Media releases are provided as is and have not been edited or checked for accuracy. Any queries should be directed to the company issuing the release.
The Cloud Security Alliance, a not-for-profit organisation set up to promote best security practices for cloud computing, has released a white paper on conducting forensic investigation in cloud environments and has formed an Incident Management and Forensics Working Group. It warns that “While digital investigations, on the surface, seem to have little to do with the competitive position or profit-and-loss of CSPs, forensic readiness cannot be ignored.”
The co-chair of the group, Dominik Birk from Zurich Insurance, said the aim of the group was to define best practices that consider the legal, technical and procedural elements of responding to security incidents in the cloud in a forensically sound way. "This initial white paper represents a significant effort on behalf of numerous individuals and marks an important first step in conducting proper forensic investigations in cloud environments following a security incident,” he said.
The group’s white paper ‘Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing’ is designed to help researchers, data governance experts and forensic practitioners define standardised processes for conducting forensic investigations, electronic discovery and other critical aspects of security in a multi-tenant, highly virtualised environment.
The 30 page white paper looks at: forensic science and traditional digital forensics; the notion of cloud forensics; the forensic requirements for cloud service providers; the differences between cloud forensics and traditional forensics; and mapping ISO 27037 - an international standard that seeks to create a common baseline for the practice of digital forensics - to the cloud.
It concludes: “In the short term, the cloud consumer bears the responsibility to ensure that CSPs selected for a particular purpose can respond appropriately to a forensic investigation. This is especially true because consumers ultimately suffer the loss from crimes in the cloud environment.”
The white paper says that, when contracting for services with a CSP, “The customer should ensure that explicit language and SLOs are incorporated into the contract (as shown in the CSA Trusted Cloud Reference Architecture under the ‘Service Delivery’ domain) to ensure they can respond appropriately when the need to perform a digital investigation arises.”
For CSPs, it says that integrating forensic capabilities into cloud offerings would increase transparency for the consumer and likely lead to greater revenue streams. “As more organisations become reliant on cloud computing for critical operations, we foresee that forensics will become a key motivator on choice of CSP. Additionally, as the cloud market matures, we foresee legal and regulatory changes that may shift duties to include, collaboratively, CSPs.”
The Working Group intends to release another research paper entitled ‘Developing a Capability Maturity Model (CMM) for Incident Management and Forensics in Cloud Environments’ in Q4 2013.
The CSA invites interested companies and individuals to support the group's research and initiatives.
var scJsHost = (("https:" == document.location.protocol) ?
"https://secure." : "http://www.");
BitCloud is a leader in cloud services and managed IT services for growing and mid-market businesses.
With over 17 years experience, BitCloud helps you run your business with:
- Managed Cloud Services that save you time, improve productivity and reduce IT costs
- End-to-end, scalable and managed IT services that grow with your business – no contracts
- Custom Business Continuity Plans that give you added security and peace of mind
Get more out of your IT and get on the cloud with a free trial
For more information:
For more information: