What's in a cloud security plan?
Posted by Heather Howland in Cloud Security, Security Intelligence
Q1 Labs’ CSO, Chris Poulin, recently authored a paper defining best practices for IT Security in a cloud environment. In this, he covers some interesting viewpoints on various hurdles expected when organizations secure their public or private cloud environments, as well as the steps necessary to create an effective security policy, and the similarities between SIEM and cloud environments.
Since this is a week of two major cloud related conferences - VMworld and Dreamforce – let’s talk cloud security!
What are a few of the steps cloud providers and customers can take when building out their own cloud security plan? One major chunk of the process is to start with an assessment of risk. That is, understand your current data types, locations, business processes, and information flow. Understand where the critically sensitive data is. Just like any other enterprise, cloud computing requires customers and cloud providers to define their own information topology before any reasonable security policy can be defined and implemented.
Step 1: Discovery
Know where all of your data is, no matter how you classify it. The key is uncovering the difference between the data that can and cannot be housed in the cloud. An eDiscovery process is recommended to locate buried and even misplaced data. Too often organizations find that Personally Identifiable Information (PII) is mixed with less critical data and matched with the wrong security protocols.
Step 2: Classification
After understanding where your data is, it needs to be classified appropriately and distributed to systems with security controls to match the data sensitivity. This step alone can help you make progress meeting various compliance regulations.
Step 3: Data transit
SIEM can help define your data transit policy by monitoring endpoints, firewalls, and network activity to govern if the data should be allowed to proceed to the cloud or not. Content-aware network profiling from Data Loss Prevention (DLP) solutions can fed to the SIEM to perform more complex correlations with other data feeds. For example, watch for PII such as a social security number in a patient healthcare record and combine that with the firewall logs and network activity found within a SIEM to gain a bigger picture of malicious activity.
As Chris Poulin has blogged, there is no question that more modern SIEM (a.k.a. Security Intelligence) solutions have their place in the cloud. It’s not a matter of if SIEM is ready for the cloud, but if the cloud is ready for SIEM. For more on IT Security best practices in cloud environments, take a spin through Chris’ complete writeup.
Related: SIEM and Cloud might be cousins
The latest on Cyber Security
Leave a Reply