Brief description of how to support cloud service monitoring

Ideally, we all want any IT organization whose primary goal should be to align strategy with business. In the real world, however, the entire business process takes weeks, months, or years and the IT team must negotiate with the business unit and develop a clear strategy around the business requirements. The business unit then awaits budget approval, infrastructure building, and security and compliance controls. With some steps down, ultimately, the business unit did not meet expectations.

Let's imagine that if the business unit discovered and implemented the technology without IT involvement, could the general business department accurately define the risk of private information being placed in the cloud? This is exactly what the IT security community is facing. Ease-of-use cloud services are numerous and require any business problem that can be solved by simply clicking on the mouse. IT security must test these services in some way and prove the value of identification and mitigate business-related risks before they become headlines for data breaches.

The good news is that there are many tools available to mitigate the risks of cloud-based services, including such features as pre-service, federation, and managing the virtual infrastructure. The bad news is that there is not enough product to monitor or stop the use of unauthenticated cloud services. However, businesses can use the existing security technologies and controls to help swiftly cloud the tide.

Use existing tools to monitor cloud services

The first way to monitor and detect cloud services is to leverage existing investments currently available, primarily network filtering, next-generation firewalls or data loss prevention (DLP) products. These systems already exist in the network, organize the flow of private information, or detect inappropriately visited websites. DLP systems are especially useful because they can monitor SS encrypted traffic using man-in-the-middle techniques. DLP and web filtering systems may have already been configured to detect or gain access to cloud-based file-sharing sites such as Dropbox and Google Drive. These definition files need modifications to allow the detection of other potential cloud-based services.

There are many cloud service registration references that can help build custom definitions, either for DLP or web filtering systems. However, building custom definitions with these sign-ups is labor-intensive because there are many potential cloud providers to choose from. To make this a path easier, prioritize the cloud providers that are most likely to focus on the business. Cloud providers that security software vendors are most likely to add sign up to future DLP or web filtering products, but at the same time, detection is still a manual process.

If the security team has a limited budget and can not access this type of tool, there are other better open source options. The tool of choice for many budget-constrained security professionals is IDS Snort, an open-source version that includes free rules that run any legacy PC onto a first-class IDS machine. The real power of Snort is its ability to easily add custom rules to suit the environment. This rule is usually inserted into the local rules file, included in the default Snort installation.

Here's an example of a custom Snort rule that can be used to detect access to Rackspace:

Alert tcp any any -> 67.192.1.7 any

This rule can detect any TCP access on any port to IT address 67.192.1.7 on any port. This IP address maps to the Rackspace Services Management Portal. Configuring Snort in this way prompted the IT team to manage the cloud-based services whenever employees' internal networks accessed the Packspace portal.

Remember to work with the business unit

Next-generation firewalls, network filtering, DLP and IDS systems are all great tools for monitoring access to cloud-based services. However, they are both inline tools, assuming users have access to the Internet from within the enterprise. If a user uses a mobile device to access an unverified cloud-based service on their Internet connection, IT must use different methods to detect it.

The IT security team needs to work with the business unit to educate users on the risks of using unapproved cloud services and build strong strategies around building and managing. The value of this approach will never be underestimated. These cloud-based services are becoming a big business expense, so financial controls should also be created. Financial controls can be easily implemented to make them more responsive and explain the business unit more easily than underlying risk scenarios. These controls should include the tactics, finance, and law that require IT review. Creating such a partnership will also help to reshape the shaky IT business strategy and keep the two in alignment, as businesses buy something outside of the IT department.

The problem of users accessing unapproved cloud services in the enterprise is likely to grow as cloud applications become more affordable and accessible to the general public and IT security teams should consider using existing tools in mature enterprises. Limiting Follow-on Funding The best choice for new technologies is to solve this problem, including building relationships between IT businesses, something that is worth fighting outside of this issue.

【Editor's Choice】

Cloud Security Concerns When Hugh Fulfillment Shows Decreased Issues Cloud Security Technology in Cloud Surveillance and Security in Cloud Computing Opacity in Cloud Security Impacts Cloud Launches Cloud Security Alliance Releases "Top 9 Threats to Cloud Computing in 2013" Report IaaS Cloud Security: Users Responsibility to know [Editor: Xiao Yun TEL: (010) 68476606]