Is your security posture demonstrable? If you have answered in the negative, your security posture needs a re-think. Security monitoring should be real time for network devices, applications and end point connections. Your security system should have an enterprise wide / infrastructure wide visibility and must demonstrate that you can effectively defend the enterprise against proliferating security threats. Regulatory authorities must be satisfied that you have complied with industry regulations. Obviously, the task is not simple.
The Cloud computing security system should take into consideration the following factors while building up the security monitoring system:
- IT is evolving and every new device added to your network represents a potential avenue for a security breach. You need an “endpoint security” approach that recognizes the potential security threat (via the new device) and provides an end point perspective that helps you assimilate the product into your security monitoring system.
- The cost of assimilation of new devices into the security umbrella should be such that it does not become a barrier to assimilation. Ideally the monitoring costs should be a predictable “pay as you go” service.
- The business relevance of the threats should be underscored for the customer and prioritization of security response efforts should be automatic. The Administrator should be able to cut through the noise and focus attention on security threats that have a larger impact on the network.
- Cloud service security support teams should be accessible round the clock to help organizations handle any security threats that may impact their business.
Demonstrable compliance is possible only when the security system has the following features at the minimum:
- Enterprise wide system for log collection
- Hosted log storage
- High availability of systems
- Log retention systems
- Single window log reporting systems
- Log-security system interaction for incident analysis and alert generation
- Facility for online / offline log queries
In short, demonstrable compliance is possible when the security system reduces business risk by dynamically absorbing new device additions for end point security, and provides real time log based threat information management and helps security monitoring at a cost structure that is predictable / adoptable. If this security system is integrated with a global threat intelligence monitoring system with a flexible mix and match portfolio, it would be an added bonus.