hidden challenges with cloud · pdf filetable of contents . section 1: introduction . ......
TRANSCRIPT
![Page 1: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/1.jpg)
©2014 Navigant Consulting, Inc. All rights reserved.
When legal and forensic technology meet clouds
HIDDEN CHALLENGES WITH CLOUD COMPUTING
![Page 2: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/2.jpg)
Page 2 ©2014 Navigant Consulting, Inc. All rights reserved.
TABLE OF CONTENTS
Section 1: Introduction Section 2: Cloud Complexities Section 3: Cloud Access Section 4: Cloud Response Section 5: Cloud Governance Section 6: Questions
![Page 3: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/3.jpg)
Page 3
Page 3 ©2014 Navigant Consulting, Inc. All rights reserved.
INTRODUCTION
![Page 4: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/4.jpg)
Page 4 ©2014 Navigant Consulting, Inc. All rights reserved.
ABOUT ME
» Stephen Ramey, GCFA » Cell: (203) 648-2231 » [email protected]
» Work Experience:
› 9+ years experience conducting digital investigations › Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC › Former Alumni of two Big 4 firms › Worked on several high profile litigations and network breaches
![Page 5: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/5.jpg)
Page 5 ©2014 Navigant Consulting, Inc. All rights reserved.
ABOUT NAVIGANT
Navigant Consulting, Inc (NYSC:NCI) is a specialized consulting firm. We help clients address critical business risks and opportunities with a combination of technical and subject matter expertise. Legal Technology Solutions
› 275+ professionals › 35+ project managers › 20+ Forensic Specialists
United States
Canada
Shanghai, China Wanchai, Hong Kong Singapore, Singapore
Dubai, United Arab Emirates
United Kingdom
![Page 6: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/6.jpg)
Page 6
Page 6 ©2014 Navigant Consulting, Inc. All rights reserved.
CLOUD COMPLEXITIES
![Page 7: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/7.jpg)
Page 7 ©2014 Navigant Consulting, Inc. All rights reserved.
CLOUD BENEFITS
The Cloud
Reduced IT Spend
Security
Uptime
User Connectivity
Collaboration
Productivity
![Page 8: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/8.jpg)
Page 8
Page 8 ©2014 Navigant Consulting, Inc. All rights reserved.
"THE BASIC ISSUE IS, DO I TRUST THAT OTHER LEGAL ENTITY THAT HAS MY DATA ON THEIR HARD DRIVE?“ - BRUCE SCHNEIER, CTO CO3 SYSTEMS SOURCE: COMPUTER WORLD, CLOUD SECURITY CONCERNS ARE OVER BLOWN, HTTP://WWW.COMPUTERWORLD.COM/ARTICLE/2488086/CLOUD-SECURITY/CLOUD-SECURITY-CONCERNS-ARE-OVERBLOWN--EXPERTS-SAY.HTML
![Page 9: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/9.jpg)
Page 9 ©2014 Navigant Consulting, Inc. All rights reserved.
PRIMARY AREAS TO FOCUS
» What are the access controls to your information when it’s stored in the cloud?
» How will your cloud provider interact or participate during investigations, litigations, and legal holds?
» Do you have governance over and/or the “right to audit” your cloud provider’s service, security, and access controls?
![Page 10: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/10.jpg)
Page 10
Page 10 ©2014 Navigant Consulting, Inc. All rights reserved.
CLOUD ACCESS
![Page 11: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/11.jpg)
Page 11 ©2014 Navigant Consulting, Inc. All rights reserved.
THERE ARE MANY CLOUDS
» What type of cloud services will your company allow? › Individual file sharing: Dropbox, Google Drive, Microsoft Azure ‒ Concerns: ◦ Insider threat leaks Intellectual Property (“IP”) ◦ Preservation of company information from a personal account
› Enterprise wide: Box.com, Google Enterprise, Office 365 ‒ Concerns: ◦ “Someone” is accessing your information without your knowledge ◦ Data export speeds are throttled by the provider
› Social: Twitter, Facebook, Google+ ‒ Concerns: ◦ The “over-sharer” discloses non-public information
![Page 12: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/12.jpg)
Page 12 ©2014 Navigant Consulting, Inc. All rights reserved.
