Gartner: Start security monitoring in the public cloud

By , Network World |  Security, Gartner, public cloud

National Harbor, Md. -- Security monitoring -- the type involving traditional security information and event management (SIEM) -- can be done in some public cloud environments, according to Gartner. And if you're using public cloud services, it's time to think about doing it.

Security monitoring of assets that the enterprise has placed in cloud is still not a common practice, but it really should be, said Gartner analyst Anton Chuvakin during his presentation this week at the Gartner Security and Risk Management Summit. There is always a "loss of control" when turning corporate data assets over to the cloud, Chuvakin says, but "you can compensate by increasing the visibility that comes with collection of logs and network traffic."

Gartner reveals Top ten security Myths

Most security monitoring today is done on-premises within the enterprise network using SIEM, intrusion-prevention systems (IPS) and data-loss prevention tools. In Amazon Web Services, he said, it's possible to collect logs and copy them back to the on-premises SIEM.The benefits are that familiar tools are in use and you can obtain a unified view of both the cloud and the traditional environment, he said. On the other hand, there might be bandwidth restraints that make this hard or that the SIEM tools present "conflicts and incompatibilities" in the cloud environment. Chuvakin said enterprise security managers have to ask the question whether their SIEM tool is "cloud-ready" to collect data, which may be presented in unfamiliar form as instances and dynamic provisioning.

Some SIEM tools are able to make use of specific software-as-a-service APIs as well to collect logs from public cloud services. Tools from IBM and HP ArcSight, for example, can now monitor Salesforce, Chuvakin noted.  

A second approach to security monitoring of cloud assets is to load a SIEM tool directly into an IaaS to have "on-IaaS monitoring," Chuvakin said. The advantages here are that the tools are familiar and there's no high bandwidth requirement. However, there could possibly be high storage costs in the cloud, and in the end, there's a lack of a unified view on on-premises and on-IaaS monitoring.

A third possibility is to obtain the data from the cloud service, if it's available, and hand it to a managed security service provider such as Splunk Storm.

He said it makes sense to ask why the cloud service providers are not contributing more to the security monitoring process and making SIEM data more available since it's obvious their customers have a need for this. Some, such as FireHost, which offer a way for their customers to use their SIEM in their cloud hosting service, said Chuvakin.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Don't miss...

Best programming fonts
The 13 best programming fonts of all time
Top 10 programming skills that will get you hired
Top 10 programming skills that will get you hired
Low tech solutions to high tech problems
Funny fixes! 8 low-tech solutions for high-tech problems

  Sign me up for ITworld's FREE daily newsletter!

Originally published on Network World |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question