Reaction to:
Cloud Computing: Another Digital Forensic Challenge by John J. Barbara
With the growing popularity and use of cloud computing in businesses, the digital forensics field has to develop new methods for investigation. The main problem for businesses according to John J. Barbara, "The business or customer is not generally aware of the physical location of the data." This means that if there are problems with the site where the information is stored, businesses might not know how to recover their data, or data privacy could become compromised.Although cloud computing makes it easier for companies to communicate and share information among employees, it becomes more difficult to make sure that the information is kept secure, because the information is somewhere else. If a company is undergoing investigate and their cloud is on server physically located outside the jurisdiction of the digital forensics team, it could cause issues. "Establishing a chain of custody for the data would become difficult or impossible if its integrity and authenticity cannot be fully determined" (Barbara, 2009). Just as businesses are struggling to keep up with their growing need to store data, forensic teams are struggling to implement new strategies for investigation. Legal implications arise as well. New laws may have to be enacted in order to allow digital forensic teams to have access to servers outside their jurisdiction.
Cloud computing while being very useful for businesses, is presenting challenges in other realms.
Things I wonder:
For what other fields might Cloud Computing cause challenges?How quickly are laws being written to deal with digital material? Does it have a sense of urgency in law enforcement?
What should businesses consider when deciding to use cloud computing?
Citation:
Barbara, John J. (2009). "Cloud Computing: Another Digital Forensic Challenge." Forensics Magazine. Retrieved from: http://www.forensicmag.com/articles/2009/10/cloud-computing-another-digital-forensic-challenge
In my full-time library world I utilize the cloud everyday for Article Exchange with other libraries ,i.e. digital interlibrary loan. As I learn more about the other aspects of cloud computing, in my naïveté, I would not have considered the forensic hurdle. When I think of cloud computing one of the strongest characteristics which it features is security. I know someone who changed to iCloud (Apple's web-based media streaming, sharing, and storage service) because of being hacked. So those criminal minds out there violating cyberspace have all sorts of potential. After reading this article it is apparent that the need for laws, e.g. determination of jurisdiction, are mandatory. However, “Cloud computing is a new way of delivering computing resources, not a new technology” (http://itlaw.wikia.com/wiki/Cloud_computing). Customer support, Healthcare, Clinical Trials and other research disciplines find collaboration “in the cloud” because as a data center it is accessible by institutions on as needed basis. Most businesses primarily would consider the economics of utilizing cloud computing however, this May 2012 article might help clarify the legal aspects: http://technet.microsoft.com/en-us/magazine/hh994647.aspx
ReplyDeleteI enjoyed reading the May 2012 article in relation to the 2009 article I posted. It seems that this issue has been taken seriously and that there were laws being written to clarify ownership and regulations. I also think the benefits of cloud computing outweigh any risks involved. IT makes collaborating from great distances much easier. It's like teleportation for documents.
ReplyDeleteThis article brings up a whole other side of cloud computing that many people probably don't even think about - security, traceability of the usage of a cloud service and the data that goes with it. I have to say that the first thing that comes to my mind when I hear cloud computing is using software, (SaaS), like accessing Microsoft Office programs from the cloud. The last thing, what would happen if an investigation into criminal activity came about and who has the authority over access to the data or the people who have used the cloud service for a forensics analysis.
ReplyDeleteI think businesses really need to analyze what they want from a cloud service, etc. when deciding to use cloud computing. I don't think a decision can be made to use cloud computing just to drive down costs. One consideration should be if their applications will work well in the cloud. From an article I found on Forbes.com, 9 'Worst Practices' to Avoid With Cloud Computing, a chief technology officer & IT architect, Mike Kavis says, “In fact, very few applications are good candidates to move to the cloud in their current architecture…. Most legacy architectures were never intended to be built in a manner where the system automatically scales as the number of transactions increases.” (http://www.forbes.com/sites/joemckendrick/2014/01/29/9-worst-practices-to-avoid-with-cloud-computing/) So cloud computing can be using a service for software or storage to moving parts of a business or the entire business to the cloud.
After reading this article and the one Peggy included in her response, there is much more to cloud computing that just choosing a service. A business has to take time and look at the security, law enforcement, the privacy rules & regulations for the data to be moved and used in the cloud as well.
What really stood out to me in this article was the idea of not knowing where the data on the cloud is physically kept. I think it's easy to think of "the cloud" in an abstract sense, but the implications of physical security breaches also need to be explored. As cloud computing develops and becomes more prevalent, I'll be interested in seeing how various security and privacy laws develop with it.
ReplyDeletePeggy, thank you for sharing the article! It gives more information on how complicated the system is.
ReplyDeleteI find the idea of not knowing where the data is stored disconcerting. If, as pointed out by the article, it is stored in a country that does not subscribe to US policies of privacy, then your records become available to whomever, or even to agencies that would appreciate not having to get a subpoena to look at certain records.
While one can certainly do the due diligence necessary, I don't know that I would be comfortable storing sensitive information in the cloud. Having said that, I don't imagine businesses disclosing the location of sensitive information, so as a consumer I have no say in how my information would be stored (I am reminded of the breaches in security Target recently faced),
I am wondering; how would the Freedom of Information Act be impacted by information storage that resides in other countries? Or copyright laws/ violations? Thoughts?
I agree with the other comments in that I haven't given the security of cloud computing much thought. I can only imagine that it probably is fairly easy for those hackings to get into these systems and play around with the data stored. I agree as well with the thought that we don't really know where this is being stored either. I wouldn't want library records stored on something that could easily be hacked into. Definitely something to throw around and think about.
ReplyDeleteI had never thought about the legal aspect of cloud computing until this article. Before companies make the decision to use cloud computing they really need to do their homework and think about where the data is stored, who has access to it, what some of the legal issues are. Very thought provoking.
ReplyDeleteI thought about other people being able to view it in an earlier post on the blog, so I'm glad it was brought up again and more in depth. It is a valid issue that causes serious concern. I do think the idea is good, I just worry about actually keeping is secure to keep people out who should not view the material.
ReplyDeleteThis was an really interesting article and I really enjoyed it.
I really enjoyed this piece as it is an area that I would like to learn more about. Other fields or disciplines that cloud computing may pose challenges in can be medical and health information. I do believe there is a sense of urgency with law enforcements, but maybe not with other fields. When businesses are considering using cloud computing, they should first consider if they can afford it or not. Secondly, they should consider the security associated with the is and the type of information being stored.
ReplyDelete