Research on Security and Innovation in the Cloud

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

Towards A “Social Network” of Monitoring and Incident Management in the Cloud?

by on 07-01-2011 11:22 AM

I recently read a very interesting article called “Log files – are you reviewing yours?”. Organisations often fail to fully leverage and analyse the audit log information that is collected within their IT and business environment …

 

Things might get worse when more and more organisational services and IT infrastructure is outsources in the Cloud …

 

This triggered a few thoughts about how assurance could be provided in the Cloud and how this could be done effectively to handle various degrees of risks.

 

Interestingly, when outsourcing in the Cloud, part of the organisational control on IT and processes is lost. This might include the ability of logging information at the desired level of granularity and timely acting on it, e.g. in case on incidents …

 

Which mechanisms should be put in place to enable organisations to get timely information, including logs and incidents, from their Cloud Service Providers?

 

This has an impact not only on SLAs and contractual agreements but also on technical solutions that needs to be deployed to:

 

-   enable Cloud service providers to flexibly collect log information, at different level of abstractions in the IT stack,  for specific customers - and provide it to organisations

 

-   enable organisations to deal with mixed sources of log files, with potentially different level of accuracy and trust, to drive their audit & compliance  management activities as well as incident management processes

 

It is going to be a “recursive” issue, as Cloud Service providers might rely on other providers in the Cloud …

 

I envisage a situation where enterprises’ business and governance requirements will dictate a wider collaboration between various Service Providers in order to collect, process, sanitise and share “logs information” and incidents.

 

Are we moving towards Federated Monitoring in the Cloud i.e. a sort of “Social Network” of Monitoring and Incident Management in the Cloud? …

 

 

--- Posted by Marco Casassa Mont(here and here)  ---

 

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

 

--- NOTE:  my original HP blog can be found here  ---

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Comments
by Richard Orange(anon) on 08-15-2011 09:53 AM
Options

Not only do I agree that incident management and monitoring lends itself to a more social regime, I believe this can be applied to the wider security community.

 

Whilst we don't yet have the tools, surely the management framework around security should be an inclusive model where distributed control is enabled and built into the fabric of our security architecture.  How?  Don't know..  But for sure we cannot continue to build out point solutions that demand dedicated resources and different management process for each instance. 

 

As a general theme the security indistry is consolidating, why can we not aim to do the same with the management framework?  Cloud providers have done this tactically for many years and proved cost savings can be achieved.

0
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
Labels