From Cyber Security to eDiscovery, the Cloud Can Complicate Matters
Cloud computing has found its way into nearly every sector of industry, and with the challenges the very nature of “computing in the cloud” brings to the table for both IT security personnel and legal professionals, NIST released a draft report for public review and comment to drag some of those challenges into the light. The founder of Global Digital Forensics offers some industry insight into this burgeoning world of cloud computing and talks about some of the difficulties which businesses and counsel must consider before diving in head first.
Over the last couple of years, cloud computing has exploded. And with it, so too have the frustration and confusion levels of those responsible for the security of organizational ESI (Electronically Stored Information) and digital assets, as well as those tasked with navigating the intricacies of eDiscovery (Electronic Discovery) involved in litigation. On June 23rd, the Information Technology Lab at NIST (the National Institute of Standards and Technology), which is tasked with promoting the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure, released a report draft titled “NIST Cloud Computing Forensic Science Challenges” for a public review and comment period which is to close on July 21st. In it, they grapple with the problems cloud computing poses for cyber security specialists and litigation professionals alike. Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF) , a premier provider of cyber security and eDiscovery solutions, has been a front-liner on both battlefields for over two decades, and has seen firsthand the complications which can arise when “the cloud” is involved. “It’s a whole new ballgame when the cloud is involved,” he says, “the diversity of providers and plans, the geographic distances and multiple jurisdictions which can be involved, and the variety of applications, equipment and tools involved can be a nightmarish prospect for those who don’t live and work on the cutting edge of the cyber security and forensics industries.”
All clouds are not created equal
“Probably the biggest source of headaches is the wide variety of cloud options available,” says Caruso. “From the equipment used, to the architecture and function of the environments and applications, there are a lot of things which must be carefully studied and considered before developing a sound cyber security plan, or before an effective forensic readiness plan can be established. Even in the most complex internal server environments there are some certainties which make life on both fronts a lot easier than in the cloud, like the physical location of the data, the jurisdiction and regulatory concerns which have to be dealt with and the control the organization typically has over it all. In the cloud, it’s just not that straight forward. You may not only have multiple sets of vendor policies and agreements to contend with, but the data may reside or travel through completely different countries, introducing some sometimes very thorny jurisdiction issues which can not only make it problematic to work within restrictive court imposed deadlines concerning eDiscovery and the potential to prosecute or defend, but sometimes even makes it impossible to gain access to the logs and other information vital to a case. The same goes for the cyber security aspect, because when data is out of your hands, it’s also out of your control, which is the first tenet of effective cyber security. Another big problem can also be the proximity and comingling of information with other cloud subscribers, which can make the identification, acquisition and production of digital evidence feel more like an art form than a science in a great many cases.”
A fish out of water shouldn’t be driving
“If there is one thing the NIST report makes abundantly clear, it’s that when dealing with a cloud environment, there is no perfect roadmap to deal with cyber security and eDiscovery issues. With all the variables involved, nine times out of ten it takes the ability to adjust effectively on-the-fly. Otherwise, it’s like thinking you can just get up and scale Everest one morning because you read an article on how it’s done. But in truth, it will take a whole lot of experience in dealing with environments like that, knowing everything about your equipment inside and out and how to adjust if anything goes wrong with any of it, and following the guidance and instructions of the sherpas who’ve made the ascent many times before. Think of us like the sherpas, our team of specialists will study the clouds, gauge the snow and help you pick the best tools equipment and path to successfully make it to the top of the mountain. Because if you leave that role in the hands of an internal department or outside vendor not skilled or experienced enough to handle the nuances of the cloud, you’ll just end up another frozen body buried in the snow on the path to the summit.”
Experts with ESI, from security to eDiscovery
*Global Digital Forensics is a recognized leader providing cutting edge solutions in the fields of computer forensics, eDiscovery, cyber security and emergency incident response . GDF is strategically positioned with resources across the country and the globe to react quickly and efficiently with a staff of highly qualified and experienced specialists. Many Fortune 500 companies have trusted GDF with their most sensitive situations. GDF has the technology, skill and experience to ensure any computer forensics tasks and/or eDiscovery needs are handled in a highly cost effective manner, while always ensuring exceptional, defensible results. To speak with a GDF evidence specialist about a plan to suit your unique needs, call 1-800-868-8189. The call and the initial consultation are free. For more information, visit our eDiscovery, cyber security and digital forensics pages.