» Choosing a provider is about trust… and due diligence » Ask questions about the cloud provider:
› Who has access to the data, server rooms, and the facilities? › How are access controls monitored? › What’s the cloud provider’s obligation to release data to third parties? ‒ Law enforcement, government, previous employees
› Who works for the provider? Are background checks performed? ‒ Full time employees, contractors, vendors
› Where will my data be stored, physically? In what countries/territories?
» Employ your IT security teams to review controls of the providers and compare them to that of your organization
YOUR DATA IS YOUR DATA
![Page 13: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/13.jpg)
Page 13
Page 13 ©2014 Navigant Consulting, Inc. All rights reserved.
CLOUD RESPONSE
![Page 14: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/14.jpg)
Page 14 ©2014 Navigant Consulting, Inc. All rights reserved.
YOUR DATA CAN’T BE PRESERVED BY YOU
» Data collection can be difficult, costly and time consuming › Cloud providers may not have the expertise to preserve files, defensibly › Organization of exported data can create challenges for investigators ‒ Custodian identification may be difficult ‒ Metadata time/dates may be inaccurate from mass copying or moving
› Cloud providers may prohibit access to their systems with forensic collection tools » Data from multiple accounts can be co-mingled on the same hard drives
› Creates complexities with physically accessing the system › Confidentiality constraints between the cloud provider and those accounts
» Artifacts may be more difficult to acquire, preserve, or access › Account access logs: log on/off; file access, deletion, modifications › The servers physical location may affect data privacy laws and regulations ‒ Ex. US data stored on a server in a EU country
![Page 15: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/15.jpg)
Page 15
Page 15 ©2014 Navigant Consulting, Inc. All rights reserved.
CLOUD GOVERNANCE
![Page 16: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/16.jpg)
Page 16 ©2014 Navigant Consulting, Inc. All rights reserved.
POLICIES AND CONTRACTS
» To your employees: › Provide direction by establishing a policy for the use of the cloud and its products ‒ Take a stance: utilize specific cloud services ‒ Establish a data classification system for data stored in the cloud ‒ Develop an Acceptable Use Policy (“AUP”) for cloud products
» To your cloud provider: › Negotiate terms of the contract ‒ Service Level Agreements (“SLA”) for ◦ Response to incidents (data breach, regulatory inquiries and litigations) ◦ Data preservation ◦ Physical locations for data storage
‒ Right to audit security controls and services, periodically ‒ Fees related to data export, access by third parties, and bandwidth
![Page 17: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/17.jpg)
Page 17
Page 17 ©2014 Navigant Consulting, Inc. All rights reserved.
QUESTIONS?
![Page 18: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/18.jpg)
Page 18
![Page 19: HIDDEN CHALLENGES WITH CLOUD · PDF fileTABLE OF CONTENTS . Section 1: Introduction . ... Joined Navigant in early 2014 to lead their Digital Forensics practice in NYC ... COMPUTER](https://reader031.vdocument.in/reader031/viewer/2022030422/5aa94bec7f8b9a90188c9f63/html5/thumbnails/19.jpg)
Page 19 ©2014 Navigant Consulting, Inc. All rights reserved.
ADDITIONAL MATERIAL
» Computer Weekly.com, “Azure CTO Mark Russinovich’s top ten public cloud security risks”, October 10, 2014 › http://www.computerweekly.com/news/2240232396/How-to-mitigate-top-ten-public-cloud-security-risks-Azure-CTO-
Mark-Russinovich » Computerworld.com, “Cloud security concerns are overblown, experts say”, February 27, 2014
› http://www.computerworld.com/article/2488086/cloud-security/cloud-security-concerns-are-overblown--experts-say.html » InformationWeek.com, “9 worst cloud security threats”, March 3, 2014
› http://www.informationweek.com/cloud/infrastructure-as-a-service/9-worst-cloud-security-threats/d/d-id/1114085 » National Law Review, “Security and privacy are key concerns as mobile devices push cloud computing
growth”, January 6, 2015 › http://www.natlawreview.com/article/security-and-privacy-are-key-concerns-mobile-devices-push-cloud-computing-
growth » Forbes.com, “Will security kill the cloud?”, August 26, 2014
› http://www.forbes.com/sites/sungardas/2014/08/26/will-security-kill-the-cloud/