Cloud Computing & Virtualization Technology is a corporate security black hole?

Security information and event monitoring (SIEM) and log management methods for network and security devices do not actually make sense in cloud computing.

After spending a lot of money and a lot of human resources on the deployment of comprehensive security information and event monitoring (SIEM) tools and technologies, many companies find that these valuable investments have lost value in cloud computing deployments. The Public cloud computing program, to some extent, even virtualization deployments, adds a security black hole to the corporate Security monitoring framework. No light can illuminate these blind spots.

To ensure security standards within an increasingly distributed IT infrastructure, businesses will have to adjust if they want to know about their infrastructure and the events that affect users and data flows within the boundaries of traditional enterprise networks.

"Virtualization and cloud computing are breaking the current pattern," said Mike Rothman, an analyst at Securosis, who says, "You can't see the infrastructure in cloud computing, so existing security information and event monitoring/log management for network and security devices are not really meaningful." ”

This problem is magnified in the public cloud arena, where enterprises are dynamically sharing infrastructure with other organizations, unable to control or even see how data is put together and how it flows.

"Most security information and event monitoring products have no difficulty in providing complete visibility into the virtual environment and private cloud (in a private cloud environment where you can simultaneously control both physical and virtual environments)." Transparency is bound to be limited when access and control is limited, "says Michael Maloof, chief technology officer at TriGeo Network security." Although cloud-based applications are good for productivity and data, But they cannot provide the same level of monitoring as the event monitoring provided in more traditional environments, for example, cloud applications connected to Active Directory can provide access to control data. ”

But even when the virtual environment is actually controlled within the enterprise infrastructure, it is still necessary to track all activities that occur at different virtual tiers to meet compliance requirements.

"I think you can assume that all the information inside the environment is safe, but in that case you may see a false virtual environment," says Bill Roth, Loglogic's chief marketing officer. He warns that the first step in keeping the monitoring of the virtual environment is to ensure that only the absolutely necessary virtual machines are involved, "things are easy to accumulate, storage and processing are also becoming very inexpensive, leading to the risk of virtual machine clutter, and the enterprise must be very cautious," he said.

Whether in a public cloud environment or in a private cloud environment, businesses need to recognize that applications are best tuned for output monitoring information, securosis Company's Rothman says.

"We need to start tweaking the application to provide monitoring information and providing some transparency," he says, "and, in fact, most application personnel do not do very well in building the transparency of the application." But they need to do this, considering that the enterprise really wants to run some or all of the applications in a cloud-type environment for flexibility. ”

(Responsible editor: The good of the Legacy)