The National Institute of Standards and Technology (NIST), the government agency charged with promoting U.S. innovation and industrial competitiveness by advancing technology, recently published a list of 65 forensic challenges associated with cloud-based environments. These challenges range from standard business practices to technological architecture and include the following:
- Recovery of deleted data before it may be overwritten
- Lack of transparency, which triggers lack of trust and difficulties in auditing
- Segregation of potential evidence in a multi-tenant system
Although the NIST’s publication was primarily directed to law enforcement, it also provides an extensive list of potential issues to consider when drafting cloud services agreements and statements of work, particularly in a mission-critical application.
Some of the issues may be addressed in an agreement, such as the lack of transparency and ability to audit above, while other issues may be more difficult to address from a legal perspective, such as problems with overwriting data.
In any event, understanding the forensic challenges associated with cloud computing can be a valuable tool to help determine whether a cloud-based solution is appropriate for your organization.