Keep a log to bolster cloud security, firms urged

Thursday 17 January 2013

Businesses should be using logging services as they aim to ensure security it the cloud, it has been claimed.

According to Cloud Tech, it is difficult for companies to defend against attacks they cannot see and/or record.

And it is "impossible" to demonstrate compliance with regulations if firms do not keep a log, the news provider stated.

It said cloud activity is difficult to keep track of for two reasons.

Firstly, it operates outside companies' traditional IT infrastructure, in an area where many of the monitoring solutions and services do not operate.

And secondly, logs stored on cloud servers are vaporised when firms tear down machines.

"So make sure you’re using a third party logging service, either built within your security tool and/or as an additive service," Cloud Tech stated.

The news provider said this should be used to keep tabs on who is accessing servers, when, from where, for what, and for how long.

The log should also record applications, attacks, and anything and everything else possible.

Cloud Tech said this allows companies to audit and report on policies, activities, compliance, and events.

Posted by Alex Boardman