Gartner Blog Network


Cloud IS Different: So Monitoring Must Be Different?

by Anton Chuvakin  |  February 16, 2012  |  1 Comment

I’m tired of hearing quotes like “cloud is completely different from traditional IT” as well as those that say “cloud is just like outsourcing, mainframes, etc.” Those who like the former quote will sometimes add that organizations should scrap all the tools they use for traditional IT and buy new tools for the cloud.  Those who like the latter quote would say that organizations just need to continue doing what they’re doing, with the same tools.

At this point, it should be clear to most of my enlightened readers that the truth is somewhere in between. Some tools and approaches will continue to work; some tools and approaches will not work while others will work depending upon the circumstances – such as what is being migrated to the cloud, how it is being migrated, etc.

Let’s review some of the things, which are known to be different in various public cloud models:

  • Transient assets that appear and disappear, go up and down, etc (for IaaS)
  • IP address means less for tracking of those transient assets
  • There are layers of the computing stack that are NOT under enterprise control
  • Remote environments, sometimes accessed via links of limited bandwidth
  • For SaaS and PaaS, lack of ANY traditional “IT infrastructure” such as OS
  • “Alien” operations model (sometimes) dissimilar from traditional data center management models

What does it mean for security monitoring? It means that the approach you take will not only depend upon the technical considerations, provider platform choice, application logs, security agents, etc. However, it would also depend on how the organization is moving IT capabilities to the cloud.

  • For a “forklift scenario," new applications or even “cloud-only” organizations, these differences will play A BIGGER ROLE in the choice of monitoring approaches, architectures and technologies.
  • For a “trickle scenario”, legacy application and “barely cloudy” organizations, these differences will play A SMALLER ROLE in the same choice.

Thus, you might not need any new tools for security monitoring of your cloud environment: your current SIEM, DAM/DAP, DLP, even NIPS (for virtual private cloud with sole route through your network) will work more or less fine.

Or, on the other hand, you might discover that most of your security tools that have to be replaced or at least augmented by tools that are optimized and tested in public cloud environments. New approaches (some mentioned here) such as cloud gateways, detailed application logs or hypervisor telemetry (provided by the CSP) will have to be used.

Thus, we have an ultimate triumph of “it depends” here!

Previous cloud security monitoring related posts are:

Category: cloud  monitoring  security  

Tags: cloud-security  security  security-monitoring  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Cloud IS Different: So Monitoring Must Be Different?


  1. Every disruptive technology brings with it some changes. With cloud too, some methodologies and processes will change completely and some will remain as is. As you have rightly pointed out, the truth is somewhere in between. Enterprises can adopt cloud in various hues – building internal clouds or consuming public cloud services or moving towards a hybrid model. The challenges involved vary depending on the size of business, and the key lies in asking the right questions before formulating your cloud strategy.

    In fact, we are witnessing a \cloud burst\ in the Indian IT services industry. Read about it at http://www.wipro.com/blog/Coudburst-in-the-IT-services-industry



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.