trademark
BigData_Security_and_Privacy_Handbook
BigData_Security_and_Privacy_Handbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
9.0 Granular Audits (cont.)<br />
9.10 Create audit layer/orchestrator<br />
9.10.1 Why?<br />
To facilitate audit data analysis. As a big data infrastructure contains different<br />
components, each component has its own set of logging capabilities and log format. It<br />
is very hard, if not impossible, for an audit team to learn all the different intricacies of<br />
these logging features and formats.<br />
9.10.2 How?<br />
An audit layer can act as a middleware layer, which abstracts the underlying technical<br />
details for the auditor. The auditor communicates with the layer using an interface,<br />
which allows him/her to search. The audit layer will take care of the technical intricacies<br />
to collect the correct log files, normalize those when needed and provide information<br />
back to the auditor in terms which are understandable by the auditor. As this is<br />
complex, don’t try to build this yourself, but evaluate third-party/open-source solutions.<br />
One example is ElasticSearch. Some SIEM/log management vendors also provide<br />
solutions in this regard (e.g., Splunk, Sumologic, Loggly).<br />
CLOUD SECURITY ALLIANCE Big Data Working Group Guidance<br />
© Copyright 2016, Cloud Security Alliance. All rights reserved.<br />
52