Reference no: EM133196752 
                                                                               
                                       
Assignment - Write a reply to Cloud in Business Discussion.
The cloud is a great resource for small and large businesses. The cloud is servers that are accessed over the Internet, and the software and databases that run on those servers [1]. The is great for companies because they don't have to buy servers or manage the servers that run their applications or store their data. This can save a company a lot of money. However, whenever something goes wrong and an investigation is need, the use of the cloud could cause some headaches. For this, we will take a lot at the different environments offered from cloud providers. The three different environments are software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).
SaaS is a cloud-based service where instead of downloading software your desktop PC or business network to run and update, you instead access an application via an internet browser. The software application could be anything from office software to unified communications among a wide range of other business apps that are available [2]. An example of SaaS is Dropbox. One of the biggest problems with SaaS, from a forensic investigators perspective, is that they don't own or have access to any of the underlying operating infrastructure. This means that the investigator can't do a deep dive into the system to see what is going on. With many SaaS providers, like Google, having single sign-on if an account is compromised it is also impossible to tell what was captured by an adversary. Implementing Proofs of Retrievability (POR) in which a verifier (client) is enabled to determine that a prover (server) possesses a file or data object without actually downloading it can be used as way to get at least something from the SaaS provider to help in the investigations [3].
Platform as a service (PaaS) is a cloud computing model in which a third-party provider delivers hardware and software tools -- usually those needed for application development -- to users over the internet [4]. An example of PaaS is Windows Azure. In a Paas environment, the user is only responsible for the data and applications. During the investigation, investigators must depend on the cloud service providers for access to the logs as they do not have control over the hardware. The investigators have no controls who collects the data or even if they collect the right data.
Infrastructure as a Service (IaaS) is a method of delivering computing, storage, networking and other capabilities via the Internet [5]. An example of IaaS is Amazon Web Services (AWS). IaaS instances provide much more information that could be used as forensic evidence in case of an incident than the PaaS and SaaS models do. This fact is caused through the ability of the customer to install and set up the image for forensic purposes. Hence, log data and other evidence information could be transferred to other hosts in a frequent manner for providing the ability to perform an investigation if needed [3].
There is no doubt that cloud computing is a great resource for companies to use. They help with cost savings and the need for companies to bring on more employees. There are three cloud environments provided to companies; SaaS, PaaS, and IaaS. Each provides a different product to companies and each can provide different challenges when it comes to forensic investigations. SaaS and PaaS both have the issue of the company not owning or having access to the hardware. This is a problem because the hardware hold the logs of what was going on. Usually, companies have no say if the cloud provide gives over the information or who is the one collecting it. They can not even know for sure if what is given to them is correct since they can't verify it. A Proofs of Retrievability (POR) will allow the company into the server to see the information, however, it will not allow them to download the information for a deeper investigation. IaaS is a lot easier for investigators to deal with because they can create images of everything. With that, investigators would be able to see log data, unlike in SaaS and PaaS.