Story image

Cloud Security Alliance establishes threat sharing scheme

25 Sep 15

Collaboration between vendors and businesses is a crucial part of ensuring attack reports are up-to-the-minute and provide specific information about threats.

To aid this, the US-based Cloud Security Alliance (CSA) is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.

The CSA has set out its proposals in a new white paper ‘The Mandate for Meaningful Cyber Incident Sharing for the Cloud’.

In the white paper, CSA says, “A major impediment to protecting information assets in an enterprise is the unwillingness and/or inability to share cyber security incident information.

“Fear of public exposure and resulting legal ramifications has caused organisations to withhold critical attack signatures that could have impeded or even prevented several of the industry’s most notable breaches.”

It adds: “Enterprises and cloud providers […] all have a distinct need to understand the types of incidents that peers and technology partners are experiencing, so that they can better protect themselves and their customers.

“For cloud providers, which play a unique and central role in the IT infrastructure, the challenge is especially acute given the potential widespread implications of a successful attack.”

CSA provides a telling example: immediately after the now notorious attack on Target, 18 other companies were attacked using the same methods.

The speed with which this happened was the result of cyber criminals having very effective information sharing networks, unlike enterprises, the CSA says.

“Once an exploit is shown to be effective, or a zero-day vulnerability discovered, it is often quickly disseminated via a number of underground channels and rapidly used by a variety of bad actors against a large number of potential targets,” the CSA says.

To enable the anonymous sharing of information, and swift action based on the intelligence provided, the CSA is proposing the development of a Cloud Cyber Incident Sharing Centre (CISC).

“Once an incident report is shared, the Cloud-CISC platform’s unique algorithms provide near-real-time correlation with reports supplied by other vetted members.

“If similarities are discovered, members can be alerted and provided with the related reports that contain additional attack indicators, valuable context and mitigation advice,” says CSA.

It has set out a four stage process aimed at bringing this vision to reality.

  1. Establish a small steering committee (8-10 people) with representation from both cloud providers and cloud customers.
  2. Provision steering committee members to access the Cloud-CISC platform, giving each the ability to transmit and access incident reports.
  3. Over a 90-day period, evaluate the Cloud-CISC platform and make recommendations for improvements and modifications.
  4. Develop a charter and standard operating procedure for the CISC following the conclusion of the 90-day evaluation period.

Vic Cinc, Axelera CEO, says, “If such a scheme could be developed and implemented, with adequate safeguards, it would give a huge boost to the cloud computing industry’s defences against cyber criminals.”

Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.
The future of privacy: What comes after VPNs?
"75% of VPN users said they are seeking a better solution for cloud networks."