Cloud Computing forensic psychological considerations on security

Pierluigi Paganini February 10, 2012

Cloud computing will play an increasingly critical role in the future of the information technology sector, impacting individual consumers, corporations, governments, and international commerce alike.

As a forensic psychologist with a national security and law enforcement background, arguably, the design and implementation of cloud computing also involves exposure to multiple security risks at various levels.

Understanding the “dark side” of cloud computing at the conceptualization phase – including behavioral, cultural, and forensic related criminal issues – offers hardware and software manufacturers insight into the potential behavior of criminal groups and others seeking to exploit vulnerabilities; having this knowledge, in turn, fosters development of appropriate risk mitigation strategies and safeguards at each level of the cloud. Such a proactive strategy would seemingly be cost effective over the longer term. Having a thorough understanding of one’s adversaries and implementing appropriate counterstrategies beforehand mitigates the risk of retrofitting these technologies later pursuant to an intrusion and/or data compromise.

Some behavioral and forensic-related issues to seriously consider include examining the characteristics and behaviors of various criminals and groups (e.g., organized criminal networks, terrorists, hostile foreign governments, white collar criminals, and hackers); trying to ascertain their motives and objectives (e.g., fi nancial gain, sabotage, cyberespionage, etc.); and probing how their behavior would interface both at the desktop (e.g., violating someone else’s computer through the cloud) and the mainframe (e.g., writing code to prevent intrusions, misuse of data, etc.) levels. Considering insider and external threats (e.g., a corporate employee sabotaging the cloud individually from the “inside” and/or collaborating with an unaffi liated, “external” party) is also important. Additionally, analyzing the nature of prior intrusions and resulting security measures taken (e.g., software patches) provides valuable forensic data regarding vulnerabilities and those parties seeking to exploit them.
About the Author:
Jonathan A. Dudek, Ph.D. is a forensic psychologist with a national security and law enforcement background. As the founder of Dudek Global Partners, he maintains an international consulting practice assisting developing countries, corporations, and other public and private sector entities with business and program development; human capital and systems-based risk management, risk mitigation, and problem-solving; identifying strategic opportunities as well as human and cultural barriers to entry; and forensic and investigative consultation. He is also a Principal of HUMINT Group International, LLC, a global risk management, business advisory, and security services company.
Dr. Dudek may be contacted at:
[email protected]

you might also like

leave a comment