Proposed Cloud-Log Standard Sparks Controversy
Cloud computing pushes current log management capabilities to their limit. Experts say it's time for a new standard to simplify the problem
Thu, February 24, 2011
CSO — The biggest challenges to accelerating cloud adoption is security, regulatory compliance, and transparency into transactions and systems into internal and especially outsourced cloud compute systems. In the cloud, a simple request by an end user can hit systems on the local LAN, external servers, public clouds, and any number of other resources before its complete.
That, many say, makes reading and understanding the logs of transactions that traverse highly virtualized and cloud-based systems challenging enough to call for a new cloud log standard. Not everyone agrees.
More on cloud computing and security
- Cloud security predictions for 2011
- Cloud Security Alliance updates controls matrix
- Survey finds companies still struggling with cloud security
The cloud log challenges are something Misha Govshteyn, VP of technology and service provider solutions at security and log management provider Alert Logic says his company was increasingly running into with their hosting service provider customers.
"When they send us logs there is often nothing truly auditable within them," he says. "It's a mess of stuff that typical hardware and software devices throw off, but they have zero awareness of what resources are being requested: who asked for the service, what other services helped with the transaction, or even what was all actually consumed by the requestor," he says.
To that end, Alert Logic -with support from Datapipe, Eucalyptus Systems, Hosting.com, Mezeo Software, and Perimeter E-Security - recently proposed a standard, CloudLog, that aims to simplify log management across cloud providers and platforms. CloudLog, currently submitted as an informational RFC (Request For Comments) to the standards track of the Internet Engineering Task Force (IETF), would simplify how to determine what virtual machines were running on what hardware, or what users, along with their associated roles, were accessing certain resources.
"Virtual machines are spun up and down all of the time, and they come up on different physical machines. If you end up with a physical machine that was compromised, it's quite the challenge to determine which virtual machines may have been running on that machine at certain times," says John Eastman, CTO of storage services provider Mezeo Software. "All you know is that the system was in the cloud," he says.
Eastman says that Mezeo has incorporated CloudLog, in its current state, into its Cloud Storage Platform as a way to simplify the logging of essential data. "Before we started using the CloudLog format, we had to try to figure out how to piece all of that information together, because even though we were logging it, it was tough to piece together what systems were supporting what virtual machines," he says. "Using CloudLog has helped us to address certain security objections, such as transparency into who was using exactly which virtual machine," Eastman explains.