As powerful as the cloud can be, it's not magic. If you have a problem before you make the transition to the cloud, it won't just disappear when you make the move.
Cloud security monitoring is a good example of this. Organizations have historically struggled with security monitoring: the volume of log data and alert information is high, complexity can create visibility gaps, and fatigue can set in among these resources when analyzing monitoring data - especially when there is a high false positive rate.
How cloud security monitoring works
Consider what happens when traditional log management or log correlation is used to support the cloud. Depending on the type of service that drives your organization's enterprise applications, it can be challenging to draw a direct one-to-one mapping between these tools and cloud environments.
This is true for a few reasons. Firstly, being a cloud customer means you don't have full visibility of the application stack. In on-premises environments, you had visibility of everything from the top of the application stack to the physical hosts and the cable that connects those hosts to each other.
As a cloud customer, much of this environment is abstracted from your view. The amount and type of data available varies depending on the type of cloud service you employ and the provider you have selected.
Ultimately, the type of data and the method of accessing that data will depend on the service provider, the specific product they provide and your own specific use of the cloud platform.
Secondly, there are specific toolkits that cloud providers have made available to their customers to help with cloud security monitoring challenges, and the specifics of how these tools work vary with the implementation.
In addition to the technical challenges, there are also business and process challenges. In addition to changes in scope, there are also potential issues with the service provider that may come into play.
This is particularly true with smaller or more niche service providers that you can employ from a SaaS provider offering a targeted business application.
Cloud security monitoring best practices
There are three cloud security monitoring steps or best practices that companies can follow to help ensure that their monitoring capability is as robust and useful as possible.
These are not the only ways to establish comprehensive monitoring. Depending on what the organization uses the cloud for and which providers it uses, there can be hundreds or thousands of different individual steps to improve monitoring capabilities.
At a higher level, there are some things that will almost always provide benefits, regardless of the specific nuances of the deployments.
1. Know your use
To develop a cloud security monitoring strategy, you'll need to know a few things.
First of all, you'll need to know which applications and data you want to monitor. In other words, the intended scope of coverage for your monitoring efforts, including which systems, products, services and service providers are in scope.
The shadow use of cloud applications and services can make it challenging to get a complete list of everything in scope.
Similarly, changes in usage - whether from the evolution of how services are used by business or technology teams or new service offerings from providers - can make today's complete list incomplete tomorrow.
Making an effort to understand what you want to monitor is a key element in planning a comprehensive monitoring strategy.
2. Know your providers and their resources
Some cloud providers, such as smaller SaaS providers, may have more limited monitoring options, while larger providers may have more than one option with many opportunities for customization.
Researching what these options are allows companies to select the right options based on how, where and for what they are employing that provider.
3. Integrate where you can
Knowing what your monitoring options are and what you need to apply them to is a great start, but getting a complete monitoring picture means putting together different services from different providers.
Depending on the number of providers in scope, you may find that collecting the data for analysis can be complicated.
It can be valuable to work through the two lists you have created - applications/data in scope and service provider monitoring resources - systematically to ensure that your monitoring approach is thorough and, where possible, that you are bringing together and integrating this information to enable administrative and operational staff to monitor it efficiently.
Depending on the service provider, you can export telemetry or log data to other platforms or consume it directly from security tools.
Get in touch with Conversys experts now and find out about our security, network management and connectivity solutions. We're on hand to help you overcome new challenges.
About Conversys
Conversys IT Solutions is a provider of Information and Communication Technology services and solutions operating throughout Brazil.
With a highly qualified technical and commercial team and a network of partners that includes the main global technology manufacturers, Conversys IT Solutions is able to deliver customized IT and Telecom Infrastructure solutions to clients.
We invest in our employees and partners and strive for a long-lasting relationship with our clients, because we believe that this is how we gain the skills and knowledge we need to innovate and generate value for the businesses in which we operate.
