Mitigating Data Exfiltration in Storage-as-a-Service Clouds

TL;DR

This paper proposes a deception-based approach to detect and prevent data exfiltration in Storage-as-a-Service clouds, addressing challenges in incident handling and IDS deployment in cloud environments.

Contribution

It introduces a novel deception technique and a threat-based data protection method tailored for cloud storage security.

Findings

Effective detection of data exfiltration attempts

Enhanced prevention capabilities against malicious data leaks

Improved security posture in cloud storage environments

Abstract

Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. Research has shown that to adapt incident handling to cloud computing environments, cloud customers must establish clarity about their requirements on Cloud Service Providers (CSPs) for successful handling of incidents and contract CSPs accordingly. Secondly, CSPs must strive to support these requirements and mirror them in their Service Level Agreements. Intrusion Detection Systems (IDS) have been used widely to detect malicious behaviors in network communication and hosts. Facing new application scenarios in Cloud Computing, the IDS approaches yield several problems since the operator of the IDS should be the user, not the administrator of the Cloud infrastructure. Cloud providers need to enable possibilities to deploy and configure IDS for the user - which poses its own challenges. Current research and commercial solutions primarily focus on protecting against Denial of Service attacks and attacks against the Cloud's virtual infrastructure. To counter these challenges, we propose a capability that aims to both detect and prevent the potential of data exfiltration by using a novel deception-based methodology. We also introduce a method of increasing the data protection level based on various threat conditions.