Netinfo Security ›› 2015, Vol. 15 ›› Issue (8): 76-81.doi: 10.3969/j.issn.1671-1122.2015.08.012

Previous Articles     Next Articles

Research of Insider Threats and Countermeasures under Cloud Service

HE Ying-rui(), WANG Jing-ya   

  1. School of Network Security, People’s University of Public Security of China, Beijing 102600, China
  • Received:2015-07-09 Online:2015-08-01 Published:2015-08-21

Abstract:

With the development of cloud service, cloud security is increasingly drawing people’s attention. At this stage, the value of data is more important, and under cloud service, on the one hand mass data storage in the cloud, on the other hand the user for data integrity, confidentiality, availability have higher requirements. This puts forward higher security requirements for cloud service providers.In order to guarantee the data security of customers, cloud service providers not only need to face to the external threats, but also confront with the internal threat which has a destructive and influential effects as well as the external. The external threat has caused wide concern today, the internal threat to the neglect, so that the internal threat to become one of the main attack mode, and have the huge damage. CERT Insider Threat Center has conducted a survey of cloud service providers, to understanding of the management and technical controls of internal threats, found in the cloud services model, many of cloud service providers did not this problem be fully recognized. And in the cloud service mode, the previous security policy will not be resolved under the new situation, the new framework of internal threats.This paper describes the internal threat under cloud services, and proposes control model and control process against insider threats. Insider threat assessment, administrative controls, technical controls, monitoring, and response areintroduced in detail, in order to help resolve internal threats under cloud service.

Key words: cloud service, insider threats, controls

CLC Number: