It can be difficult to monitor internal and external interception inside outsourced applications.
Delivering a session on best practise in IT security and IT operations integration, Gartner Research vice president Mark Nicolett said that if applications and services are to be put into the cloud they need to be properly monitored for malicious activity.
He said that with cloud-based monitoring, you can put five things in but then you have ‘five blind spots' and security managers need to make sure that they are part of the decision for monitoring requirements.
Asked if could providers should offer event monitoring as a service, Nicolett said: “Take a managed security service provider (MSSP), a cloud provider who delivers a service via the internet using service infrastructure and using internet technology in a scalable shared environment.
“You can slap the cloud label on the MSSP if you like, I think the monitoring issue at the application layer is what I described – you need to get the cloud application provider to generate the audit trail that you require. If you look at other layers in the stack the problem is different, if you use the Amazon environment you can use their servers, and their images are going to produce logs like any server would, you should be able to pick those up.
“With the secure transfer of the internet it may be a problem but those activity log issues you should be able to get those back into the environment.”
He pointed out that what you will not see is any of the activity of the privileged users in the provider, so while you can monitor your own users there are privileged users in their environment that may have access to your systems.
Nicolett said that in that instance ‘you will never see any activity, I guarantee it'.
“So you will have to take their word for it, and take an audit or assessment from a third party and that is about it. There are also some assessments restrictions in terms of the cloud providers in a network environment, for example port scanning is not allowed, so you need to look at how your assessment is run,” he said.