COMPTIA Security+ Tutorial: Module 02,Part 04 – RISKS ASSOCIATED WITH CLOUD COMPUTING

CLOUD COMPUTING

Cloud Computing is carrying out the business operations over the internet on someone else’s computer. We have several models like infrastructure, platform, software, and other as the service.Let us know about the risks associated with the Cloud Computing.

Data on the cloud computing may be available to other people.

The security of this data is managed by other people and hence, it may not meet one’s requirements.

Cloud Computing stores the data on the server of which we do not have control. In case of power loss, one might not have access their own information.

 

Virtualization

Virtualization is the latest technique in which one can create many virtual systems on a large computer. The major risk associated with the system is that once the system is accessed by the cyber criminals,the whole system is at risk. The users have a limited control over what happens between virtual system.

Each virtual system so created needs a separate security profile which can make the process quite tiring.

SECURITY IMPLICATIONS OF THE INTEGRATING SYSTEMS and DATA WITH THIRD PARTY ORGANIZATIONS

While sharing the data, we all must adopt some security measures, especially when it is done with the parties that were not involved in the business for very long.

On Boarding/Off boarding business partners

The business partners keeps coming in and going out. So far it is in better health of the organization,there should be no problem.With each partner,the company should maintain a confidentiality contract to keep the secrets.

Social Media networks and/or Applications

Sharing company’s information over the social platforms is quite common. There should be no posts on job types, post, salary, or business informations.

Interoperability Agreements

It is creating systems and organization to work together.Some terms that are important to it includes:

Service Level Agreements (SLA): Such agreements are the part of the service contract between the two parties.

Business Partner Agreements (BPA): These are like the charge accounts set up with some trusted suppliers.

Memorandum of Agreement (MOA):A legal document that outlines the details of the agreement.

Interoperability Security Agreements (ISA): A document that safeguards the parties involved in the contract.

 

MITIGATE THE RISK

The Risk Mitigation, includes change management, incident management, audit and other actions.

In the world of IT, we must do proper Change Management to ensure all changes carried out in the IT are properly reviewed. It is important to know who wants the change, is it beneficial for the enterprise and the departments. Without proper change management anybody can bring changes which can bring fraud. We should know we have to pay for the modification.

Incident Management deals into small incidences that would otherwise pile up and become a big issue. Incidence should be managed by best management practices. We also should see the users rights and permission reviews so that the users do not build up excessive permissions over time.

We should also perform routine audits for infrastructure, users and all controls within the network as over time some control might weaken over the time.The organization should ensure the policies that prevent loss of data or theft. It would prevent sensitive information from being stolen.The companies should use software to prevent data loss as well.

 

SECURITY CHECK WITH BASIC FORENSICS

We have to consider the rise of the cyber crimes for which we have to collect the electronic evidence. The data should be collected the data in the order of volatility.We will first look at Registers, Cache or RAM post which we will look at Network Cache, Virtual Memory.After this we will check the hard drives, flash drives, CD ROMS and print outs.

The best thing to do is to capture the system image in which we have the evidence that will prevent accidental leakage into the media. We take a hash of original media that can be compared with the cryptography and then we will take a hash of the image. We can also review the network logs and observe the traffic that transpire over the network.

While forensic we need to capture the screen shots and record time of set.Capturing video is another tool that will help to piece together activity of the people.It is necessary to note the expenses and maintain a chain of custody that details the case.Finally we look at the big data analysis.