One of the serious concerns when it comes to cloud computing security
is the malicious insider threat. According
to CERT a malicious insider is a ”current or former employee, contractor, or
other business partner who has or had authorized access to an organizations network,
system or data and intentionally exceeded or misused that access in a manner
that negatively affected the confidentiality, integrity, or availability of the
organizations information or information systems.”
Malicious insiders can have an increasing level of access to
critical systems from IaaS to PaaS and SaaS but despite the concern cloud
computing use continues to grow. There are three types of cloud-related insider
threats:
- · Rogue Administrator – This administrator is employed by the cloud and the motivation behind the attack is often financial , resulting in theft of sensitive information, loss of confidentiality and integrity
- · Insider within the Organization, who exploits vulnerabilities exposed by the use of cloud services. This is often enabled by the differences in security policies or access control between the cloud provider and the organization.
- · Insider, who uses cloud services to carry out an attack on his own employer. The difference here is that the insider uses the cloud as a tool to attack targeted systems or data that are not necessarily associated with the cloud-based systems.
There are some countermeasures that both organizations and
providers should consider. For the client side IDS/IPS mechanisms may be implemented
along with cryptographic techniques to protect the confidentiality and
integrity of their data. Some steps that the provider can take to minimize the
risk of an insider threat are: separation of duties, logging user and
administrator actions, legal bindings, insider detection models, anomaly
detection, and multi-factor authentication.
Cloud computing offers business efficiency improvement but
also provides new possibilities for insider attacks. In order to protect
themselves, organizations need to be aware of the vulnerabilities related to
cloud computing services and the availability they provide to employees.
Resources:
Claycomb, William & Nicoll, Alex, (n.d.), Insider Threats to Cloud Computing:
Directions for New Research Challenges, retrieved from http://resources.sei.cmu.edu/asset_files/WhitePaper/2012_019_001_52385.pdf
Miltiadis Kandias, Nikos Virvilis, Dimitris Gritzalis,
(2011), The Insider Threat in Cloud
Computing, retrieved from https://www.infosec.aueb.gr/Publications/CRITISCloud%20Insider.pdf
No comments:
Post a Comment