With the adoption of services in the Cloud, organisations inevitably lose control on their IT and might lack the critical information required to assess a variety of (business, performance and security) risks.
Traditional approaches based on SLAs and contractual agreements only partially address the above issues, as they provide only a “predefined” and static “view” of the situation which does not cope well against fully dynamic, ever changing IT operations and threat landscapes.
In this context, enabling more dynamic, controlled information sharing in the Cloud is key to improve situational awareness and address the above issues. This involves dealing with tension points between information sharers and sharees (about what to share, why to share, how to control information flows, etc.) along with trust and assurance issues.
More R&D is required in this area, in particular on how to provide safe information sharing and the relevant controls on the information flows.
At HP Labs, Cloud and Security Lab (CSL), we work in this space: we aim at shaping the vision and providing concrete solutions to be used in the market.
In previous blogs of mine, I provided an overview of our vision and related demonstrators we developed to convey it, in the space of Situational Awareness and Information Sharing in the Cloud, in particular in the context of Disaggregated IT.
I also briefly discussed the R&D work we do to provide better predictive analytics based on collected and shared data, in particular in the area of strategic security risk assessment (see our work on SILAS - Security Intelligence-as-a-Service).
I am looking for additional, concrete examples and case studies illustrating how current cloud adopters cope with situational awareness and assessment of the involved IT operation and business risks – including pros and cons or current approaches. Your input in terms of requirements, scenarios and feedback is welcome.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---