Introduction To Cloud Forensics: 4 Key Questions

APRIL 2013: If your business has hopped up to cloud computing or plans to soon, remember to discuss the unthinkable with your cloud provider — what happens if there’s a security breach, cyber attack or other illegal activity that involves your data?

That’s where cloud computing forensics comes in.

Cloud forensics is a developing field that involves reconstructing an event based on the collection and analysis of digital data. If the data is in the cloud, methodologies can be trickier than when it’s on your own servers. As of now, definitions are not yet standardized and basic requirements are not established. And the forensics playing field is different depending on the type of provider — infrastructure as a service (IaaS), platform as a service (PaaS) or software as a service (SaaS).

The Cloud Forensics Working Group at the National Institute of Standards and Technology (NIST) is working out these complex issues with input from a lot of different interested parties. You can be one of them! Check out the twiki, an open source wiki that gives you access to hundreds of cloud forensics documents, as well as a voice in the process of developing smart industry-wide approaches.

A recent article by Network World advises businesses to ask, “What can my cloud provider do for me in terms of providing digital forensics data?”

Great question! Here are four more questions to jumpstart your planning: 

1) Where exactly is my data? Make sure you know where your cloud provider is officially located and the laws governing that particular state, or even country. Physical location may impact legal jurisdiction, including regulatory compliance and the filing of lawsuits. Your provider may not even be subject to U.S. laws.

2) How is court-ordered data collected? Understand the process your cloud provider follows if presented with subpoenas or search warrants. Also be aware of the assurances in place that only the required data will be turned over, and how they handle missing data and encryption of data handed over.

3) Who has access to my data? Know what access that cloud provider employees have to your data, if any.

4) How is risk allocated between my company and my cloud provider? Understand your liability when it comes to security breaches, the leaking of confidential data, illegal activity on your cloud by your employee or someone who shares your cloud, and other issues that could open you up to lawsuits.

While the likelihood that you’ll be involved in a cloud-related legal situation is probably very small, knowing the answers to these questions is smart IT planning!