Insider Threats Related to Cloud Computing--Installment 6: Securing Against Other Cloud-Related Insiders

Hi, this is Bill Claycomb and Alex Nicoll with installment 6 of a 10-part series on cloud-related insider threats. In this post, we discuss how to secure against two other types of cloud-related insider threats: cloud exploits and those using the cloud against you.

Protecting Against Cloud Exploits

Protecting against the insider who uses weaknesses exposed through the use of cloud services is challenging, but can be addressed via diligence and planning in implementing, transitioning to, and maintaining cloud services. Enforcing fundamental security controls, such as separation of duties, least privilege, consistent auditing, data loss prevention, etc., on cloud-hosted systems is important.

Organizations should not assume that because the system is hosted by a cloud provider that security is also handled externally. Current research on this topic includes solutions by Shin et al. showing methods for authorization in Toward Role-Based Provisioning and Access Control for Infrastructure as a Service (IaaS) and access control in A Policy-Based Decentralized Authorization Management Framework for Cloud Computing.

Additionally, organizations should have agreements and policies in place with cloud providers to handle cloud-based security incidents. A plan for incident response, including offline credential verification, is essential for a timely and efficient reaction to an attack in progress. System administrators within the organization should be familiar with configuration tools for their cloud-based systems, including procedures for quickly changing access controls or even disabling cloud-based services if necessary.

Protecting Against Those Using the Cloud Against You

Detecting insiders who use cloud-based services to carry out attacks on local resources can be challenging, particularly if an organization permits internal access to these services, such as web-based email accounts. Data loss prevention tools and techniques can be effective in detecting sensitive data being sent via email or uploaded to cloud-based storage. Limiting employee access to external resources via network or host-based controls (e.g., firewalls, proxies) is another option for some organizations.

Coming up next: We'll discuss seven proposed directions for future research on cloud-related insider threats, including two in detail.

Software Engineering Institute

SEI Blog

Insider Threats Related to Cloud Computing--Installment 6: Securing Against Other Cloud-Related Insiders

CERT Insider Threat Center

September 4, 2012

PUBLISHED IN

CITE

TAGS

SHARE

Written By

CERT Insider Threat Center

Author Page

Digital Library Publications

Send a Message

More By The Author

High-Level Technique for Insider Threat Program's Data Source Selection

May 30, 2019 • By Robert M. Ditmore, CERT Insider Threat Center

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

April 9, 2019 • By Michael C. Theis, CERT Insider Threat Center

API Hashing Tool, Imagine That

March 25, 2019 • By Kyle O'Meara, CERT Insider Threat Center

Insider Threat Incident Analysis by Sector (Part 1 of 9)

October 11, 2018 • By Randall F. Trzeciak, CERT Insider Threat Center

Substance Use and Abuse: Potential Insider Threat Implications for Organizations

April 12, 2018 • By Tracy Cassidy, CERT Insider Threat Center

More In Insider Threat

10 Lessons in Security Operations and Incident Management

March 4, 2024 • By Robin Ruefle

CERT Releases 2 Tools to Assess Insider Risk

February 26, 2024 • By Roger Black

The 13 Key Elements of an Insider Threat Program

October 23, 2023 • By Daniel L. Costa, Randall F. Trzeciak

How to Mitigate Insider Threats by Learning from Past Incidents

October 31, 2022 • By Daniel L. Costa

Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs

May 31, 2021 • By Emily Kessel, Sarah Miller, Carrie Gardner