As part of managing the risk in working with public clouds, we need to configure an ongoing monitoring solution for our cloud environments.

Monitoring provides us with visibility of our cloud environments (in most cases IaaS / PaaS), while keeping compliance with regulation and security standards.

The main topics we should be monitoring, from a security point of view are:

  • Activity monitoring
  • Data Leakage
  • Attack detection
  • Compliance

This post summarizes some of the main tools and services provided by the main Cloud vendors for security monitoring related to the above 4 categories. These are a good starting point and the focus of this article but it should be noted that there are a wide variety of third-party tools available in the marketplace which may also be useful or relevant depending on the needs of your organization.

Activity monitoring

For activity monitoring, we need to include:

  • Login attempts (both success and failure)
  • Activity performed (who accessed what, when was an activity was performed, what action was performed)

Common services provided by cloud vendors in this category include:

Data Leakage

For data leakage, we need to include:

  • Data discovery and classification (detect sensitive data such as PII, credit card numbers, etc.)
  • Data leakage detection (and sometimes even prevention)

Common services provided by cloud vendors to help us in this category include:

Attack Detection

For attack detection, we need to include:

  • Analyzing logs and detecting potential attacks
  • Network attack detection

Common services provided by cloud vendors in this category include:

Compliance

For compliance, we need to include:

  • Detecting configuration mistakes
  • Missing security patches against organizational standard
  • Checking hardening settings against known industry standards (such as CIS, NIST, etc.)

Common services provided by cloud vendors in this category include:

About the author

Eyal Estrin is a cloud architect, working in the Inter-University Computation Center (IUCC) in Israel. He has more than 20 years of experience in infrastructure, information security and public cloud services. He is a public columnist and shares knowledge about cloud services. You can follow him on Twitter at @eyalestrin