getting
More informationForensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud
Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationBRINGING CLARITY TO THE CLOUD
BRINGING CLARITY TO THE CLOUD OpenSky Networks discusses the complexities of the cloud market by distinguishing the difference between true cloud solutions and rebranded services; and how knowing that
More informationArcGIS in the Cloud. Andrew Sakowicz & Alec Walker
ArcGIS in the Cloud Andrew Sakowicz & Alec Walker Key Takeaways How to Identify Organizational Strategy & Priorities Esri s Cloud Offerings A Broad Spectrum Successfully Executing Your Strategy The Cloud
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationDesigning Robustness and Resilience in Digital Investigation Laboratories
DIGITAL FORENSIC RESEARCH CONFERENCE Designing Robustness and Resilience in Digital Investigation Laboratories By Philipp Amann and Joshua James Presented At The Digital Forensic Research Conference DFRWS
More informationCSP 2017 Network Virtualisation and Security Scott McKinnon
CSP 2017 Network Virtualisation and Security Scott McKinnon smckinnon@vmware.com Security Lead, Northern EMEA Network & Security, VMware Disclaimer This presentation may contain product features that are
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More informationCloud for Government: A Transformative Digital Tool to Better Serve Communities
Cloud for Government: A Transformative Digital Tool to Better Serve Communities 1 005181004 From state to local agencies, government organizations crave access to the same cloud-based tools enabling digital
More informationCloud Computing: Making the Right Choice for Your Organization
Cloud Computing: Making the Right Choice for Your Organization A decade ago, cloud computing was on the leading edge. Now, 95 percent of businesses use cloud technology, and Gartner says that by 2020,
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationFIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates
Case Study FIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates World s largest global provider dedicated to banking
More informationBuilding Trust in the Era of Cloud Computing
Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.
More informationMaking hybrid IT simple with Capgemini and Microsoft Azure Stack
Making hybrid IT simple with Capgemini and Microsoft Azure Stack The significant evolution of cloud computing in the last few years has encouraged IT leaders to rethink their enterprise cloud strategy.
More informationData center interconnect for the enterprise hybrid cloud
WHITEPAPER Data center interconnect for the enterprise hybrid cloud The world is moving to the cloud. Everything from entertainment and consumer mobile applications to enterprise software and government
More informationIntroduction to Cloud Computing
Introduction to Cloud Computing Nabil Abdennadher nabil.abdennadher@hesge.ch 2017/2018 1 Plan Context Definition Market Cloud service models Cloud deployments models Key drivers to adopting the Cloud Barriers
More informationCloud Services. Infrastructure-as-a-Service
Cloud Services Infrastructure-as-a-Service Accelerate your IT and business transformation with our networkcentric, highly secure private and public cloud services - all backed-up by a 99.999% availability
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationINFS 214: Introduction to Computing
INFS 214: Introduction to Computing Session 13 Cloud Computing Lecturer: Dr. Ebenezer Ankrah, Dept. of Information Studies Contact Information: eankrah@ug.edu.gh College of Education School of Continuing
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationMulti Packed Security Addressing Challenges in Cloud Computing
Global Journal of Computer Science and Technology Cloud and Distributed Volume 13 Issue 1 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationHealthcare IT Modernization and the Adoption of Hybrid Cloud
Healthcare IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Executive Summary The healthcare industry is facing unprecedented changes brought about by a
More informationAuditing the Cloud. Paul Engle CISA, CIA
Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,
More informationThe Center for Internet Security
The Center for Internet Security The CIS Security Metrics Service July 1 2008 Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationBusiness Technology Briefing: Fear of Flying, And How You Can Overcome It
Business Technology Briefing: Fear of Flying, And How You Can Overcome It Joseph Tobloski Senior Director for Data & Platforms R&D Accenture Technology Labs Fear of Flying And How You Can Overcome It May
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationCHAPTER 5 DISCUSSION AND ANALYSIS
CHAPTER 5 DISCUSSION AND ANALYSIS 5. Discussion and Analysis In this chapter, the author, first, would like to discuss about the possible difference in security between IaaS, PaaS, and SaaS. Other than
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationGovernment IT Modernization and the Adoption of Hybrid Cloud
Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationSecuring the Cloud Today: How do we get there?
Samson Tai, Chief Technologist, IBM Innovation Network Securing the Cloud Today: How do we get there 9/15/2009 What is Cloud Computing Cloud is a new consumption and delivery model for many IT-based services,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationSecuring Data in the Cloud: Point of View
Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationTotal Cost of Ownership: Benefits of the OpenText Cloud
Total Cost of Ownership: Benefits of the OpenText Cloud OpenText Managed Services in the Cloud delivers on the promise of a digital-first world for businesses of all sizes. This paper examines how organizations
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationEnabling Hybrid Cloud Transformation
Enterprise Strategy Group Getting to the bigger truth. White Paper Enabling Hybrid Cloud Transformation By Scott Sinclair, ESG Senior Analyst November 2018 This ESG White Paper was commissioned by Primary
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationCloud Computing introduction
Cloud and Datacenter Networking Università degli Studi di Napoli Federico II Dipartimento di Ingegneria Elettrica e delle Tecnologie dell Informazione DIETI Laurea Magistrale in Ingegneria Informatica
More informationRedefining Networking with Network Virtualization
WHITE PAPER Redefining Networking with Network ization Why Networking Is Ripe for a Change Table of Contents Overcoming the Obstacle Blocking the Benefits of a Hybrid Cloud... 3 What Is Network ization?...4
More informationThe Road to a Secure, Compliant Cloud
The Road to a Secure, Compliant Cloud The Road to a Secure, Compliant Cloud Build a trusted infrastructure with a solution stack from Intel, IBM Cloud SoftLayer,* VMware,* and HyTrust Technology innovation
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationThe New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments
The New Normal Unique Challenges When Monitoring Hybrid Cloud Environments The Evolving Cybersecurity Landscape Every day, the cybersecurity landscape is expanding around us. Each new device connected
More informationVMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment
VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment RELIABLE, FAMILIAR INFRASTRUCTURE BACKED BY VMWARE AND DELIVERED THROUGH PARTNERS HELPS OPTIMIZE CLOUD INVESTMENTS AS ENTERPRISES
More informationAccelerate GDPR compliance with the Microsoft Cloud Agustín Corredera
Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are
More informationExploring Cloud Incidents
Exploring Cloud Incidents 1 Introduction The use of cloud computing technologies is gaining increased popularity and quickly becoming the norm. At the same time, the cloud service providers (CSP) are not
More informationA Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist
A Survival Guide to Continuity of Operations David B. Little Senior Principal Product Specialist Customer Perspective: Recovery Time & Objective Asynchronous Replication Synchronous Replication WAN Clustering
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationCloud Computing Overview. The Business and Technology Impact. October 2013
Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility
More information