Help with web post and responses 7

profilemiraclemo

Research post topic and submit 260 word post on the given topic, indicate at least two source or reference in your original post. This assignment is to be scholarly; it is not enough for you to simply post your article and add cursory reviews. CITED REFERENCES ARE REQUIRED. Also create replies for given 3 posts, each reply should be separate (with separate REFERENCES but not necessarily different references) and should be 260 words without references. Include at least 260 words in your posting and at least 260 words in your reply excluding references.


Post Topic:

Search "scholar.google.com" or your textbook. Discuss how organizations have faced the challenges that incident handlers are challenged with in identifying incidents when resources have been moved to a cloud environment.


Reply to following posts with at least 260 words and at least 1 cited reference


Post 1:

Handling incidents in the cloud

Authorities in an organization face a lot of severe issues when it comes to dealing with security incidents whenever resources get moved to cloud servers. Most of the problems arrive from the fact that a joint response plan can never be established with the cloud providers due to the lack of a well-structured communication plan. In the words of Ab Rahman & Choo (2015), the roles and responsibilities do not remain defined properly leading to high grounds of issues and complicacies during the arrival of an intrusion attack. Cloud providers also remain unclear at instances regarding the practical procedures followed when it comes to dealing with security incidents in the cloud. 

Cloud servers and the entire infrastructure can turn out to be very complicated because virtualization is utilized extensively. As stated by Krutz & Vines (2010), sensitive information also remains scattered on various devices that remain interconnected with one particular network. It can be extremely difficult to identify threats and manage incidents whenever such a matrix infrastructure arrives at the forefront. Cloud providers understand how the system remains configured but the CSIRT team in an organization along with the IT experts will not be able to identify the exact measures if training along with better clearance levels is not provided to them. It can be against the policy of the cloud provider when it comes to revealing industry secrets and the manners in which the systems remain configured.

Lack of transparency turns out to be another distinctive problem that authorities face whenever resources get moved to the cloud environment because the providers try to handle situations on their own without opting for cooperative behavior or even collaboration at the same instance as well. A lot of forensic tools also remain in the hands of the cloud providers and they do not delegate authority to the IT experts present in an organization. During the advent of an intrusion attack, the cloud providers might not be able to ensure control in a definitive manner. They might also stand incapable of identifying these threats and this is the reason why control the forensic tools is extremely important. 

While drafting a security policy and an agreement, managers often forget to include the clauses that state clearly how the security tools and other equipment should be shared in a definitive manner when it comes to controlling incidents present in the cloud environment. Often managers in an organization fail to reach out to the cloud providers and they try to handle the situation on their own by severing networks and initiating a local server at the same instance as well. These procedures can also turn out to be extremely complicated and even dangerous to some extent because the nature of the threat is not understood in a proper manner (Whitman, Mattord & Green, 2013). The lack of collaboration is the central problem that authorities in an organization encounter and cloud providers also fail to conduct appropriate drills and training sessions through which the IT experts can understand the various ways in which incidents should be handled in the cloud environment.


References

Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. computers & security, 49, 45-69.

Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.

Whitman, M. E., Mattord, H. J., & Green, A. (2013). Principles of incident response and disaster recovery. Cengage Learning.


Post 2:

Challenges to identify incidents in cloud environments

The benefits of cloud-based applications to the present day organizations are many. It simplifies many of the business processes and contributes to providing the organizations with greater extents of flexibility, reliability, and accessibility to data from any place at any time they want. But there are quite a few security risks linked to it and this calls in the requirements for incident handlers within the cloud environment. The incident handlers would be responsible to investigate the events of security on the cloud and make quick responses to deal with the situations as required.

