Software Engineering Institute

Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I

November 15, 2013 • Technical Note

By

Greg Porter (Heinz College at Carnegie Mellon University)

In this report, Greg Porter documents preliminary findings from interviews with cloud service providers on their insider threat controls.

Publisher

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2013-TN-020

DOI (Digital Object Identifier)

10.1184/R1/6572234.v1

Topic or Tag

Cloud Computing Cybersecurity Controls Insider Threat

Abstract

In early 2013, researchers in the CERT® Insider Threat Center contacted commercial and government cloud service providers (CSPs) about participating in research to gain a preliminary understanding of implemented administrative and technical controls that they are using to identify and manage the threats posed by insiders. These CSP participants provided frank and meaningful insight about their insider threat management programs and enterprise security practices. This report contains the observations obtained from interviewing the CSP personnel who volunteered to participate as well as an analysis of CSP management of insider threat based on the information obtained in interviews, observations of implemented insider threat controls, and risk considerations.

Cite This Technical Note

APA

Porter, G. (2013, November 15). Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I. (Technical Note CMU/SEI-2013-TN-020). Retrieved January 9, 2025, from https://doi.org/10.1184/R1/6572234.v1.

BibTeX

@techreport{porter_2013,
author={Porter, Greg},
title={Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I},
month={{Nov},
year={{2013},
number={{CMU/SEI-2013-TN-020},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6572234.v1},
note={Accessed: 2025-Jan-9}
}

CHI

Porter, Greg. "Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I." (CMU/SEI-2013-TN-020). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, November 15, 2013. https://doi.org/10.1184/R1/6572234.v1.

IEEE

G. Porter, "Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2013-TN-020, 15-Nov-2013 [Online]. Available: https://doi.org/10.1184/R1/6572234.v1. [Accessed: 9-Jan-2025].

MLA

Porter, Greg. "Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I." (Technical Note CMU/SEI-2013-TN-020). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 15 Nov. 2013. https://doi.org/10.1184/R1/6572234.v1. Accessed 9 Jan. 2025.

SEI

Porter, Greg. Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I. CMU/SEI-2013-TN-020. Software Engineering Institute. 2013. https://doi.org/10.1184/R1/6572234.v1

Ask a question about this Technical Note