Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from Term Paper:
Cloud Computer and Insider Threats
Cloud computing is widely regarded as the wave of the future. "Cloud computing is all the rage. It's become the phrase du jour" (Knorr & Gruen 2011). However, many people throw the phrase around without truly understanding what it really is. "Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software" (Knorr & Gruen 2011). It may include many different types of services, some of which are subscription-based, others of which are pay-per-use (Knorr & Gruen 2011). For example, with SaS (software as a service), one of the most common types of hosting, this means no "upfront investment in servers or software licensing; on the provider side, with just one app to maintain, costs are low compared to conventional hosting" (Knorr & Gruen 2011). At its essence, what is so revolutionary about cloud computing is that it obviates the need for hardware and physical storage; rather, "clients lease these resources from a cloud provider as an outsourced service" (Malik & Nazir 2012: 390).
The cloud has the potential to convey many cost savings to organizations, and improve speed and efficiency as well as reduce the physical encumbrances placed upon smaller organizations. However, there are also fears about its risks. "Cloud computing services provide a resource for organizations to improve business efficiency, but also expose new possibilities for insider attacks. Fortunately, it appears that few, if any, rogue administrator attacks have been successful within cloud service providers, but insiders continue to abuse organizational trust in other ways, such as using cloud services to carry out attacks" (Claycomb, & Nicoll 2012: 10). But many fear that this relatively strong track record thus far is merely a reflection of the relative youth of cloud computing, and it is only a matter of time before serious threats become chronic.
The lack of 'rogue' administrator attacks may cause many organizations to be sanguine about monitoring user patters. Particularly since the technology is still in its nascent stages, organizations may be uncertain of how to guard against threats and their potential for misuse resulting in a lack of appropriate monitoring that would be customary with the deployment of other technological applications. The solution to this problem is not to fear cloud computing, but to become more aware of potential risks and to develop employee monitoring systems before threats from inside do begin to assert themselves in a more pervasive fashion.
"Some observable insider activities are clearly harmful to the organization -- for instance, an insider deleting critical applications from the organization's servers. However, not all insider activity is so blatantly malicious" (Claycomb, & Nicoll 2012: 9). To accumulate data upon the subject is essential, and one critical area is the ability to compare normal user patterns in a cloud computing scenario with that of malicious attacks by insiders. "The lack of sufficient real-world data that has 'ground truth' enabling adequate scientific verification and validation of proposed solutions" lays cloud computing systems open to vulnerabilities and increases "the difficulty in distinguishing between malicious insider behavior and what can be described as normal or legitimate behavior" (Claycomb, & Nicoll 2012: 9).
Research is required to determine when and how user attacks are likely to occur, with the hope of generating a comparative framework of normal vs. malicious patterns of use in cloud computing in terms of both technical and non-technically measured behaviors. There has been a call for "automated, easy to understand, and easily verifiable policy management techniques for cloud-based systems' (Claycomb, & Nicoll 2012: 9). The extent to which this is feasible, along with the real potential scope of insider threats is hotly-debated.
Memo 2.2. Clarifying the locus of the inquiry
The focus of my study will be on how to guard against insider threats within cloud computing systems, specifically to determine if normal user patterns can be established in such a way to distinguish them against malicious use patters. The study will also seek to understand why and when insider threats are likely to occur, and how a trusted employee and business associate can potentially exploit the cloud. It will compare the value of searching for technical red flags regarding employee behavior (such as eccentric log-in patterns and violations of search policies) with non-technical, qualitative behaviors that indicate the potential for the employee to pose an insider threat (Claycomb, & Nicoll 2012: 9).
Aggrieved employees can exploit vulnerabilities in their relationship with their clients given the trust that is inherent in the relationship between service provider and client in cloud computing. "Cloud computing as a process is governed, managed, and maintained by site administrators. By default, they hold the key to managing all the data, files, and privileged company resources and files. Sometimes, relationships with employers don't work. As a revenge, or for other reasons, administrators may end up spreading, or allowing privileged information to leak at the expense of the business enterprise involved" (Bailey 2012). Other employees may simply wish to exploit the cloud for 'fun,' out of the spirit of playful hacking.
Employers must be aware that cloud computing is not a self-managing system, and they cannot take a hands-off attitude in spotting vulnerabilities. However, there remains some disagreement as to what vulnerabilities and flags for misuse resemble. One school of thought suggests that "indicators suggested for cloud-based insider threats are simply reworded versions of malicious behavior indicators for non-cloud systems" (Claycomb, & Nicoll 2012: 8). Good examples of these can include users logging in during non-work hours (such as 4am or on weekends), unusual search items, and "obtaining back-door access to company data" (Claycomb, & Nicoll 2012: 8). However, there are some unique features that administrators of cloud-based service may show when they exhibit a threat to the organization. Some of these are not necessarily technical in nature, as they may include behaviors such as carelessness and a lack of consideration for user needs. Other, technical red flags include: "violating SLAs, improperly managing virtual machines, using suspicious software, or performing similar activities across different platforms and customer systems" (Claycomb, & Nicoll 2012: 8). The FBI has also issued a list of guidelines for potential behaviors that could indicate a company is vulnerable to an insider threat, such as employees asking for or taking proprietary information that does not seem necessary; working odd hours; copying material without a clear reason why, and showing a disregard for company policies regarding privacy (Economic espionage, 2012, FBI).
