CSP – T Clouds Project

Cloud computing is a technology which allows users to access storage, software, and infrastructure and deployment environment based on a model named “pay-for-what-they-use”. The nature of the cloud environment is that it is multi-tenant and dynamic as there is a need for addressing the various legal, technical and organizational challenges regarding the cloud storage.

With the dynamic nature of the cloud environment, it is possible for digital investigations to be carried out in the cloud environment. Digital forensics has to adhere to a number of steps as it was the case with traditional computer forensics. These steps include Identification, Collection, Examination and Reporting/ Presentation. The first step involves identifying the source of evidence, while the collection phase involves identifying the actual evidence and collecting the necessary data. The examination stage involves analyzing the forensic data, while in the reporting phase, the found evidence is presented in a court of law.

The digital investigators experience challenges as a result of the legal, technical and organizational requirements. If some compromise is made on the part of the CSP, then the evidence which is provided will not be genuine. It might have happened the data you are relying on as evidence was injected by a malicious individual.

A number of digital devices are currently using the cloud, but the investigators are given little chance to obtain the evidence. The available Agreement may not be stating the role of the CSP in carrying out the investigation and its responsibility during the time of happening of the crime. The CSP might have failed to keep logs which are an important part in getting evidence regarding the occurrence of a crime. The investigator also has to rely on the CSP for collection of the necessary log files, and this is not easy. Many researchers have clearly stated that many investigators experience difficulties in trying to collect the log files.

The cloud service provider will provide their clients with a number of different services, and it has been found that only a few customers from the same organization will be accessing the same services. Malicious users are capable of stealing sensitive data from the other users and this can negatively affect the trust of the CSP. There is a need for the cloud to protect against these malicious activities by use of Intrusion Detection Mechanisms for monitoring the customer VMs and in detecting malicious activity.

A user can create his or her physical machine to create a VM. Other than for the user having to request, some cloud software such as the OpenStack and eucalyptus will create snapshots from a VM which is running and then store the snapshots till when the VM has terminated. If you reach the maximum VMs, then the older VMs will be deleted from the system. The snapshots from a cloud environment are a great source of digital evidence and they can be used for the purpose of regenerating events. It is hard for us to store numerous snapshots. The snapshots have also been found to slow the virtual machine, and this is determined by the rate at which it has changed since when it was taken and the period of time for which it is stored.

Malicious activities will always be identified in case the users of the VM carry out actions such as uploading a malware to the systems in our cloud infrastructure, excessive access from a location, or by performing numerous downloads or uploads within a short period of time. Other activities which can be suspicious include cracking of passwords, launching of dynamic attack points and deleting or corrupting some sensitive organization data.

FedRAMP (Federal Risk Management and Accreditation Program) is an accreditation process through which the cloud provides align their security policies to those that have been stated by the U.S government. Although this process is new, it has brought a number of improvements to the cloud security and is expected to being more improvements. With the approach, standardisation is provided for both cloud services and products.

It is aimed at accelerating the rate at which secure cloud solutions for the government agencies are adopted, and the security of cloud products and services is improved. FedRAMP also ensures that consistent security is achieved across all the government agencies, automating the services and ensuring that there is continuous monitoring.

FedRAMP helps us implement a framework in with a standardised processes for the purpose of security assessments which can leverage the path for the ongoing authorisation and assessment and as well as the initial P-ATO. With a unified approach to the idea of cloud computing, you will experience a decrease in time, cost and the resources which be needed in architecting the cloud solution and the security will be improved while creating uniform standards across all the government agencies. This will make it easy for the agencies to update their IT infrastructure so as to make an improvement so as to provide services and protect their data in an efficient manner.

Although the FedRAMPO will provide us with the framework, agencies will be tasked with looking for the cloud service provider (CSP) having P-ATO and meting all the needs of the FedRAMP. The agency will also be tasked with taking a good inventory of the cloud services, which will help us develop a good cloud strategy, and report on the cloud service infrastructure on an annual basis. This task can be tiresome and this is why agencies usually choose CSP who not only satisfies the needs of the FedRAMP but has a complete understanding of the whole FedRAMP process and has the necessary resources so as to continue supporting the agency.

As government agencies continue to adopt cloud computing, quality CSPs are a necessity as they can help the agencies to reduce the risk they face in cloud adoption strategies. Since each agency is unique in this case, each may have its own requirements. Also, CSPs are not the same. However, the best thing is for the agency to look for a CSP which is much flexible. This will make it possible for the specific security controls of the agency to be layered to be layered on top of our base FedRAMP infrastructure. Each agency will want to get a CSP formed by a team of professionals who are experienced and willing to listen to the agency and understand its specific needs. The CSP should also help the agency in achieving their unique objectives.
For some enterprises, FredRAMP will have two meanings: a mechanism for measuring the success of security, and a way for selling the cloud services to the government agencies under the command of migrating to the cloud.

Some of the organisations which run clouds and adhere to the FredRAMP standards include Akamai, Amazon Web Services, Lockheed Martin and the U.S Department of Agriculture. Both the private industry representatives and governmental stakeholders took part in developing the FredRAMP standards in 2012. They were geared towards reducing costs, increasing efficiencies and increasing the level of safety in the cloud. In case you are not a CSP, there are several avenues for you to get involved. You can take advantage of a FredRAMP provider, which will help in sending messages of seriousness. You can also apply for a Third-Party Assessment Organisation.