Last month, I spoke at the GovSec/CPM conference where numerous questions were asked on the topic of “Cloud Incident Response.” This is one of those top security concerns for executives when considering cloud computing and how to prepare and manage incidents when something goes wrong.

The steps for incident response in the cloud are the same as in a traditional computing environment: detect, notify, isolate, contain, evaluate, recover and create post-recovery action plans. In the cloud, however, there is an added element. You must fully understand how you’ll work with your cloud provider in the event of a security breach.

• Who do you contact?
• How will your provider shut down, if required?
• How will they segregate and protect data?
• How will they conduct the forensics to isolate the breach?

It is critically important that you have solid answers to these questions. You should also view your cloud provider’s system security plans and evaluate their testing results. Depending on the type of cloud deployment, you may have the bulk of responsibility. Internal incident management also must be well defined and exercised.

One conference attendee shared that his cloud provider was hesitant to share information related to incident response testing, results and plans. I commented that I would be hesitant to work with a provider that was not completely forthcoming with this information, or was promising a completely “rosy” outlook. Cloud providers should readily share their vulnerability testing exercises and resulting action plans for overcoming future vulnerabilities.

Be sure to seek a transparent cloud services provider that is willing to share such elements as their disaster recovery plan exercise, lessons learned and continuous improvement plan. With a solid understanding of each other’s incident management plans, you’ll be able to move confidently to take advantage of the cloud’s business transformation opportunities.