The modern computer environment has moved past the local data center with a single entry and exit point to a global network comprising many data centers and hundreds of entry and exit points. This business and service migration to remote data centers, where computing and storage are rented from a larger company, is referred to as cloud computing. Companies and people have realized great benefits that result from the use of cloud computing systems – not only in terms of productivity, but also in access to high-speed systems for managing very large data sets in ways that would be financially impossible for some small and midsized companies. Larger companies have also realized the benefits of cheap utility cloud computing as these companies migrate critical database ,transactional processing systems, and software packages to a rented space in a data center that can be anywhere in the world. This migration also has complications for information security, as we traditionally understand the information security process, both procedurally and legally.
There is no longer a solid “security perimeter” (Perrin, 2008) as information security people were taught even as recently as 2 years ago. The security perimeter has become any place on any device where people access the network and systems services that the company provides. The flexibility in what has become the new “security perimeter” is attributable to the many ways that we consume data on many different types of devices worldwide. In the world of networked services and systems, data and services are consumed over the Internet that will complicate any computer security investigation.
The enterprise class systems that are migrating to the cloud computing platform with services, either Web or otherwise, accessible through a browser or custom application have to be well secured and protected against misuse or theft. There are also legal and compliance issues that need to be addressed in relation to the data and data systems that are being migrated to the cloud computing environment.
Network forensics in the cloud computing environment could be focused only on data that go to and from the systems that the company has access to, but that would miss the rest of the picture. Network forensics needs to be part of and work with all the other components that comprise the entire system within the cloud environment. Without the network forensics investigator, understanding the architecture of the cloud environment systems and possible compromises will be overlooked or missed. The network forensics investigator also needs to understand that the cloud environment is the space that the company rents on another company’s computer systems to perform the work. The rented space in the cloud can be in a globally connected data center with many other companies where the user network entry point can be at any point on the Internet. Data in the cloud environment can be replicated to any data center in the world that is owned and operated by the cloud provider. No discussion of forensics would be complete without considering the risk assessment and what risks a business and security department are willing to assume by moving data and services into someone else’s data center.
By Clint P. Garrison
Syngress| English | 339 pages | PDF | 13,175 KB | Download | Password: digital