Computer Security Incident Response Teams (CSIRTs) form the cornerstone of coordinated incident response and computer security information sharing for governments and large enterprises around the world. This model has worked well for handling malicious activity on the traditional Internet. However, the advent of Cloud Computing has created a new set of challenges for security professionals in securing the platforms that deliver the cloud. It is unclear that traditional CSIRTs are currently positioned to provide the same level of support for Cloud Computing platforms and their Providers. However, the concentration of assets that is the very nature of Cloud Computing creates the real possibility that the consequences of incidents within Cloud will be much more severe than traditional incidents. For that reason, the Cloud Security Alliance has launched the CloudCERT Initiative.
Although Cloud Computing is clearly built upon traditional Internet services, protocols, and infrastructure, these components are brought together in novel ways. The definitional characteristics of Cloud Computing, such as multi-tenancy, elasticity, resource sharing and on demand provisioning have the potential to complicate traditional CSIRT operations. In addition, the business models of Cloud Computing encourage many tiers of providers and customers within a single virtual infrastructure. How to coordinate appropriate and efficient incident response without impacting continuity of operations for other customers or without violating laws and contractual agreements is not clear today. In addition, the speed with which incidents must be resolved becomes much greater. Therefore, there may be significant enough differences to warrant the creation of a Cloud CSIRT capability that specifically concerns itself with Cloud Security and serves the Cloud Computing community.
Click here to read more