John Sawyer wrote about security implications of being hosted in the cloud in “Spot the Trouble in the Cloud” for InformationWeek. He highlights the security challenges for cloud based hosting. In particular:
“…enterprises are flying blind unless they adapt their security monitoring, incident response and digital forensic policies and procedures to the cloud… most cloud provider SLA state security is up to the customer”.
The steps to mitigate this challenge is to start monitoring. Enable system logs and send them over to your syslog server. Alternatively Mr Sawyer suggests the use of services like Loggly or products like Splunk, Tenalbe’s SecurityCenter and Log Corrlelation for your log management analysis.
In addition, you could outsource the monitoring to a dedicated team of professionals to notify you of any incidents that would otherwise escape your attention. You can also incorporate such a team into your incident handling policies and procedures. These teams are called Managed Security service providers (MSSPs).
Some of the security tasks MSSPs undertake on your behalf:
- System Patch management
- Malware detection and analysis
- IPS/IDS Incident Response
- Identity and password management
- Log analysis
- Researching new threats
- Writing or preparing reports for audit teams
Contact email@example.com to see how you can benefit from our MSSP offerings and secure your data today!