My “How to Monitor the Security of Public Cloud Resources” paper just went up on the Gartner site. It is an update of the work I’ve done back in 2012 to identify the architectural approaches for monitoring public cloud assets. The paper has a lot of new content and a new discussion of a gateway-centric approach (that mentions CASB, but defers to this excellent paper for detailed CASB technology coverage). The abstract states: “Cloud computing is changing the way enterprises use IT. Security requirements and security monitoring, in particular, often lag behind. This research assesses approaches and architectures for security monitoring of public cloud assets that are deployed by enterprises at cloud service providers.”
A few fun quotes follow below:
- “Approaches for security monitoring of public cloud have important similarities and differences from that of traditional IT resources. Cloud-specific threats do exist, but cloud users report that they spend more time dealing with traditional threats that affect their cloud environment.”
- “It is useful to remember that traditional threats and vulnerabilities apply to cloud environments: malicious software, unsafe access credentials, poorly written software with security bugs, unsecure Web applications, privileged users going rogue, data theft by various parties (internal and external), and denial of service attacks. “
- “No one right security monitoring approach for cloud resources has emerged; organizations report using traditional tools (like SIEM, DLP and NIPS) and cloud-specific tools (such as CASB) for covering their monitoring needs.”
- “Plan on doing more monitoring in public cloud environments due to less control over the computing stack. Compensate for lack of visibility from the layers of the stack that CSP controls by performing additional monitoring from the layers you control.”
- “Until very recently, the most common approach practiced by enterprise cloud customers was to deploy (or keep, in case one is already deployed) traditional security monitoring tools (SIEM, DLP, NIPS and so on) and to utilize those tools for monitoring cloud resources wherever possible.”
Blog posts announcing paper publication:
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- My “How to Work With an MSSP to Improve Security” Paper Publishes
- Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
- All My Research Published in 2014
- All My Research Published in 2013
Read Complimentary Relevant Research
Cloud Computing Primer for 2017
Cloud has evolved from a disruption to an expected approach to traditional as well as next-generation IT. Our research helps IT leaders,...
View Relevant Webinars
Data Centers and Cloud Strategies: Working Together to Drive Business Growth
After decades of owning and managing data centers, today's enterprise must grapple with the issues of how to support older applications,...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.