3.6 Incident Response
Incident response is the method for dealing with the security of a computer system when there is an attack. Incident response activities include incident verification, analyzing and containing the attack, collecting and preserving data, fixing the problem, and restoring services. Hence it is very essential to revise the organization's incident response plan and ensure that the differences between the computing environment of the organization and the cloud are addressed. This is a prerequisite for transitioning of applications and data but it is overlooked most of the time.
To ensure security and privacy in cloud computing, it is important for the service provider and the subscriber to collaborate and formulate a well-defined incident response plan. The provisions and procedures of the incident response plan must be finalized before entering into a service contract in order to avoid issues later on. In a particular case, it reportedly took a provider almost eight hours to recognize and start taking action on a denial of service attack against its cloud infrastructure, after the issue was reported by the subscriber.
Incidence response has to be handled such that there is limited damage and with reduced recovery time and cost. For effective incidence response, it is essential to quickly convene a team of representatives that includes members from both the cloud provider and the service subscriber. This is important as the remedy for an attack may involve a single party or require the participation of both parties. Another possible issue that may arise during incidence response is that, resolving the current issue may affect other subscribers of the cloud service. To address this issue, it is vital that the cloud providers follow a transparent response process and share information with the subscribers during and after the incident.
Availability can be defined as the extent to which the organization’s set of computational resources is accessible and usable. Availability can be affected either temporarily or permanently, and the losses can be partial or complete. Some examples of threats to availability are denial of service attacks, equipment outages, and natural disasters. Most of these downtimes that occur due to loss of availability are unplanned.
• Temporary Outages. Temporary outages as the name suggests are the loss of availability of services for a short period of time. Even though the architectures are designed to have high reliability and availability, cloud computing services experience outages and performance slowdowns. There are a lot of instances where there have been temporary outages due to natural causes and other service issues. The reliability of a cloud service and its recovery capabilities have to be addressed in the organization’s initial recovery planning to ensure that recovery and restoration happens or if that fails then alternate services, equipment, and locations, are...