Security Basics mailing list archives
Re: Bruce Schneier on Google Apps. Do you trust Google?
From: "J. Oquendo" <sil () infiltrated net>
Date: Tue, 28 Jul 2009 16:37:42 -0400
Ali, Saqib wrote:
3) Documentation process for Chain of Custody will not change (AFAIK). Once you get a e-discovery request or learn that a lawsuit has been filed, you can retrieve the required data from SaaS provider, and then proceed with the investigation.
"you can retrieve the required data from SaaS provider, and then proceed with the investigation/" Really? Like spot-on write-protected copies of hard drives "in the cloud"?. I'd like to see the first company willing to comply with something like that. "At present, there is no foolproof, universal method for extracting evidence in an admissible fashion from cloud-based applications, and in some cases, very little evidence is available to extract. As such, cloud computing represents just one of the fast-paced technological developments that is presenting an ongoing challenge to legislators, law enforcement officials and computer forensic analysts." http://www.articlesnatch.com/Article/Cloud-Computing-And-Computer-Forensics/663389 It's only going to be a matter of time before someone(company) stumbles over compliance (EDD/Elect. Data Disc.) because - a) "Engineer Accidentally Deletes Cloud" [1] b) "Storms in the Clouds Leave Users Up Creek Without a Paddle" [2] or maybe just maybe - at the time or e-discovery there is a simple outage... And while you can transfer risk, you CANNOT transfer responsibility. So for your comment, on #3, makes little sense. Besides how do you even know your cloud provider has individuals competent in forensics. Are you willing to trust your business' livelihood on "I thought they did!" I'd forget anything cloud related when it comes to business. [4] Its adding on more unnecessary risk to save a buck or two whereas at the end of the day, it could cost you who knows how much more than that buck. [1] http://www.theregister.co.uk/2008/08/28/flexiscale_outage/ [2] http://arstechnica.com/news.ars/post/20080813-storms-in-the-clouds-leave-users-up-creek-without-a-paddle.html [3] http://www.pcworld.com/article/160153/gmail_outage_marks_sixth_downtime_in_eight_months.html [4] http://www.infiltrated.net/cloud-insecurity.pdf -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Bruce Schneier on Google Apps. Do you trust Google? Ali, Saqib (Jul 27)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Kurt Buff (Jul 27)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Ali, Saqib (Jul 28)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Kurt Buff (Jul 28)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Richard Golodner (Jul 28)
- Message not available
- Re: Bruce Schneier on Google Apps. Do you trust Google? Ali, Saqib (Jul 30)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Ali, Saqib (Jul 28)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Kurt Buff (Jul 27)
- RE: Bruce Schneier on Google Apps. Do you trust Google? Ken Kousky (Jul 28)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Ali, Saqib (Jul 28)
- Re: Bruce Schneier on Google Apps. Do you trust Google? J. Oquendo (Jul 28)
- Re: Bruce Schneier on Google Apps. Do you trust Google? Ali, Saqib (Jul 28)