The US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.
The CSA has set out its proposals in a new white paper The Mandate for Meaningful Cyber Incident Sharing for the Cloud, in which it says: “A major impediment to protecting information assets in an enterprise is the unwillingness and/or inability to share cybersecurity incident information. Fear of public exposure and resulting legal ramifications has caused organisations to withhold critical attack signatures that could have impeded or even prevented several of the industry’s most notable breaches.”
It adds: “Enterprises and cloud providers … all have a distinct need to understand the types of incidents that peers and technology partners are experiencing, so that they can better protect themselves and their customers. For cloud providers, which play a unique and central role in the IT infrastructure, the challenge is especially acute given the potential widespread implications of a successful attack.”
And it gives a telling example: immediately after the, now notorious, attack on Target 18 other companies were attacked using the same methods. The speed with which this happened, the CSA says, was the result of cyber criminals, having very effective information sharing networks, unlike enterprises. “Once an exploit is shown to be effective, or a zero-day vulnerability discovered, it is often quickly disseminated via a number of underground channels and rapidly used by a variety of bad actors against a large number of potential targets.”
To enable the anonymous sharing of information, and swift action based on the intelligence provided, the CSA is proposing the development of a Cloud Cyber Incident Sharing Centre (CISC), saying: “Once an incident report is shared, the Cloud-CISC platform’s unique algorithms provide near-real-time correlation with reports supplied by other vetted members. If similarities are discovered, members can be alerted and provided with the related reports that contain additional attack indicators, valuable context and mitigation advice.”
It has set out a four stage process aimed at bringing this vision to reality.
1. Establish a small steering committee (8-10 people) with representation from both cloud providers and cloud customers.
2. Provision steering committee members to access the Cloud-CISC platform, giving each the ability to transmit and access incident reports.
4. Develop a charter and standard operating procedure for the CISC following the conclusion of the 90-day evaluation period.
Axelera CEO, Vic Cinc, said: “If such a scheme could be developed and implemented, with adequate safeguards, it would give a huge boost to the cloud computing industry’s defences against cyber criminals.”
Axelera’s Cloud Platform and Managed Services are a secure, flexible, cost effective solution supported by Australian specialists.
|Managed Cloud||Managed Services||Managed Azure™|