Security information and event monitoring (SIEM) and log management methods for networks and security devices have no practical significance in cloud computing.
After spending a lot of money and a large amount of human resources deploying comprehensive security information and event monitoring (SIEM) tools and technologies, many companies find that these valuable investments have lost value in cloud computing deployment. Public cloud computing plans, to a certain extent, even including virtualized deployments, add security black holes to enterprise security monitoring frameworks. No "light" can illuminate these blind spots.
In order to ensure security standards within an increasingly distributed virtualized and outsourced IT infrastructure, companies will have to conduct business events if they want to know the events affecting their infrastructure and the impact on users and data flows within the boundaries of traditional enterprise networks. Adjustment.
"Virtualization and cloud computing have broken the current model," said Mike Rothman, an analyst at Securosis. "You can't see the infrastructure in the cloud, so there are existing security and event monitoring/logging for network and security devices." Management actually has no practical meaning.â€
This issue is amplified on the public cloud stage because companies in the public cloud environment dynamically share infrastructure with other organizations and cannot control or even see how the data is put together and how it flows.
"Most security information and event monitoring products have no difficulty in providing complete visibility into virtual and private clouds (in a private cloud environment, you can control both physical and virtual environments simultaneously.) When system access and control are limited, Transparency must also be limited,†said Michael Maloof, chief technology officer at TriGeo Internet Security. “Although cloud-based applications have benefits for productivity and data, they cannot provide and provide in more traditional environments. The same level of monitoring is monitored for events. For example, a cloud computing application that connects to Active Directory can provide you with access control data."
But even when the virtual environment is actually controlled within the enterprise's infrastructure, it is still necessary to track all activities that occur at different virtual layers to meet compliance requirements.
"I think you can make assumptions, assuming all the information inside the environment is safe, but in that case, you may see a fake virtual environment," said Bill Roth, chief marketing officer of LogLogic. He warned that the first step in maintaining monitoring of virtual environments is to ensure that only absolutely necessary virtual machines are involved. "Things are easy to accumulate, storage and processing are also very cheap, and there is a risk that the virtual machine may be in disorder." The company must be very cautious about this," he said.
Whether in a public cloud environment or a private cloud environment, companies need to realize that applications are best adjusted to output monitoring information, said Rothman of Securosis.
"We need to start adjusting the application to provide monitoring information and provide some transparency," he said. "In fact, most application staff do not do a good job in establishing the transparency of the application. But they need it." Do, considering that companies really want to run some or all of their applications in a cloud-type environment for flexibility."
The most important thing in a cloud computing environment is the collection of key logs that provide better advice on how the infrastructure that affects corporate data actually works.
"If you decide to go into a cloud environment, you need logs to help you understand the operating state of your system, so you know your current performance situation," Roth said, "requiring log and transparency if the cloud service provider can't provide both This will be a fatal weakness. It cannot be because 'cloud' means embarrassment, and the actual situation is the same. We need transparency."
Maloof agrees with this view and explains that companies will not be able to shirk responsibility for data leakage incidents to their cloud service providers, so they need to remain vigilant about potential problems.
"In fact, although you can now "cloud" many applications, this does not eliminate the responsibilities associated with data loss and the need to provide comprehensive monitoring policies for regulatory compliance," said Maloof.
“This should not stop at log issues. Enterprises also need to work with cloud service providers to better plan the blueprint for user activities and data access trends (cloud services-based information pool), starting with improved cloud access control ."
"Identity and access management systems are a key part of this challenge and are closely linked with clear policies and application-level policy enforcement," Maloof said. "Although data and applications exist outside the traditional network boundaries, identity and access control systems will Become a bridge between physical and virtual systems."
However, the success of these transparency-enhancing efforts really depends on the participation of cloud service providers. According to LogLogic’s Roth (he is also an active participant in the Cloud Security Alliance), the user name is still very difficult to convince large cloud service providers to improve their transparency. He believes that the user name needs to continuously apply this pressure to the supplier. In addition, joining relevant organizations (such as the Cloud Security Alliance) will help the industry develop security monitoring standards within the cloud environment.
“We are currently working hard to resolve several issues that we think are very important,†said Roth of the Cloud Security Alliance. Cloud Security Liang Meng is expected to release a draft on security monitoring in November this year, “I think these events will promote the cloud. Safe development."
