ENISA Issues Guidance on Cloud Incident Responses


In light of the increasing importance of cloud computing—Cisco Systems Inc. estimates 83 percent of all data center traffic will be held in the cloud by 2019—the European Union Agency for Network and Information Security (ENISA) recently issued an analysis of cloud incidence response.

The rapid increase in data stored in the cloud has made it a more attractive target for malicious activities, forcing cloud service providers (CSPs) to conduct sophisticated digital forensic investigations.

ENISA set out in this report to present the limitations of investigating cloud incidents and techniques and best practices for conducting cloud forensic analysis. The report is primarily targeted to CSPs and law enforcement and policy makers.

ENISA recommends that CSPs create a mechanism to efficiently retrieve data in the event of a breach and development legal procedures that will ensure access to that information, while identifying a point of contact to lead on forensic investigations.

Law enforcement and policy makers, according to the report, should also develop standard procedures on forensic analysis that can be reliably presented as evidence to a jury to demonstrate a breach of the cloud. Policy makers, moreover, should establish EU-level guidelines for Security Operations Centers and rules to facilitate cooperation between CSPs and law enforcement. 

Underlying the rest of the recommendations, ENSIA suggested more investment in education and training for all groups involved.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.