Gartner Blog Network


Cloud Security Monitoring for IaaS, PaaS, SaaS

by Anton Chuvakin  |  January 21, 2012  |  1 Comment

My journey deep into cloud security monitoring continues, with a brief detour into “faith-based monitoring” (as in “we believe our cloud provider takes care of monitoring“).
In any case, let’s try to review what types of data we can leverage for security monitoring of resources deployed in each of the cloud service provider (CSP) types: SaaS, PaaS and IaaS.

Cloud model Security monitoring data
IaaS · Logs: OS, database, applications, etc

· Network monitoring: local host traffic only, no promiscuous sniffing

· Host / endpoint activity: HIPS logs, antimalware logs, other agent, etc

· (if lucky and your CSP likes you) Some data from lower layers of the infrastructure such as hypervisor logs, change logs, etc

· (if all access to cloud is through such) Proxy/gateway data

PaaS · Logs: applications (if written by you – then as long as you engineered and enabled logging)

· Some logs from lower layers of the infrastructure such as select platform logs, error logs, etc

· (if all access to cloud is through such) Proxy/gateway data

SaaS · (if CSP provides this) Application logs such as access (often), changes (sometimes), etc

· (if all access to cloud is through such) Proxy/gateway data

· (if applicable) Client-side or browser based monitoring data

The above table does explain why some SaaS users tend to trust the provider and treat their CSP like their  trusted “outsourcing partner.”  Essentially, if your SaaS CSP is not doing a good job with security monitoring, then likely nobody is. On the other hand, it is unlikely that your SaaS provider will tell you when your authorized users are dumping the CRM database and taking off with it… So, even for SaaS (and definitely for PaaS and IaaS), security monitoring is ultimately YOUR  responsibility!

Previous cloud security monitoring related posts are:

Category: cloud  logging  monitoring  security  

Tags: cloud-security  security  security-monitoring  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Cloud Security Monitoring for IaaS, PaaS, SaaS


  1. Durak says:

    Good overview, but more details will be welcomed.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.