Jon Shende

Over the last few weeks I've been hearing a lot of discussion around HIPAA. When we speak about HIPAA, invariably the two components of data security and data privacy arises. In the traditional data centers, database managers and data owners know where their data resides and implement the necessary processes to preserve privacy and audit access. However, when we move to the cloud, the cloud being all about data, we are looking at servers, network, and storage that are abstracted. This raises concern that data owners may not necessarily know where their data sets physically reside and we are looking at Cloud Service Provider (CSP) employees who will be handling confidential patient data or Personally Identifiable Information (PII). Of importance here is that when it comes to leveraging the cloud ecosystem for healthcare segments, the foremost concerns are around HI... (more)

The Impact of the Cloud on Digital Forensics - Part 1

Digital Forensics is not an elephant, it is a process and not just one process, but a group of tasks and processes in investigation. Examiners now perform targeted examinations using forensic tools and databases of known files, selecting specific files and data types for review while ignoring files of irrelevant type and content. Despite the application of sophisticated tools, the forensic process still relies on the examiner's knowledge of the technical aspects of the specimen and understanding of the case and the law - Mark Pollitt. As has been established from articles by var... (more)

Choosing Your Cloud Vendor

Expanding on the " introduction to cloud computing" article, here are some additional suggestions for choosing  a cloud service model  provider. In a typical Cloud Computing data centre, an application set will generally be hosted over Virtual Machines running on a large number of Physical Machines. Total Cost of Ownership (TCO) is a definite factor when considering a move for some enterprise services into the cloud. There are certainly arguments both for and against the merits, especially when considering the impact of risk on an enterprise that choses to transfer risk with the a... (more)

The Impact of the Cloud on Digital Forensics - Part 2

As mentioned in  Part 1 of this article, one of my functions is to research current and up and coming solutions within the technology realm, particularly that of distributed computing and cloud computing. It is a strong possibility that malicious users will eventually identify and exploit potential flaws within the cloud computing model. CSPs, in their pursuit to secure market share may have underestimated the possibilities of attack and misuse of their cloud resources by a malicious user or users. The likelihood that the creation, storage, processing and distribution of illicit ... (more)

Live Forensics and the Cloud

Cloud Computing offers a sense of "vastness" in terms of storage and remote processing. According to Simpson Garfinkil, a major challenge to any digital forensics investigator investigating data within the cloud; can be an inability to locate or identify data or code that is lost when single data structures are split into elements. This in effect directly impacts forensic visibility. Within this ecosystem a major concern can be access to and the preservation of data within an on-going digital forensic investigation. Of consideration as mentioned in Part 1 - is that in a live and ... (more)