- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
The CIO-level business angle on the latest tech
Many IT organizations are looking to the cloud in order to make the most of their budget. This includes deploying IT security as a cloud-based service. Some of the security services for which companies turn to cloud providers include firewall management, vulnerability assessments, patch management, intrusion detection system (IDS) management, email security and content filtering, intrusion response/forensics, change and anomaly detection, and support for compliance reporting.
As it turns out, many of these security services work with the kind of raw data that can be monitored, correlated, reported and controlled by an overarching Security Information and Event Management (SIEM) system. Consequently, a SIEM system is a vital component of what a cloud security services provider can offer its customers.
SECURITY AS A SERVICE: The cloud services explosion
SIEM solutions allow service providers to deliver a full portfolio of security services, with SIEM providing the layer of supervisory analysis and intelligence across their overall portfolio of services. SIEMs transform noisy, low-level security event information generated by firewalls and other devices into meaningful alerts that can be readily comprehended and acted upon by security analysts.
SIEMs are a natural extension to the cloud security-as-a-service (SecaaS) model for a number of reasons. For instance, they typically require significant data storage that many IT organizations are challenged to provide. They have high scaling requirements with respect to event collection. SIEMs usually provide third-party device data interoperability that service providers can leverage across multiple customers. And, they often require a 24/7 security operations center approach with tightly defined technical requirements where service providers can demonstrate core competency across multiple customers.
Cloud-based SIEM services help security teams improve threat identification and risk mitigation, reduce remediation cycle times, and demonstrate regulatory compliance. But, just as with the introduction of early cloud services, organizations have many reservations and concerns about moving their sensitive and critical security services to the cloud.
To address such concerns, the Cloud Security Alliance (CSA) was formed to promote the use of best practices for providing security assurance within cloud computing, as well as to provide education on the uses of cloud computing to help secure all other forms of computing. The research arm within the CSA has spent several years developing guidance on all areas of security-as-a-service. The purpose of the research is to identify consensus definitions of what SecaaS means, to categorize the different types of SecaaS, and to provide guidance to organizations on reasonable implementation practices.
Recently the CSA released the SIEM guideline as part of its overall Security-as-a-Service Implementation Guidance. A 33-page section of the guide provides best practices on how to evaluate, architect and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructure and applications. It addresses the leveraging of cloud-based SIEM services in support of cloud environments, both public and private, hybrid environments, and traditional non-cloud environments. It looks at the requirements, implementation considerations and concerns, and implementation steps as part of the many considerations for SIEM.