Cloud Security Monitoring: The “Who” Question
by Anton Chuvakin | April 10, 2012 | 4 Comments
Another inherently “annoying” feature of security monitoring (apart from its “ongoing, need-to-do-it-forever” nature) is that somebody must actually do it. Yes, the dreaded “who will do the monitoring on a day to day basis?” question, who would be the “the human in the loop”, who will be ever-vigilant about security-relevant events, who will actually use the monitoring tools, etc?
Let me break this bit of news to you: cloud does NOT change it. Somebody still must do it. Now, that somebody might be spread across two or more organizations (your CSP, your MSSP, your own organization, the consultants you hired, etc), but they have to be there. When planning your cloud deployment – public, internal private, external private, whatever – you should always keep this in mind. Here is brief example from my upcoming research report on cloud security monitoring.
Table 4. Comparison by Monitoring Entity
|
Where the monitoring data is obtained (see the row to the right) |
From inside CSP environment |
From inside enterprise environment |
From between the environments |
|
Who looks at the data (see the column below) |
|||
|
CSP |
Yes, for their layers of the stack and their management tools |
No (CSP does not see the inside of your organization) |
No |
|
MSSP (if retained by the customer) |
Yes, for cloud user layers using sensors deployed at CSP |
Yes, using sensors deployed at the enterprise environment |
Yes, using sensors deployed getting data from gateways/intermediaries |
|
CSP-MSSP (if CSP offers MSSP service) |
Yes, for all layers (!) |
Yes, using sensors deployed at the enterprise environment |
Yes, using sensors deployed getting data from gateways/intermediaries |
|
Enterprise |
Yes, using data feeds from cloud layers they control and using data shared by the CSP |
Yes, using either endpoint or network sensors |
Yes, using sensors deployed getting data from gateways/intermediaries |
Note that these distinctions apply across all cloud models, but the scope of what constitutes “their layers” changes from SaaS to IaaS. The comparison also highlights some advantages of CSP-MSSP combination as they can monitor the entire stack, from physical to data and user activities. However, such approach of combined monitoring+hosting makes some people think of Separation of Duty (SoD) issues. So, will YOU trust the MSSP arm to monitor the activities of the same organization cloud arm? There are definitely big advantages here (see table), but also potential risks…
Previous cloud security posts are:
- Is Cloud Secure? WTFC!
- Cloud Security Monitoring: IaaS Conundrum
- Cloud Security Monitoring for IaaS, PaaS, SaaS
- More On Security Monitoring of Public Cloud Assets
- Cloud Security Monitoring!
- Many Faces of Application Security Monitoring (briefly touches on cloud applications)
- Cloud IS Different: So Monitoring Must Be Different?
Additional Resources
Read Complimentary Relevant Research
2019 Planning Guide Overview: Architecting Your Digital Ecosystem
Technical professionals are confronting increasingly complex technology ecosystems. They must overcome this complexity to create solutions...
View Relevant Webinars
The 2018 Analytics and BI Magic Quadrant Highlights
Modern analytics and business intelligence (BI) platforms represent mainstream buying, with deployments increasingly cloud-based. Data...
Category: cloud logging monitoring security
Tags: cloud-security security security-monitoring
Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry
Thoughts on Cloud Security Monitoring: The “Who” Question
Comments are closed
TRENDING TOPICS
Who's Blogging
- Craig Roth
- Hank Barnes
- Rene Buest
- John Kostoulas
- Debbie Wilson
- Dave Egloff
- Benjamin Bloom
- Bryan Yeager
- Paul Debeasi
- Tad Travis
- Jennifer Polk
- Anton Chuvakin
- Ewan Mcintyre
- Rick Franzosa
- Deacon Wan
- John Wheeler
- Mark Mcdonald
- Manjunath Bhat
- Andrew Frank
- Christopher Little
- Ray Pun
- Sanjeev Mohan
- Noah Elkin
- Simon Jacobson
- Chris Ross
- Avivah Litan
- Rajesh Kandaswamy
- Augie Ray
- Andrew Lerner
- Mark Raskino
- Frances Russell
- Richard Watson
- Werner Goertz
- Roger Williams
- Martina Kurth
- Pete Basiliere
- Carlie Idoine
- Nicole Greene
- Don Scheibenreif
- Dave Aron
- Eric Schmitt
- Cindi Howson
- Stephen White
- Sally Witzky
- Andrew White
- Marc Brown
- Augusto Barros
- Gene Phifer
- Jay Heiser
- Gregor Petri
About
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.
[…] more here: Cloud Security Monitoring: The “Who” Question Comments […]
[…] background-position: 50% 0px; background-color:#222222; background-repeat : no-repeat; } blogs.gartner.com – Today, 11:44 […]
[…] Cloud Security Monitoring: The “Who” Question. […]
[…] Anton Chuvakin is a research director at Gartner's IT1 Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio Coverage Areas: ← Cloud Security Monitoring: The “Who” Question […]