Sensage Blogs

There was much talk about cloud security at the RSA Conference last week. On multiple occasions, I was asked for my opinions about log management in the cloud, so I thought I would repeat my replies here. Note that I see log management in the cloud as more of an outsourcing decision than a technology decision. Overall, I see cloud-based log management services on the rise, but with a few key qualifiers that impact the forecast ahead.

The Choice Comes Down to Personality.
Just as we’ve seen with general outsourcing trends over the years, the companies that are willing to outsource log management are those that have an outsourcing personality type…willing to jettison anything that fails the “core versus context” test. While initiatives related to security have tended to be seen as “sensitive context” and therefore tend to stay in house, tight capital budgets and staffing resources have driven more companies to consider outsourcing log management. On the other side of the coin, I do not see many proactive security organizations outsourcing log management because for them, log management, exception reporting and security data analysis are core to their business or government missions.

The Choice May Be a Short-sighted One.
Some organizations see log management outsourcing as an opportunity to avoid non-compliance risks, hoping to blame the outsourcing provider as a first line of defense in dealing with lapses. This is obviously a short-sighted approach, but it happens and may in some cases deliver the intended benefits.

Outsourcing Works Best in a Vertical Context.
This principle often trumps the first two and creates a situation that makes outsourcing superior to insourcing, even for security functions. This is particularly true in the defense industry, where information access policies (e.g., Unclassified, Classified, Secret, Top Secret) and other control structures (e.g., mission, branch, command) are well established, and where defense integrators have established the individual skill sets and large-scale project management competencies necessary for success. We have also seen this in the health care market, where we have partnered with Cerner to embed our log management, audit and compliance reporting capabilities into their health care IT platform Millennium.

More in the U.S., Less in Europe.
In the U.S., we’ve seen a gradual but persistent warming to the thought of handing security data over to security service providers. Not so much in Europe, where privacy concerns and regulatory obligations make this proposition less attractive. Since the primary drivers in the U.S. are also present in Europe (e.g., compliance mandates amidst staffing and budget pressures), it will be interesting to see if the tendencies shift over time.

In summary, log management in the cloud can make sense in the right situations. Make sure the technology behind your service provider can scale to meet your needs and keeps your data separate from other customers’ data. You should also make sure that the technology will help the service provider reduce costs via data compression and storage optimization, because these advantages will help keep your provider in business or reduce the cost of the service or both. Finally, make sure that you will get standard and custom reports, the latter being delivered via a direct interface of your own. Of course, all of these requirements are satisfied by SenSage SIEM and Log Management solutions for managed security service providers. If you’d like to learn more, send us a note.

permalink