Blog post

Cloud Security Monitoring for IaaS, PaaS, SaaS

By Anton Chuvakin | January 21, 2012 | 1 Comment

securitymonitoringloggingcloud

My journey deep into cloud security monitoring continues, with a brief detour into “faith-based monitoring” (as in “we believe our cloud provider takes care of monitoring“).
In any case, let’s try to review what types of data we can leverage for security monitoring of resources deployed in each of the cloud service provider (CSP) types: SaaS, PaaS and IaaS.

Cloud model Security monitoring data
IaaS · Logs: OS, database, applications, etc

· Network monitoring: local host traffic only, no promiscuous sniffing

· Host / endpoint activity: HIPS logs, antimalware logs, other agent, etc

· (if lucky and your CSP likes you) Some data from lower layers of the infrastructure such as hypervisor logs, change logs, etc

· (if all access to cloud is through such) Proxy/gateway data

PaaS · Logs: applications (if written by you – then as long as you engineered and enabled logging)

· Some logs from lower layers of the infrastructure such as select platform logs, error logs, etc

· (if all access to cloud is through such) Proxy/gateway data

SaaS · (if CSP provides this) Application logs such as access (often), changes (sometimes), etc

· (if all access to cloud is through such) Proxy/gateway data

· (if applicable) Client-side or browser based monitoring data

The above table does explain why some SaaS users tend to trust the provider and treat their CSP like their  trusted “outsourcing partner.”  Essentially, if your SaaS CSP is not doing a good job with security monitoring, then likely nobody is. On the other hand, it is unlikely that your SaaS provider will tell you when your authorized users are dumping the CRM database and taking off with it… So, even for SaaS (and definitely for PaaS and IaaS), security monitoring is ultimately YOUR  responsibility!

Previous cloud security monitoring related posts are:

Comments are closed

1 Comment

  • Durak says:

    Good overview, but more details will be welcomed.