Major challenges for handling cloud incidents

However benefitting the cloud may be for organizations, there are quite a few challenges that exist for the incident handlers in terms of providing maximum productivity. Some of the major challenges that the cloud incident handlers face include:

Regulatory control of the cloud service providers

Most of the cloud service providers limit the access of the clients to logs and event data. This makes it tough for the event handlers to look into the details of specific events that may have caused a security breach. Further, the users have incomplete access to the control devices for the network and cannot look into the details of how the customers use the services and generate data. Even if the organizations can access the data, they often lack the technology and resource to analyze the same to draw out fruitful information. (Ab Rahman, Cahyani & Choo, 2017)

DoS attacks

The Denial of Service attacks is one of the most common techniques of attacks used by cybercriminals (Ab Rahman & Choo, 2015). In case of such attacks on the cloud infrastructure of the organization, the incident handlers may lack any information on how the event took place or who exactly has what contributions in the process. It can even be the result of an attack on other customers within the environment. For the businesses that have private cloud support, there is a way to monitor network traffic but most of the attacks are stealthy and will impact the organization long before it may even discover the attack.

Availability of huge data pools

The rate of data generation has increased by many folds over the past decades. As a resultant, organizations collect a lot of irrelevant data in the process. This makes access to useful and relevant information tough for incident handlers. The availability of such large volumes of data also makes storage difficult for the organizations. It can also increase the time consumption for making responses in case a disaster strikes the organization (Birk & Wegener, 2011).

Is it possible to address the challenges?

Addressing the challenges are possible but the incident handlers must be skilled enough for the purpose. Also, the absence of effective firewall or traffic activity monitoring systems within the cloud environment contributes to making it tougher for the handlers to express their maximum efficiency. Flexibility is an important ingredient that directly influences the control that the organization has over the cloud infrastructure. More flexible it is, better are the chances for the incident handlers to control events and incidents.

References

Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. computers & security, 49, 45-69.

Ab Rahman, N. H., Cahyani, N. D. W., & Choo, K. K. R. (2017). Cloud incident handling and forensic‐by‐design: cloud storage as a case study. Concurrency and Computation: Practice and Experience, 29(14), e3868.

Birk, D., & Wegener, C. (2011, May). Technical issues of forensic investigations in cloud computing environments. In 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering (pp. 1-10). IEEE.


Post 3:

Technologies change rapidly — the latest cloud technology. Today every organization is inclined to reducing their on-premise footprint and moving resources to Cloud. There is several cloud providers in the market, e.g., AWS, Microsoft Azure, Oracle Cloud, IBM Cloud, Google Cloud, etc. (Taherizadeh, S., Stankovski, V., & Grobelnik, M. 2018). Cloud helps companies to reduce the organization’s on-premise workloads. This helps in reducing the total cost of operations. Also, it eliminates the extra cost of hardware and servers required to store every expanding data. But with the introduction of cloud comes new challenges in managing the incident response. The one crucial characteristic of the cloud is that same resources, and collateral is shared between several users who have access to the cloud. If a particular incident is given a response by the CSIRT team, then that response is also received by another user who has access to the same data for free. Hence, the incident response team is unable to isolate their response to a specific user. The incident handlers are now expected to know cloud environment well. Therefore the incidents response team must keep the end user in the loop, thereby increasing the dependency on the end user. There are different security parameters of cloud administrations are another test for the occurrence handlers. (Cole, B. S., & Moore, J. H. 2018) Distributed computing has various security issues for distributed computing as it incorporates numerous innovations, including the Operation system (OS), Load balancer, database virtualization, network, resource scheduling, memory management, etc. This makes the system or cloud environment complex. The incident handlers are stressed to try to figure out where the data is and how the migration has been done.

References:

Cole, B. S., & Moore, J. H. (2018). Eleven quick tips for architecting biomedical informatics workflows with cloud computing. PLoS Computational Biology, 14(3), 1–11. https://doi.org/10.1371/journal.pcbi.1005994

Taherizadeh, S., Stankovski, V., & Grobelnik, M. (2018). A Capillary Computing Architecture for Dynamic Internet of Things: Orchestration of Microservices from Edge Devices to Fog and Cloud Providers. Sensors (14248220), 18(9), 2938. https://doi.org/10.3390/s18092938

    • Posted: 8 months ago
    • Due: 
    • Budget: $10