The insider threat problem from a cloud computing perspective

Abstract

Cloud computing is viewed as a cost-effective and scalable way of providing computing resources for both large and small organizations. However, as cloud storage is outsourced it is highly susceptible to information security risks. The insider threat may become particularly insidious with the predilection towards cloud computing. Insiders have a significant advantage, as not only do they have knowledge about vulnerabilities in policies, networks or systems but they also have the requisite capability. An `insider' is any individual who has legitimate access to an organization's information technology infrastructure whereas an `insider threat' uses the authority granted to him/her for illegitimate gain. Fundamentally, the insider threat concern is a complex issue, as the problem domain intersects the social, technical, and socio-technical dimensions. From a cloud-computing perspective, the concept of the insider is multi-contextual and consequently propagates more opportunities for malfeasance. The definition of an insider changes from context to context; an insider is someone who works within an organization that uses a cloud-based system and it also includes a user that works for a cloud service provider. Clearly, the concept of the insider within the cloud-computing domain is amorphous. This chapter intends to define the insider threat and identify the various types of insider threats that exist within the cloud-computing domain. This chapter considers the challenges involved in managing the insider threat and possible mitigation strategies including authentication schemes within cloud-based systems. To this end, this chapter also considers the various mitigation strategies that exist within the technical, social and sociotechnical domains in order to identify gaps for further research.