Gartner Blog Network


Cloud Security Monitoring!

by Anton Chuvakin  |  January 9, 2012  |  5 Comments

How exciting is that? You combine 3 non-specific words – cloud, security, monitoring – and you get … what exactly? Let’s find out!

This quarter my research focuses on cloud security monitoring and cloud logging. I will try to define the subject(s) and then provide analysis and recommendations for architecting security monitoring of public cloud assets deployed in IaaS, PaaS and even SaaS environments (the word “luck” will likely be used in that last section a lot).

Here’s where I want to take the discussion: if you have IT assets deployed on a public cloud provider network today, and you want to monitor them by using log data, where would you rather send that log data? Your broad choices are (unless you have an MSSP contract, which will change the situation a bit):

  1. Back to your SIEM tool deployed in your environment (if any): your cloud logs -> your environment
  2. To a dedicated SaaS log management tool: your cloud logs -> another cloud environment.

When I asked a few people, whether they would conceptually lean towards Choice 1 or Choice 2, they picked Choice 3.

Huh? The Choice 3 is “we are still trying to figure it out, for now we don’t monitor those assets.” A few others mistook cloud for outsourcing and stated that “they trust their provider to deal with logs”…. That’s life in the cloud circa 2012 for you.

Future posts will touch upon such exciting subjects as “what logs you can hope to get in different cloud scenarios?”, “how to compensate for not having logs?” and a few other cloud-specific monitoring challenges that you’ll face in the near future.

Category: cloud  logging  security  

Tags: cloud-security  security  security-monitoring  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Cloud Security Monitoring!


  1. […] the original post: Cloud Security Monitoring! Comments […]

  2. […] Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an “as-is” basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog. 2012 Gartner, Inc and/or its affiliates. All rights reserved. Read more on Cloud Security […]

  3. […] Coverage Areas: ← Cloud Security Monitoring! […]

  4. […] Cloud Security Monitoring! Share and Enjoy: […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.