This is really never a happy time. Cloud security, data integrity, and keeping the user safe are absolutely some of the highest priorities for any security or infrastructure administrator. It hasn’t been easy either… Recent, very serious, vulnerabilities in USB as well as Heartbleed create havoc for massively used systems.
So — you’ve just experienced a breach. Great… Now what?
First of all, take a deep breath. If you stay vigilant during a cloud breach — and have a proactive security model in place — you’ll weather the storm. The first step is to be prepared.
There are a lot of similarities between a physical breach and one that happens in the cloud. Some of the preparation mechanisms remain the same. The big difference comes in the toolset. Lots of cloud service providers (CSPs) offer very granular log aggregation, visibility into virtual networks, and even the ability to create cloud-ready audit trails. To be completely ready, here’s what you need to organize in advance:
- Documentation, electronic or physical.
- Snapshotting services and physical removal tools.
- Virtual and physical machines.
Check out this full article here on Dark Reading with the seven big steps to help with a post-breach event. Steps include:
Step 1: Create snapshots of VMs, virtual appliances, and configurations.
Step 2: Protect perishable data, both physical and virtual.
Step 3: Properly take down the physical resource or virtual instance.
Step 4: Identify all incoming network lines, connections, virtual interfaces, and ports assigned to the VM or cloud instance.
Step 5: Collect and label all media used during the response process.
Step 6: Seal all collected devices, drives, and evidence in a secured area.
Step 7: Remediate and respond.