Best Practices in Cloud Incident Handling

In the current trend of transitioning towards cloud environments, companies report issues with detecting and responding to cloud security incidents.

Research has shown that organizations experience many challenges, among which are an insufficient overview of information, a lack of visibility, and an inadequate design and road map. Therefore, this research aims to determine the current best practice in cloud incident handling. Furthermore, it aims to determine to what extent this practice is sufficient in the current Dutch incident handling landscape.

Based on a literature study of existing literature on cloud incident handling, the researcher conducted 12 semi-structured interviews with 14 participants from Computer Security Incident Response Teams (CSIRTs) of Dutch organizations. A thorough analysis of both literature and practice resulted in guidelines and recommendations. While organizations should consider all recommendations, the results indicate five important recommendations:

  • organizations should prepare for cloud incidents by informing themselves of the characteristics and features of the cloud environment,
  • organizations should obtain visibility into their cloud environment by implementing cloud management,
  • organizations should ensure proper cloud security,
  • all agreements, requirements, and responsibilities must be included in the Service Level Agreement (SLA), and
  • Incident information should be shared as this is crucial in preventing incidents and holding Cloud Service Providers (CSPs) accountable.

Companies can use the presented recommendations to further improve their cloud incident handling strategy and contribute towards decreasing the gap between theory and practice.

You can find the entire research on the the website of Twente University.