After spending a lot of money and a large amount of human resources deploying comprehensive security information and event monitoring (SIEM) tools and technologies, many companies find that these valuable investments have lost value in cloud computing deployment. Public cloud computing plans, to a certain extent, even including virtualized deployments, add security black holes to enterprise security monitoring frameworks. No "light" can illuminate these blind spots.
In order to ensure security standards within an increasingly distributed virtualized and outsourced IT infrastructure, companies will have to conduct business events if they want to know the events affecting their infrastructure and the impact on users and data flows within the boundaries of traditional enterprise networks. Adjustment.
"Virtualization and cloud computing have broken the current model," said Mike Rothman, an analyst at Securosis. "You can't see the infrastructure in the cloud, so there are existing security and event monitoring/logging for network and security devices." Management actually has no practical meaning.â€
This issue is amplified on the public cloud stage because companies in the public cloud environment dynamically share infrastructure with other organizations and cannot control or even see how the data is put together and how it flows.
"Most security information and event monitoring products have no difficulty in providing complete visibility into virtual and private clouds (in a private cloud environment, you can control both physical and virtual environments simultaneously.) When system access and control are limited, Transparency must also be limited,†said Michael Maloof, chief technology officer at TriGeo Internet Security. “Although cloud-based applications have benefits for productivity and data, they cannot provide and provide in more traditional environments. The same level of monitoring is monitored for events. For example, a cloud computing application that connects to Active Directory can provide you with access control data."
But even when the virtual environment is actually controlled within the enterprise's infrastructure, it is still necessary to track all activities that occur at different virtual layers to meet compliance requirements.
"I think you can make assumptions, assuming all the information inside the environment is safe, but in that case, you may see a fake virtual environment," said Bill Roth, chief marketing officer of LogLogic. He warned that the first step in maintaining monitoring of virtual environments is to ensure that only absolutely necessary virtual machines are involved. "Things are easy to accumulate, storage and processing are also very cheap, and there is a risk that the virtual machine may be in disorder." The company must be very cautious about this," he said.
Whether in a public cloud environment or a private cloud environment, companies need to realize that applications are best adjusted to output monitoring information, said Rothman of Securosis.
"We need to start adjusting the application to provide monitoring information and provide some transparency," he said. "In fact, most application staff do not do a good job in establishing the transparency of the application. But they need it." Do, considering that companies really want to run some or all of their applications in a cloud-type environment for flexibility."
The most important thing in a cloud computing environment is the collection of key logs that provide better advice on how the infrastructure that affects corporate data actually works.
"If you decide to go into a cloud environment, you need logs to help you understand the operating state of your system, so you know your current performance situation," Roth said, "requiring log and transparency if the cloud service provider can't provide both This will be a fatal weakness. It cannot be because 'cloud' means embarrassment, and the actual situation is the same. We need transparency."
Maloof agrees with this view and explains that companies will not be able to shirk responsibility for data leakage incidents to their cloud service providers, so they need to remain vigilant about potential problems.
"In fact, although you can now "cloud" many applications, this does not eliminate the responsibilities associated with data loss and the need to provide comprehensive monitoring policies for regulatory compliance," said Maloof.
“This should not stop at log issues. Enterprises also need to work with cloud service providers to better plan the blueprint for user activities and data access trends (cloud services-based information pool), starting with improved cloud access control ."
"Identity and access management systems are a key part of this challenge and are closely linked with clear policies and application-level policy enforcement," Maloof said. "Although data and applications exist outside the traditional network boundaries, identity and access control systems will Become a bridge between physical and virtual systems."
However, the success of these transparency-enhancing efforts really depends on the participation of cloud service providers. According to LogLogic’s Roth (he is also an active participant in the Cloud Security Alliance), the user name is still very difficult to convince large cloud service providers to improve their transparency. He believes that the user name needs to continuously apply this pressure to the supplier. In addition, joining relevant organizations (such as the Cloud Security Alliance) will help the industry develop security monitoring standards within the cloud environment.
“We are currently working hard to resolve several issues that we think are very important,†said Roth of the Cloud Security Alliance. Cloud Security Liang Meng is expected to release a draft on security monitoring in November this year, “I think these events will promote the cloud. Safe development."
S Series Variable Volume Micropipettes
1-10 ml S Series Variable Volume Micropipette,Variable Volume Micropipettes Single Channel
Topscien Instrument(Ningbo China)Co.,LTD , https://www.centrifugesupply.com