Mitigating Insider Threat From the CloudPart 1: Relying on Provider to Keep Its Employees in Check
CERT Technical Manager Dawn Cappelli says its key to ensure that cloud providers are vigilant about assessing the motives and actions of disgruntled technical personnel, such as systems or database administrators, who could threaten the data and applications the providers host.
"We would hope that that cloud service provider would be able to look and see what that person has been doing online because otherwise they could sabotage not only their own employers' systems but all of their customers' systems as well," Cappelli says in an interview with Information Security Media Group.
Joining Cappelli in the first part of a two-part interview is Alex Nicoll, a senior cybersecurity analyst at CERT. In the interview, Cappelli and Nicoll address the:
- Types of threats insiders pose in the cloud;
- Characteristics of the insider who threatens IT security;
- Limited technical approaches anti-fraud professionals can adopt to monitor potential insider threats from their cloud providers.
Cappelli, who joined CERT in 2001, founded the Insider Threat Center, part of Carnegie Mellon's Software Engineering Institute. Her teams research cyberthreats; develop and conduct assessments; and provide solutions and training for preventing, detecting and responding to illicit cyber-activity. Before joining CERT, Cappelli served as the director of engineering for the Information Technology Development Center of the Carnegie Mellon Research Institute.
Before joining CERT, Nicoll was as a senior technology research fellow at the University of Nebraska at Omaha, where he served as the associate director of the Nebraska University Consortium on Information Assurance. Earlier, at the U.S. Strategic Command working for contractor BAE Systems, he served as the primary systems architect on the distributed command and control systems, designing data centers and large-scale redundant/fault-tolerant computing systems.