SBN

Cloud Computing and the Insider Threat

Something that hasn’t been top-of-mind for me, but remains a threat nonetheless, is that the scope of the “insider threat” changes when the cloud is used for computing and storage.

One of the significant data loss vectors is the “insider threat” where a trusted insider — either unintentionally or maliciously — leaks protected information in violation of policy or regulations. In traditional datacenters, the trusted insiders are usually the organization’s employees and contractors — the organization should be able to physically and logically account for every individual that has access to the organization’s computers and data.  The insider threat is one vector that data loss prevention (DLP) is often deployed to help mitigate.

The situation changes in cloud computing, though.  An organization that makes use of cloud computing services, whether SaaS, PaaS, or IaaS, is now using computers and storage that can be accessed by more individuals than just the organization’s employees and contractors — the cloud provider actually owns the servers, networks, and storage and employs personnel and contractors that have administrative access to those components.  Now the “insider threat” has suddenly expanded to include a whole new group of people beyond just the original organization’s employees.

One mitigation technique used to protect data stored in the cloud from any insider is to encrypt the data.  Depending on the operating system used, it may be possible to setup volume encryption or folder encryption on which sensitive data can be securely stored.  Unfortunately, encryption key management is not easy — it seems the best (or only) solution to this problem in the cloud is using a key management server to authenticate and authorize encryption keys, and then configure and monitor the key management server carefully.

Another problem with insiders in the cloud is watching for confidential data in motion.  DLP would be a solution to this problem in an organization’s datacenter, but the situation is more complex in a cloud environment because of a lack of availability of DLP systems in cloud provider networks and the difficulty of separating individual cloud customer’s traffic for DLP analysis.  This is a problem we’re looking into at Palisade Systems.

*** This is a Security Bloggers Network syndicated blog from Info Loss authored by Guy Helmer. Read the original post at: http://infoloss.blogspot.com/2011/07/cloud-computing-and-insider-threat.html