Search “scholar.google.com” or your textbook. Discuss how organizations have faced the challenges that incident handlers are challenged with in identifying incidents when resources have been moved to a cloud environment.
Incident response is not just a critical job for a local organization; it is just as critical or more for an organization in the cloud. In fact, the processes of monitoring and management of incidents and problems (IPM), or the lack of them, represents a significant part of the operational costs of the data center.
Both the manual creation of incidents response and the automatic detection and response of incidents play a crucial role in the daily operational aspect of the cloud. (Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006))
Transformation to Cloud:
Currently, more and more organizations are moving to the cloud to reduce operating costs and achieve a high level of elasticity and reliability. Incident handlers for a more traditional organization face a series of challenges as they move to the cloud.
Challenges Faced by Incident Handlers in Cloud:
Some of the challenges faced by the people who handle incidents by shifting to cloud are,
Self-Service On Demand: The cloud infrastructure and the systems for a particular account are chosen when configuring the cloud in a series of incorporation steps. The first problem for incident handlers is to discover how to involve the rules and the incident management logic during this time, in the process of the cloud service provider.
Multi-Tenancy: Another challenge is the fact that most implementations in the cloud are multi-tenant, with shared resources. The response to incidents must be created taking into account the shared resources.
Elasticity: The dynamic nature of the allocation of resources in the cloud presents even more challenges, since the response to incidents can not be planned for a static set of resources, as in traditional systems. (Takabi, H., Joshi, J. B., & Ahn, G. J. (2010))
There are several remediation processes that counteract some of these problems and help incidents managers create an incident response mechanism for the cloud.
Incident Response and Handling:
The main consideration of information security is integrity, confidentiality and availability. Organizations are prepared in advance to respond to security incidents through security visibilities and automation controls to minimize the damage caused by incidents. Unplanned interruptions in information security services, denial of service, and intentional or unintentional intrusions into the data flow are known as security incidents. Reactive response to incidents is a thing of the past, and today’s cloud computing services are ahead of the time in detecting incidents, reacting and solving problems. No matter how strong the security infrastructure is, incidents continue to occur, and the handling of incidents in the environment of the cloud is more complicated than the handling of incidents with the traditional method. (Freiling, F., & Schwittay, B. (2007))
Challenges in Cloud:
Security must be a shared responsibility of customers and service providers; however, in the cloud environment, there is little or no knowledge of IR policies and client exercises and this ignorance is difficult to handle incidents in the cloud environment. The lack of response to the incident integrated with the continuous improvement, the failure of the clients in the preparation of the proactive measures and the fact of not having a clear ownership of the infrastructure, the tools and the procedures make the work of the incident handlers cumbersome.
According to Zhang, Q., Cheng, L., & Boutaba, R. (2010), security level agreements between customers and cloud service providers affect the response to incidents in the cloud environment. In addition, the lack of responsibility, infrastructure, resilience and sustainability also add to the difficulties of the incident manager. In the cloud environment, the boundaries are imprecise, they are marked correctly, therefore, incident managers have little knowledge of their rights and responsibilities and the collection of evidence in response to incidents becomes more problematic. (Zhang, Q., Cheng, L., & Boutaba, R. (2010))