In a Lawsuit, Can Your Cloud Provider Get Key Evidence You Need?

Any business that anticipates using cloud-based services should be asking the question: What can my cloud provider do for me in terms of providing digital forensics data in the event of any legal dispute, civil or criminal case, cyberattack or data breach?

By Ellen Messmer
Wed, March 06, 2013

Network World — Any business that anticipates using cloud-based services should be asking the question: What can my cloud provider do for me in terms of providing digital forensics data in the event of any legal dispute, civil or criminal case, cyberattack or data breach?

It's going to be different for every provider, according to the industry insiders and legal experts who discussed this topic during a panel session at the recent RSA Conference. And complicating cloud-based forensics is that the high-tech industry is still scratching its collective head over basic requirements, some of which are being pounded out now in the Cloud Forensics Working Group at the National Institute of Standards and Technology (NIST).

[ MORE: Getting forensics data off smartphones, tablets can be tough, experts say

MORE: Using forensics to deeply understand the security impact of iOS and Android in the enterprise ]

"In cloud, we're still struggling with definitions," said Steven Teppler, partner at the Sarasota, Fla.-based law firm Kirk-Pinkerton PA in its information governance and electronic discovery practice. "This causes problems for attorneys. We may not get answers that are complete because we don't know what to ask."

Teppler, who spoke on the panel, said the focus for any lawyer is on obtaining cloud forensics evidence which will lay a foundation for admissibility under the law that a jury can weigh, based on the "provenance" of the information -- the who, what and where of the data. He also noted the process known as "legal discovery" to collect information in any dispute is always constrained by time and expense.

The reality is that "anyone can be sued," said Teppler, and if served with a complaint, it may be necessary to speak with your cloud provider to ensure that information can be preserved "in a consumable fashion" that can be used by the opposing party. This adds up to the need to make a "good-faith effort" that has IT people speaking with corporate lawyers to make forensics-based information available.

The world today is populated with "lots of little clouds," noted Christopher Day, chief security architect and senior vice president of secure information services at Verizon Terremark, speaking on the panel. These can be roughly construed as infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) vendors.

Day said Terremark uses an IaaS cloud based on VMware virtual machines (VMs). In the event that Terremark got a served a warrant by law enforcement, Terremark has procedures in place to "get them the image they want," Day said. "We have to show we haven't messed up the image."

1 2 3 next page »

Originally published on www.networkworld.com. Click here to read the original story.

More from CIO

You are here: Technology Topics » Cloud Computing » News

Most Recent Cloud Computing Stories

White Papers »

Enhancing Cloud Connectivity for Optimal Application Performance

Increasing dependence on Cloud-based applications hosted in distant data centers makes the quality of backbone networks connecting them increasingly critical.

American CIOs Shift Focus from Cost Cutting to Value Creation

A new IDG Research study finds that US and Latin American CIOs believe that Big Data and cloud are spurring competitiveness and productivity gains, with security an essential-a given.

Billing as a Service in the Cloud Ecosystem

Learn more from IDC about how Aria Systems is providing billing process services to businesses deployed in the cloud.

To Build or Buy: Key Decision Points for Choosing the Best Billing Solution

Successful companies with recurring revenue models, the "build vs buy" convo must be strategic and thoughtful. Advanced and flexible billing solutions have shifted from an operational necessity to an important element in business planning.

Putting DevOps and the Hybrid Cloud into Practice

Many organizations are currently seeking to adopt DevOps because of the promise it holds for enabling them to respond rapidly to marke changes, with higher quality and reduced cost.

DevOps for a New Millennium: A Lifecycle Perspective Supporting Business Growth in an Altered Economy

The "DevOps" term is used to describe the process of managing the handoffs necessary for Development and Operations teams to work in a collaborative manner.

Webcasts »

IDC Webinar: Finding the Key To Unlock Cloud Connectivity Performance

Improving the performance of Cloud-delivered business apps is shaping the evolution of enterprise WANs. In this on-demand webinar, IDC analyst Melanie Posey gives insight into how network performance fuels Cloud-based app performance.

Video Conferencing: A Dive Into The Industry's Hottest New Trends

View Now!

Turbocharge Your Business: Leveraging SaaS to Drive Innovation and Results

Learn how sales, finance, marketing, procurement, and supply chain leaders are leveraging SaaS to become more agile and serve the customer better.

B2B Integration on Cloud: Real World Solutions and Technology Advances

Watch the webcast with IBM experts to learn about the advancing capabilities and strategic direction for B2B Integration on Cloud.

How The Cloud Threatens Midsize Enterprises...And What To Do About It

A recent study showed 92% of IT pros recognize that moving to the cloud provides a competitive edge, but only 20% plan to get there. The failure to close that Cloud gap poses a serious threat.

Cloud Collaboration Knowledge Vault

In the new mobile era, IT must foster collaboration across a host of mobile devices and tablets. Learn from videos, case studies and reports how to sync files across your desktop, browser and mobile devices.