Many have said that cloud is built on the back of open source. What you may not know is that much of the security we use both in the cloud and without is based on open source code as well. I recently sat down with Misha Govshteyn, co-founder of cloud security provider, Alert Logic about a new open standard they announced today called CloudLog. There is a web site set up for CloudLog where you can read more about it.
Log management is one of the key tools in the security pro's toolbox. But in a multi-tennant, elastic, virtual environment like the cloud, todays logging standards don't give the information or audit trail needed. CloudLog seeks to remedy that. In the announcement today serveral companies including Euculyptus Systems, Datapipe and Rackspace, in addition to Alert Logic announced support. The standard has been submitted to the IETF as well. Anyone is now free to use the specs in their cloud stack to enable this higher level of logging.
In our conversation, Misha talks about Cloud Audit, another open standard for cloud security which is adjacent to CloudLog. Also Misha gives us some great insight into how so many companies use open source as part of their security service. Alert Logic which offers their services in a SaaS model partners with many of the largest cloud and hosting providers to provide their security and compliance services.
The conversation is about 15 minutes long and very informative.
For the sake of full disclosure, Alert Logic maintains a blog called Secure Cloud Review which I blog on occasionally. I have been following the CloudLog development for a few months now.