Open Source Fact and Fiction

Alan Shimel

Previous Article Next Article

CloudLog - A New Open Standard To Bring Effective Logs To The Cloud

The cloud represents a challenge to todays log formats. CloudLog wants to fix that

By Alan Shimel on Mon, 02/14/11 - 10:48am.

. What's this?

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Many have said that cloud is built on the back of open source. What you may not know is that much of the security we use both in the cloud and without is based on open source code as well. I recently sat down with Misha Govshteyn, co-founder of cloud security provider, Alert Logic about a new open standard they announced today called CloudLog. There is a web site set up for CloudLog where you can read more about it.

Log management is one of the key tools in the security pro's toolbox. But in a multi-tennant, elastic, virtual environment like the cloud, todays logging standards don't give the information or audit trail needed. CloudLog seeks to remedy that. In the announcement today serveral companies including Euculyptus Systems, Datapipe and Rackspace, in addition to Alert Logic announced support. The standard has been submitted to the IETF as well. Anyone is now free to use the specs in their cloud stack to enable this higher level of logging.

In our conversation, Misha talks about Cloud Audit, another open standard for cloud security which is adjacent to CloudLog. Also Misha gives us some great insight into how so many companies use open source as part of their security service. Alert Logic which offers their services in a SaaS model partners with many of the largest cloud and hosting providers to provide their security and compliance services.

The conversation is about 15 minutes long and very informative.

For the sake of full disclosure, Alert Logic maintains a blog called Secure Cloud Review which I blog on occasionally. I have been following the CloudLog development for a few months now.

Tags

About Open Source Fact and Fiction

As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.

Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast.

Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.

Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.

Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.