2.2.3. The organizational dimension
The organizational dimension 1/1
- Forensic investigations in cloud computing environments always involves at least two parties: the CSP, and the cloud customer.
- We have the following roles in cloud forensic: investigators, IT proffesionals, incident handlers, legal advisors, external assistance.
Investigators
- The investigators (on the provider side and on the customer side) are responsible for investigation of misconduct in the Cloud.
- The investigators should work with external assistance or law enforcement when needed.
- The investigators not only need knowledge of how to carry out investigations, but also need to understand the forensic capabilities of the parties they are cooperating with, and the segregation of duties among these parties.
IT professionals
- The group of IT professionals includes system, network, and security administrators, cloud security architect, ethical hackers, and technical support staff.
- They contribute to the investigation with their expertise and may also collect data for the investigators.
Incident Handlers
- A cloud organization should have a written plan with categorized security incidents and respective incident handlers to be referred to in cases of forensic investigations.
- The group of incident handlers responds to a variety of specific security incidents in the Cloud, such as for example
- unauthorized data access,
- accidental data leakage and data loss,
- malicious code infections,
- (distributed) denial of service sttacks, etc.
Legal Advisors
- Legal advisors are familiar with multi-jurisdiction and multi-tenant issues in the Cloud.
- Including the advisors in the cloud staff is crucial to ensure that forensic activities will not violate regulations under respective jurisdictions or confidentialities of other tenants sharing the same resources
- Service Level Agreements (SLAs) must be written with clauses that describe the procedures to follow in case of a forensic investigation.
- Internal legal advisors are also responsible for cooperation with external law enforcement during the course of an investigation.
External Assistance
- In most cases the cloud organizations will rely on a combination of its own staff and external parties to perform forensic tasks (e.g., investigations on civil cases, investigations on external chain of dependencies)
- Cloud organizations should determine in advance, which actions will be performed by external assistance regaring forensic activities. This distinction should be reflected by relevant policies, guidelines and agreements.
Projekt Cloud Computing – nowe technologie w ofercie dydaktycznej Politechniki Wrocławskiej (UDA.POKL.04.03.00-00-135/12)jest realizowany w ramach Programu Operacyjnego Kapitał Ludzki, Priorytet IV. Szkolnictwo wyższe i nauka, Działanie 4.3. Wzmocnienie potencjału dydaktycznego uczelni w obszarach kluczowych w kontekście celów Strategii Europa 2020, współfinansowanego ze środków Europejskiego Funduszu Społecznego i budżetu Państwa