Cloud computing environment

Cloud computing environment

1. Cloud computing environment poses many challenges for incident handling and Incident Handlers (IH). Cloud infrastructure has no access to event-specific data, which makes it difficult. Furthermore, the cloud contains many components which may have security issues of their won, like database, memory management, virtualizations, operating systems and others. This makes it challenging to locate the actual incident within the system. Misdirection of incident reports also occurs in cloud computing, where the reports are forwarded to the wrong party. The interfaces present inside the cloud, which are mostly controlled by the Cloud Service Provider (CSP), are not sufficient enough to provide relevant data, and cannot integrate the already available data into the monitoring software for evaluation. Cloud computing can also make safety procedures vague. To avoid this, the IH team working on a cloud infrastructure must be familiar with the configuration and working of the cloud system.
2. Incident handling poses some challenges in a cloud-based environment. The incident handling (IH) team has to deal with incidents related to data integration and plan their actions accordingly. Cloud computing does not offer access to event-specific data, which makes it challenging to track event-based incidences. Log maintenance and corrections in cloud computing are mostly controlled by the Cloud Service Provider (CSP), which does not provide access to every data. For Software as a Service (SaaS) and Platform as a Service (PaaS) applications, the access to event data is directly controlled by the CSP interfaces, which are not powerful enough to integrate the user data in the monitoring systems. The virtual infrastructure is not robust and can be used by an external attacker to attack the system. These can be avoided by using a cloud service within the infrastructure of the Cloud Service Provider (CSP) and reporting incidents associated with the CSP controlled infrastructure.
3. Cloud infrastructure enables multiple users to connect to a network, which can be accessed by different systems. While some of the users might pay for the services, some might not, which is a problem for incident handling. Cloud does not provide event specified data, which makes it problematic for incident report compilation. The cloud has too many components present inside it which may have security issues of their won, such as databases, load management, virtualizations, memory management and others. This makes it challenging to trace down the real incident within the system. Since the cloud does not support third party reports, it can result in reports getting misdirected, which ends up in the wrong party receiving the incident report. Since too many security parameters are attached to the cloud interface due to which the Incident Handler (IH) needs to go through each one of them to track down an incident within the network.
4. Incident handling when a system shifts to cloud computation infrastructure becomes challenging. There is limited access to the events which are directly under the control of the Cloud Service Provider (CSP), due to which the event data are not available to the Incident handler (IH). Furthermore, the virtualization infrastructure (whose underlying design is vulnerable to external attacks) is also directly under the control of the CSP. Cloud network enables multiple users to access the same data file from various systems, due to which in case of a corrupt file, the source is difficult to trace. Most of the incident handling must take place using the CSP interfaces, which are not sufficient enough to integrate the data into the event monitoring systems. Also, the cloud does not offer the addition of security-specific event sources, due to which the only event sources available are under the control of the CSP, which has restricted access. This can be overcome by increasing access to relevant data sources in the system.