Cloud Computing

Brian Honan (Europe) - When Lightning Strikes

In life there are two certainties, they are death and taxes.  For the information security professional there is a third certainty, you will suffer a security breach at some stage in your career.  How you and your organisation deal with that security breach will directly influence the damage it could cause to the business.  This has always been the case and is now probably more important once you move data and services to the cloud.

Moving to the cloud makes incident response more complicated to deal with than if you were to host the systems yourself.  Due to the nature of the cloud, your data can be located in various data centres across multiple jurisdictions. This not only raises issues regarding privacy and regulatory compliance on where you data is located, for example the European Data Protection Directive, but it also has implications on how a security breach should be handled. Whereas in the traditional environment the people, tools and legislation under which you manage your response are more clearly understood, within the cloud environment it may not be clear as to whom is responsible for what or indeed under which jurisdiction the breach occurs. 

Should a breach occur in the cloud it can be unclear as to who should be managing the breach, who is charged with gathering the forensic evidence, who should contact law enforcement and what the legal and regulatory implications are resulting from the breach.

When migrating to the cloud, it is important to keep in mind what needs to be in place in the event a security breach occurs at a later date.  Make sure you are familiar with the incident response process and capabilities of your provider.  Ensure that you have clearly defined communication channels established between your incident response team and that of the provider.  You should also agree the exact roles and responsibilities each team will have in the event of an incident, and how those teams will work together to resolve and manage an issue.

The other key issue to address is to determine what the legal implications a security breach within your cloud provider can have for your business.  Depending on your cloud provider your data could be stored across multiple servers located in multiple datacentres, which in turn could be stored across multiple locations in different countries or indeed continents.  Should your cloud provider suffer a security breach impacting on your data you need to determine what the legal implications are;


  • Are there mandatory breach notification laws that you, or your provider, have to comply with? If so, who is responsible for that notification?
  • If a criminal case is to be pursued as a result of the breach, under which jurisdiction will the case be prosecuted? Will it be the jurisdiction under which your company, or that of your cloud provider, is headquartered? Or indeed will it be the jurisdiction of the datacentre where the breach occurred?
  • If your cloud provider suffers a security breach impacting on your data are they legally, or contractually, obliged to notify you of the details?

The answers to the above questions are important as they will determine how you develop your incident response capabilities.  They will also ensure that you are aware of the legal and regulatory obligations you have to meet in the event of a security breach and what role each organisation will play.

While we may not be able to prevent death, taxes and security breaches, we should at least ensure we are best prepared for their eventualities.

Brian Honan is an independent information security expert based in Dublin, Ireland.  Brian is also the COO for the Common Assurance Maturity Model and founder and head of Ireland's CERT.


« Ali Ahmar (Middle East) - Key to the Growth and Modernization of the Healthcare Sector


Ken Scott (Australia) - Why Australian Organisations are Embracing Best Practices »


Do you think your smartphone is making you a workaholic?