Download - Cloud Security Alliance

More documents

Recommendations

Info

CLOUD SECURITY ALLIANCE SecaaS Implementation Guidance, Category 6: Intrusion Managementincludes treatment of the skills and capabilities required to complement the technology and processes thatmake up the functional areas of the Intrusion Management Service (IMS).Understanding the relevant IMS requirements and choosing the right deployment model (and provider) is also achallenging and potentially costly task. Therefore, this guide also provides the customer perspective of what isrequired to procure, implement, and integrate a cloud-delivered IM solution, including:Basic understanding regarding the specific problems to solve with key considerations forimplementation strategy, namely:o Technical, architectural,o Functional, procedural, ando Logistical, financial, legal context.Best practices, common pitfalls regarding:o Intrusion Detection and Prevention strategies,o Implementation and Sustainment, ando Integration with Security Architecture, tools, and management systems.Business case evaluation criteria to help:o Evaluate and compare cost models and strategies,o Choose an appropriate service provider, offering, and features, ando Define Performance and Security Service Level Agreements (SLAs/SSLAs).© Copyright 2012, Cloud Security Alliance. All rights reserved. 14
CLOUD SECURITY ALLIANCE SecaaS Implementation Guidance, Category 6: Intrusion Management3.0 Considerations and Concerns3.1 ConsiderationsAs a consumer of IM SecaaS, identify that interfaces or mechanisms are available to get events into and out ofthe service, as well as how reporting will be done. Providers will need to identify and document all the differentways that they support getting data into their service.If the IM SecaaS already has the consumer’s cloud providers as an integration point, this could significantlyincrease the speed of deployment and likelihood of success.3.1.1 Service Level Agreement LanguageFor the Service Level Agreement (SLA), the consumer needs to ensure that the terms in the SLA are consistentwith, and meet the requirements of, its information security policy (and likely its Incident Response Policy), aswell as any operational requirements that have been defined. Currently, the language in most SLA contracts isvery favorable to the provider, and consumers should require that IM providers have ways to meet theirbusiness requirements; they should not change their business requirements to meet what the IM provider candeliver. The consumer should ensure the following items are covered in the SLA, at a minimum:Performance requirementsBandwidth requirementsDetection and protection requirementsPacket management responsibilitiesIM SecaaS providers should have the ability to enter into custom SLAs that are achievable for them. They shouldnot expect all clients to fit a cookie cutter approach.3.1.2 Financial ConsiderationsCost of “bandwidth” for getting events into the IM SecaaS should not be overlooked and could be considerable,depending on the sources of information that are included.3.1.3 Technical ConsiderationsAre the events/alerts that are sent from IM SecaaS to consumer sent in a standard format? Is theformat proprietary? Consider if vendor lock-in could be a concern.What about short lived instances? Host Intrusion Detections System (HIDS) and Host IntrusionPrevention System (HIPS) logs can be lost.3.1.4 Architecture Considerations© Copyright 2012, Cloud Security Alliance. All rights reserved. 15
Page 1 and 2: SecaaS Implementation GuidanceCateg
Page 3 and 4: CLOUD SECURITY ALLIANCE SecaaS Impl
Page 13: CLOUD SECURITY ALLIANCE SecaaS Impl
Page 33: CLOUD SECURITY ALLIANCE SecaaS Impl

Download - Cloud Security Alliance

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?