What is Cloud Forensics?
Cloud Computing usage is increasing day by day and so is criminal activity as cyber criminals figure out ways to monetize unauthorized access to IT solutions in the cloud environments. Cloud Forensics is like any other forensic investigation where experts try to gather evidence of a cyber-crime in a cloud environment and try to persecute the criminal. Computer forensics attempts to ensure the authenticity of data, but cloud computing environments pose significant obstacles to this process since the hardware, software, infrastructure does not usually belong to the organization that has been attacked / compromised or breached.
Significant Obstacles
When I say significant obstacles, I refer to the architecture of the Cloud Computing, Cloud Services & Delivery Models. With multi-tenant hosting, globalization of the servers and data centers, different jurisdictions in different countries, lack of standards, lack of access to network routers, firewall & other hardware it becomes very difficult to obtain evidence of attacks, breaches & cyber-crime
So how to overcome these obstacles?
There is no easy way to overcome these obstacles! Very few tools are available that continuously record everything in the cloud environment. a few tools that do record these events produce huge logs that are humanly impossible to sift through. What is needed is a compact log file that can be read and understood by even the common man to understand and back-track the events that led to the cyber-crime! It's not very far when we get to that technological nirvana!
Also posted on BMC Communities blog - Cloud-n-More
Cloud Computing usage is increasing day by day and so is criminal activity as cyber criminals figure out ways to monetize unauthorized access to IT solutions in the cloud environments. Cloud Forensics is like any other forensic investigation where experts try to gather evidence of a cyber-crime in a cloud environment and try to persecute the criminal. Computer forensics attempts to ensure the authenticity of data, but cloud computing environments pose significant obstacles to this process since the hardware, software, infrastructure does not usually belong to the organization that has been attacked / compromised or breached.
Significant Obstacles
When I say significant obstacles, I refer to the architecture of the Cloud Computing, Cloud Services & Delivery Models. With multi-tenant hosting, globalization of the servers and data centers, different jurisdictions in different countries, lack of standards, lack of access to network routers, firewall & other hardware it becomes very difficult to obtain evidence of attacks, breaches & cyber-crime
So how to overcome these obstacles?
There is no easy way to overcome these obstacles! Very few tools are available that continuously record everything in the cloud environment. a few tools that do record these events produce huge logs that are humanly impossible to sift through. What is needed is a compact log file that can be read and understood by even the common man to understand and back-track the events that led to the cyber-crime! It's not very far when we get to that technological nirvana!
Also posted on BMC Communities blog - Cloud-n-More
No comments:
Post a Comment