A cloud computing expert has spoken out about the inadequate availability of security information and event management (SIEM) for firms signed up to cloud computing services with third party providers.
The distinction between the operation of private cloud systems and public cloud services is often made by the relative complexity of SIEM in relation to the two, according to Q1 Lab’s data security expert Chris Poulin.
Mr Poulin believes that cloud vendors lack the motivation to act transparently, largely obscuring the operation of their systems from clients.
Mr Poulin said that in order to guarantee client access to various important system log files on request, many businesses would have to negotiate this at the very beginning of the process, as getting full disclosure after a contract is signed may prove to be far more difficult.
The applications of SIEM are wide ranging amongst firms and organisations that are required to comply to specific industry standards and regulations, such as the PCI DSS.
Members of the SIEM market are currently predicting that a significant shift towards public cloud use by larger businesses will take place in the near future, according to Mr Poulin. This is being anticipated by the vendors as they ready themselves for an influx of new business.
There is currently a lack of analytical tools available to businesses looking to move their data onto public cloud platforms and Mr Poulin believes that the provision of these tools must come from third party suppliers.
The biggest players in the public cloud market, Google and Microsoft, have the means to offer robust SIEM to clients, but they are currently allocating resources to other areas of their businesses, according to Mr Poulin. In the example of Google, he believes that it is focusing on marketing when it could turn its attention to SIEM quite easily.
Mr Poulin also commented on Microsoft’s commitment to SIEM, saying that his own view was that the software giant did not fully appreciate the wider ramifications.