We use cookies to deliver the best possible experience on our website. To learn more, visit our Privacy Policy.
By continuing to use this site, or closing this box, you consent to our use of cookies.

Blog home
Blog post

Cloud Security Monitoring for IaaS, PaaS, SaaS

By Anton Chuvakin | January 21, 2012 | 1 Comment

securitymonitoringloggingcloud

My journey deep into cloud security monitoring continues, with a brief detour into “faith-based monitoring” (as in “we believe our cloud provider takes care of monitoring“).
In any case, let’s try to review what types of data we can leverage for security monitoring of resources deployed in each of the cloud service provider (CSP) types: SaaS, PaaS and IaaS.

Cloud model Security monitoring data
IaaS · Logs: OS, database, applications, etc

· Network monitoring: local host traffic only, no promiscuous sniffing

· Host / endpoint activity: HIPS logs, antimalware logs, other agent, etc

· (if lucky and your CSP likes you) Some data from lower layers of the infrastructure such as hypervisor logs, change logs, etc

· (if all access to cloud is through such) Proxy/gateway data
PaaS · Logs: applications (if written by you – then as long as you engineered and enabled logging)

· Some logs from lower layers of the infrastructure such as select platform logs, error logs, etc

· (if all access to cloud is through such) Proxy/gateway data
SaaS · (if CSP provides this) Application logs such as access (often), changes (sometimes), etc

· (if all access to cloud is through such) Proxy/gateway data

· (if applicable) Client-side or browser based monitoring data

The above table does explain why some SaaS users tend to trust the provider and treat their CSP like their  trusted “outsourcing partner.”  Essentially, if your SaaS CSP is not doing a good job with security monitoring, then likely nobody is. On the other hand, it is unlikely that your SaaS provider will tell you when your authorized users are dumping the CRM database and taking off with it… So, even for SaaS (and definitely for PaaS and IaaS), security monitoring is ultimately YOUR  responsibility!

Previous cloud security monitoring related posts are:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed

1 Comment

  • Durak says:

    Good overview, but more details will be welcomed.

    January 21, 2012 at 8:13 am