Why is protective monitoring in the cloud different?

1 minute read

Traditional PM relies on capturing the logs from all devices in the network/system (or at least the key devices). These are typically servers, workstations, network devices, etc. Often these devices are on the internal network and it is relatively straightforward to map internal users to these devices through correlating audit logs, etc. Users typically connect via local networks or corporate mobile VPNs. In the cloud model users may be connecting from anywhere, using a variety of devices and a variety of authentication services that are outside of the corporate network. This creates a situation whereby a lot of the PM data is external to the corporate network. A modern organisation that is benefiting from cloud service will have users accessing a variety of cloud services and the internal corporate network itself will also be consuming cloud services, such as Backup as a Service, Cloud Disaster Recovery, Email and Web filtering services and so on. The picture below shows just some examples of how this looks and how monitoring the corporate network is only part of the story…..

The true scope of cloud security

e2e’s cloud protective monitoring combines these two elements - the internal corporate logs and the external cloud system logs to ensure effective PM of cloud model computing. Why you shouldn’t rely on your Cloud Service Providers – it simply isn’t their job! Each cloud service will have a different amount of extant security monitoring but it is all based on monitoring the cloud service itself – not at performing any monitoring for you. Cloud service providers are also focused on driving down costs so relying on them to detect security problems is not an acceptable response – as recent failures such as Apple iCloud have taught us.

The Cloud model widens the threat surface and presents more opportunities to hackers.

Users and indeed computers connect to cloud services in a variety of ways and this presents would be attackers with a much wider attack surface to use against you and many different communications paths where data in transit could be captured.

A breach in any one of your cloud services could lead to a breach of many of them – if your users’ device is compromised it could be used to compromise all its connected cloud services.