The key to avoiding much of this pain is being prepared before an incident occurs. So, how do you accomplish this? Negotiate the SLA or contract and its terms before you sign on the dotted line. Once you become a customer, you have lost much of your leverage. Some of the things you should consider negotiating:
- The provider will notify you immediately or within 24 hours if there is any type of breach or compromise or if one is even suspected on the provider’s system since it may impact your data.
- The provider will allow you to access to the servers or system so you can self-collect.
- Determine what type of data the provider collects, how long the provider holds it, and if the provider will store this data for you for a longer period of time.
- Determine if the provider actually owns and controls the servers.
- Write a business continuity/disaster recovery plan. In it, include the necessary procedures and contact information for those to call if an incident occurs. Also, try to determine in advance either the data or type of data you will need for a forensic investigation. This may require talking to companies that have been through a breach or contacting a forensic investigator to help you determine what you will need to collect. Once you have identified the data, negotiate into the contract the ability to access this data or to have the provider preserve it, collect it for you, and provide a chain of custody as well as detailed procedures regarding how they did it.
- Determine where—in what state, states, or country—your data will be stored so you can determine which laws may apply.
These tips and issues are obviously not exhaustive, but they should provide a good start.
Preparation is the key to success. Negotiating the SLA or contract ahead of time enables you to react quickly and easily when and if things go bad—similar to establishing a disaster recovery and business continuity plan. If you were not prepared, which I am sure was a result of circumstances completely out of your control, the above tips should be helpful.
Reproduced from Global Knowledge White Paper: Legal Issues of Cloud Forensics