Internal Investigations and the Cloud
-
Upload
dan-michaluk -
Category
Business
-
view
777 -
download
1
description
Transcript of Internal Investigations and the Cloud
Internal Investigations and the Cloud
Dan MichalukACFI Fraud ConferenceMay 28, 2012
Internal Investigations and the Cloud
Internal Investigations and the Cloud
• What is cloud computing?• Why is it a problem for investigators?• What’s the solution?• The problem with the consumer cloud• The consumer cloud – personal accounts• Good resources
Internal Investigations and the Cloud
What is cloud computing?
• Model for delivery of computing services• Services outsourced and accessed through the
internet, on demand, at desired scale• Data resides on servers owned by third-parties,
often with the data of others and often in one or more foreign countries
• Consumer services differ from enterprise services
Internal Investigations and the Cloud
What is cloud computing?
• It is related to a “data portability” phenomenon• “We’ve got work information on personal devices
and personal information on work devices”
• Add to that, multiple companies on physical servers
• This creates ambiguity that can be dealt with by
contract (and I assume by technology) – i.e. we
need to replace physical control with legal control
Internal Investigations and the Cloud
Why is it a problem for investigators?
• It threatens to timely access to reliable evidence• Providers default to low cost rather than service
• Investigations and e-discovery are afterthoughts
• Specialized forensic data capture services are rare
• Logs and other forensic data can be intermingled
• Proprietary software can make interpretation hard
• Access restrictions create a chain of custody issue
• Law of other jurisdictions may be restrictive
Internal Investigations and the Cloud
Why is it a problem for investigators?
• Discussion• Do your employers or clients use cloud-based
services for business?
• Has this affected your investigations?
• How?
Internal Investigations and the Cloud
What’s the solution?
• The solution is simple (in theory)• Outsourcing process requirements definition, vendor
selection, due diligence and contracting and
administration
• You need to insert yourself in all aspects of this
process to communicate your requirements and see
that they are met
• But… be prepared to compromise because the
cloud is the cloud and physical control is supreme
Internal Investigations and the Cloud
What’s the solution?
• The solution is simple (in theory)• Understand the system and the data it generates
• Develop investigation scenarios
• Develop investigation requirements
• Prioritize requirements
• Discuss requirements
• Ensure requirements can be met
• Service level agreement is key, but is not everything
Internal Investigations and the Cloud
What’s the solution?
• Assume your employer or a client is moving its accounting system to the cloud. As a fraud investigator, what are your key needs?
Internal Investigations and the Cloud
What’s the solution?
• Key questions (among others)• In what jurisdiction(s) will data reside?
• How is data stored at application & system levels?
• Can our data be extracted independently from
others’ data?
• What forensic data do we want? Will you make it
available to us? How? To others? How will that affect
us?
Internal Investigations and the Cloud
What’s the solution?
• Key questions (among others)• Will your employee give evidence to establish the
chain of custody?
• How fast will you make all this happen?
Internal Investigations and the Cloud
The problem with the consumer cloud
• It is a data security risk – business information is leeching into personal accounts and home computers• Example – employee sends work home via a web
based personal e-mail account
• Example – business unit starts using Google docs to
collaborate though the company has no enterprise
services relationship with Google
Internal Investigations and the Cloud
The consumer cloud - personal accounts
• The Calgary Police Service case (April 2012)• Internal sexual misconduct investigation
• E-mail review… search for “password”
• Found login credentials for personal e-mail account
• Accessed on “data leakage” theory
• Found (unanticipated) evidence of sexual
misconduct
• Alberta OPIC finds a violation of privacy legislation
Internal Investigations and the Cloud
The consumer cloud - personal accounts
• Why unauthorized access is a bad idea• Except in extraordinary circumstances it is likely to
be a criminal offence – Criminal Code s. 342.1
• A labour arbitrator may exclude evidence
• Though not ideal, there is a work-around
Internal Investigations and the Cloud
The consumer cloud - personal accounts
• The work-around• Finish the covert investigation
• Confront the employee
• Make a preservation demand
• Make a reasonable inspection demand
• Be prepared to manage a refusal through an
insubordination charge and an adverse inference
Internal Investigations and the Cloud
The consumer cloud - personal accounts
• “Friending” targets is risky• “Friending” as yourself may not be that helpful
• Impersonation is a criminal offence (s. 403)
• Do your professional rules prohibit the use of fake
profiles to gain information?
Internal Investigations and the Cloud
Related Resources
• J. Cheng, “IBM’s Siri ban highlights companies’ privacy, trade secret challenges”
• Digital Forensics Laboratories, “Digital investigations in the Cloud”• T. Harbert, “E-discovery in the Cloud? Not so easy.”• W. Manning, “Investigating in the Clouds”• K. Ruan et al, “Cloud forensics: An overview”• A. Savvas, “Cloud providers cave into more flexible contracts.”• T. Trappler, “In the Cloud, Your Data Can Get Caught Up in Legal
Actions”• K. Zetter, “FBI Uses ‘Sledgehammer’ to Seize E-Mail Server in Search
for Bomb Threat Evidence
Internal Investigations and the Cloud
Dan MichalukACFI Fraud ConferenceMay 28, 2012