By better understanding what red flags are most likely to arise when policing security when using cloud computing, an organization can better guard against potential threats. Ideally, all of these vulnerabilities -- both technical and non-technical -- should be monitored, but given finite organizational resources, the most critical and likely manifestations of insider threats should be determined. It must also be determined if cloud-based insider threats differ in fundamental ways from more generic insider threats in both a quantitative and a qualitative manner.
Memo 2.3: Analytic memo
More study is needed regarding the potential risks of cloud computing. Cloud computing presents several security challenges, despite the many advantages it can convey to an organization, particularly a small one which cannot afford to have on-site data storage. One of the most formidable of these challenges includes insider threats, or threats posed to the organization by either the administrators of the cloud or in-house employees that seek to exploit the cloud (Claycomb, & Nicoll 2012: 9).
Because of the newness of the technology, little data exists at present about the most likely use pattern of a malicious attacker. There is a debate as to whether such use patterns tend to mimic typical suspicious user behavior for all types of infiltrations of security vulnerabilities, or whether there is a specific usage pattern typical to cloud computing (Claycomb, & Nicoll 2012: 9).
Insider threats can come from disgruntled employees or from individuals who simply take pleasure in hacking. They may originate with the cloud provider itself, or they may be employees who seek to exploit the vulnerabilities of the cloud. These different types of threats may manifest different patterns of suspicious use as well, although this is also not yet determined.
Given how much research has yet to be done on cloud computing and insider threats, I would like to undertake a study that combines both qualitative and quantitative research. The extent to which threats may present themselves in a technical or non-technical fashion remains debatable, and a blended research study that uses both open-ended and data-driven means of analysis would be one way to shed light on this issue.
My ideal preliminary study would not strive to come to a definitive answer about the typical exploitation pattern of use exhibited by an inside hacker. However, it would seek to interview several companies that were targets of malicious insider attacks and compare the nature of the attacks, how the misuse was finally…[continue]
"Cloud Computer And Insider Threats Cloud Computing" (2012, December 15) Retrieved December 8, 2016, from http://www.paperdue.com/essay/cloud-computer-and-insider-threats-105730
"Cloud Computer And Insider Threats Cloud Computing" 15 December 2012. Web.8 December. 2016. <http://www.paperdue.com/essay/cloud-computer-and-insider-threats-105730>
"Cloud Computer And Insider Threats Cloud Computing", 15 December 2012, Accessed.8 December. 2016, http://www.paperdue.com/essay/cloud-computer-and-insider-threats-105730
By implementing some fairly basic security protocols and trusting cloud computing service providers to utilize available resources to ensure proper encryption and access control on their end, companies can greatly minimize their exposure to insider risks (Durkee, 2010). This trust is in and of itself a risk, however, and the lack of direct control presents an unavoidable risk in cloud computing. A recent case that is both highly unique and
Many people know that they are not educated enough in the complicated technologies that are seen in cloud computing and insider threats. As such, it is often a general consensus of the people to not trust such technologies they cannot clearly define. Using a systems-oriented approach will allow the current research to dive into these opinions and help uncover what societal structures are leading to this general sense of
Without the ability to test the cloud computing insider threat risk assessment framework through the development of best practice recommendations for controlling these risks, this framework would be all but useless, and thus the concrete and practical nature of the second research purpose is important internally to the research as well as to the real-world business and technology communities. Research that is immediately and practically useful tends to find
Justifying Research Methods and Design Insider threats are one of the primary sources of risk to an enterprise network and to intellectual property. For decades, the internet security realm has been rather narrowly focused on pre-empting insider threats by mean of sophisticated architecture and conventional login identification barriers. More recently, internet communications and technology (ICT) experts have taken an active position by using technological capacity to identify risk patterns, and
Cloud Computing and Insider Threats) A survey will be conducted of 40 businesses that have successfully dealt with insider threats. These 40 businesses will be compared with another online survey that arbitrarily and randomly samples other businesses. My objectives will be to assess how 40 large companies successfully deal with insider threats and how these practices contrast with practices from other companies. My methodology will be the following: I will randomly select
This approach to defining a performance-based taxonomy will also allow for a more effective comparison within industries as well. All of these factors taken together will provide enterprise computing buyers with more effective foundations of arguing for more thorough measures of application performance. The net result will be much greater visibility into how cloud computing is actually changing the global economics of the enterprise computing industry. III. Final Report: Introduction The foundational
It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to