Blog post

My “How to Monitor the Security of Public Cloud Resources” Publishes

By Anton Chuvakin | July 30, 2015 | 0 Comments


My “How to Monitor the Security of Public Cloud Resources” paper just went up on the Gartner site. It is an update of the work I’ve done back in 2012 to identify the architectural approaches for monitoring public cloud assets. The paper has a lot of new content and a new discussion of a gateway-centric approach (that mentions CASB, but defers to this excellent paper for detailed CASB technology coverage). The abstract states: “Cloud computing is changing the way enterprises use IT. Security requirements and security monitoring, in particular, often lag behind. This research assesses approaches and architectures for security monitoring of public cloud assets that are deployed by enterprises at cloud service providers.”

A few fun quotes follow below:

  • “Approaches for security monitoring of public cloud have important similarities and differences from that of traditional IT resources. Cloud-specific threats do exist, but cloud users report that they spend more time dealing with traditional threats that affect their cloud environment.”
  • “It is useful to remember that traditional threats and vulnerabilities apply to cloud environments: malicious software, unsafe access credentials, poorly written software with security bugs, unsecure Web applications, privileged users going rogue, data theft by various parties (internal and external), and denial of service attacks. “
  • No one right security monitoring approach for cloud resources has emerged; organizations report using traditional tools (like SIEM, DLP and NIPS) and cloud-specific tools (such as CASB) for covering their monitoring needs.”
  • Plan on doing more monitoring in public cloud environments due to less control over the computing stack. Compensate for lack of visibility from the layers of the stack that CSP controls by performing additional monitoring from the layers you control.”
  • Until very recently, the most common approach practiced by enterprise cloud customers was to deploy (or keep, in case one is already deployed) traditional security monitoring tools (SIEM, DLP, NIPS and so on) and to utilize those tools for monitoring cloud resources wherever possible.”

Enjoy the paper! [Gartner GTP access required!]

Blog posts announcing paper publication:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed