My “How to Monitor the Security of Public Cloud Resources” paper just went up on the Gartner site. It is an update of the work I’ve done back in 2012 to identify the architectural approaches for monitoring public cloud assets. The paper has a lot of new content and a new discussion of a gateway-centric approach (that mentions CASB, but defers to this excellent paper for detailed CASB technology coverage). The abstract states: “Cloud computing is changing the way enterprises use IT. Security requirements and security monitoring, in particular, often lag behind. This research assesses approaches and architectures for security monitoring of public cloud assets that are deployed by enterprises at cloud service providers.”
A few fun quotes follow below:
- “Approaches for security monitoring of public cloud have important similarities and differences from that of traditional IT resources. Cloud-specific threats do exist, but cloud users report that they spend more time dealing with traditional threats that affect their cloud environment.”
- “It is useful to remember that traditional threats and vulnerabilities apply to cloud environments: malicious software, unsafe access credentials, poorly written software with security bugs, unsecure Web applications, privileged users going rogue, data theft by various parties (internal and external), and denial of service attacks. “
- “No one right security monitoring approach for cloud resources has emerged; organizations report using traditional tools (like SIEM, DLP and NIPS) and cloud-specific tools (such as CASB) for covering their monitoring needs.”
- “Plan on doing more monitoring in public cloud environments due to less control over the computing stack. Compensate for lack of visibility from the layers of the stack that CSP controls by performing additional monitoring from the layers you control.”
- “Until very recently, the most common approach practiced by enterprise cloud customers was to deploy (or keep, in case one is already deployed) traditional security monitoring tools (SIEM, DLP, NIPS and so on) and to utilize those tools for monitoring cloud resources wherever possible.”
Blog posts announcing paper publication:
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- My “How to Work With an MSSP to Improve Security” Paper Publishes
- Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
- All My Research Published in 2014
- All My Research Published in 2013
Read Complimentary Relevant Research
Devise an Effective Cloud Computing Strategy by Answering Five Key Questions
Cloud computing affects every aspect of IT and the business, so organizations need a high-level bimodal strategy and decision process...
View Relevant Webinars
Essentials of Sound Recovery Sourcing Decision Making
Recovery service alternative costs, benefits and trade-offs regarding the use of colocation services, managed hosting and public cloud-based...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.