We trust in security

Blog

We trust in security - Blog
Octavi Allué
Cloud forensic analysis, challenges and difficulties

Cloud services irruption such as Amazon Web Services, Microsoft Azure and Google Cloud Platform among others makes possible to confirm that it is one of the most revolving computer paradigms ever, delivering high dynamism and scalability to Information Technology solutions.

As Google Trends service searches show, cloud computing is a growing trend by time goes on.

Image 1. Cloud Computing trend at Google Trends However, despite those growing trends and opinions like Ramon Salvadó’s, Gnuine’s Information Technologies Senior Manager and Fútbol Club Barcelona provider stating that “Scalability, deployment and security offered by cloud platforms are key points for us and our customers.” –extracted from AWS case studies– it is possible to find opposite opinions such Richard Stallman’s at The Guardian in which is said that “a loss of information control while using others infrastructure, a fact that causes defenselessness.”

It is possible to keep both approaches; however, it is always needed an appropriate knowledge level which allows risk management while migrating to cloud platforms.

To handle this risk on a proper way, it is important to know about the impact that could harm assets and information liaised to it. So, facing the main purpose of this post, consequences caused by security incidents on cloud frameworks that requires forensic analysis are reviewed, assessing its challenges and opportunities.

First, it is important to set a strategy that enables first responders to act on a repeatable way to, secondly, handle digital evidences suitable for purpose understanding digital forensics not only as an incident response procedure but as providing legal proof being delivered at court.

As it can be read in Advances in digital forensics VII, written by Keyun Ruan, cloud forensic analysis is a multidisciplinary technique in which cloud computing and forensic analysis methodologies are involved seamlessly. This environment stablishes a set of legal challenges in which dealing with shared resources between cloud system tenants and security forces coordination that could be located on different countries.

One of forensic sciences principles, more concretely, digital evidence handling, states that evidence gathering should keep data integrity while user and system accountabilities remains segregated. Solution for those challenges can be driven by providers designing services keeping in mind information security and AAA principles meaning Authentication, Authorization and Accountability. Those principles allow the analyst at investigating and reconstructing the security event and its faster resolution.

Furthermore, law and regulations enforcement should be applied where digital evidence is gathered maintaining other tenants sharing cloud resources confidentiality rights.

Additionally, Cloud Service Providers, specially Software as a Service providers, have a set of providers that allow customers a huge flexibility and scalability but it also means a blocking issue while managing digital evidence and keeping its integrity.

Then, it is needed to create a subset of best practices and a regulatory framework which allows applicable law enforcement where data is stored. These needs should be stated on Service Level Agreements.

Likewise, this lack of transparency regarding data location, adds another blocking issue to cloud forensic analysis.

By the other hand, cloud service providers should staff their companies properly, allowing themselves to handle digital evidences on a proper way, dealing with entities and security forces requiring that piece of evidence.

As for sure you can imagine, there are several opportunities delivered by cloud service providers that could mean important advantages for forensic analysts. For example, information is copied at different locations which means that destroying evidences, sometimes, feels like impossible. Moreover, cloud service providers generate automatically hashes for every created file and takes snapshots of running virtual machines within their infrastructure.

Have you ever found on this kind of situation where a cloud forensic analysis is required? How did you proceed or how would you proceed on a case like this? This framework is presenting a new paradigm that needs to be solved with the aim of protecting companies, institutions and people rights. What do you think about this new situation?