I presented today on the topic of internal investigations and the cloud at the annual Association of Certified Forensic Investigators of Canada fraud conference.
The issue: outsourcing business IT systems to the cloud may impede access to information for audit and investigatory purposes. Data security is front and center in most outsourcings, but audit and investigation capability is also a key concern and is subject to unique requirements. Business owners should recognize that security and audit departments are likely stakeholders in most outsourcing projects and support the best possible needs analysis and requirements definition process.
Here are my slides:
Here are some related resources, including some data security resources that came up in discussion.
- J. Cheng, “IBM’s Siri ban highlights companies’ privacy, trade secret challenges”
- Digital Forensics Laboratories, “Digital investigations in the Cloud”
- T. Harbert, “E-discovery in the Cloud? Not so easy”
- W. Manning, “Investigating in the Clouds” (good, but password required)
- Hogan Lovells, “A Global Reality: Governmental Access to Data in the Cloud”
- K. Ruan et al, “Cloud forensics: An overview”
- A. Savvas, “Cloud providers cave into more flexible contracts”
- T. Trappler, “In the Cloud, Your Data Can Get Caught Up in Legal Actions”
- K. Zetter, “FBI Uses ‘Sledgehammer’ to Seize E-Mail Server in Search for Bomb Threat Evidence”
Finally, here’s a link to my comment on the recent Calgary Police Service case, which I used as an intro to a segment on handling an evidence trail that leads to an employee’s personal cloud-based account.
I hope this content helps you approach a pressing issue for internal investigators.