Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Friday, July 1, 2011

Towards A “Social Network” of Monitoring and Incident Management in the Cloud?

I recently read a very interesting article called “Log files – are you reviewing yours?”. Organisations often fail to fully leverage and analyse the audit log information that is collected within their IT and business environment …

Things might get worse when more and more organisational services and IT infrastructure is outsources in the Cloud …

This triggered a few thoughts about how assurance could be provided in the Cloud and how this could be done effectively to handle various degrees of risks.

Interestingly, when outsourcing in the Cloud, part of the organisational control on IT and processes is lost. This might include the ability of logging information at the desired level of granularity and timely acting on it, e.g. in case on incidents …

Which mechanisms should be put in place to enable organisations to get timely information, including logs and incidents, from their Cloud Service Providers?

This has an impact not only on SLAs and contractual agreements but also on technical solutions that needs to be deployed to:

- enable Cloud service providers to flexibly collect log information, at different level of abstractions in the IT stack – for specific customers - and provide it to organisations
- enable organisations to deal with mixed sources of log files, with potentially different level of accuracy and trust, to drive their audit & compliance management activities as well as incident management processes

It is going to be a “recursive” issue, as Cloud Service providers might rely on other providers in the Cloud …

I envisage a situation where enterprises’ business and governance requirements will dictate a wider collaboration between various Service Providers in order to collect, process, sanitise and share “logs information” and incidents.

Are we moving towards Federated Monitoring in the Cloud i.e. a sort of “Social Network” of Monitoring and Incident Management in the Cloud? …


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

No comments: