The new report, prepared by the SecaaS Working Group, provides guidance for best practices on “how to evaluate, architect and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructure and applications,” it said.
Numerous security vendors are now leveraging cloud-based models to deliver security solutions – a shift has occurred for a variety of reasons, including greater economies of scale and streamlined delivery mechanisms. As a result, businesses of all sizes are now faced with evaluating security solutions which run in a hosted or web-delivered environment rather than on-premises. The CSA maintains that IT managers need to understand the unique nature of cloud-delivered security offerings so that they are in a position to evaluate the offerings and to understand if they will meet their needs.
"In many conversations with IT leaders today we discovered a common problem: they need a simple way to understand systems, processes, current policies and procedures and be able to evaluate how the cloud may help them realize lower IT security costs, improve best practices, and perhaps most importantly, communicate that to their management team," said John Howe, COO at the CSA, in a blog post. "After all, a move to the cloud needs to be a strategic one."
To that end, the main thrust of the new research is to simply define what SecaaS means to organizations and provide guidance on how these new practices should be best implemented, according to Jim Reavis, co-founder and executive director for the CSA.
“Bringing event, threat and risk data seamlessly together is the foundation of SIEM, however doing it in a services model presents a variety of new challenges,” he explained. “This new guidance will go a long way to helping IT security managers, technical architects and systems managers take a more comprehensive approach to providing SIEM as a service under a Security as a Service model.”
The guidance report addresses the leveraging of cloud-based SIEM services in support of cloud environments, both public and private, hybrid environments and traditional non-cloud environments. It looks at the requirements, implementation considerations and concerns, and implementation steps as part of the many considerations for SIEM.
“The best practices in this research will serve as a foundation and critical component to deriving real value from SIEM and protecting today’s organizations against a myriad of threats,” said Matt Mosley, a senior strategist with CSA member NetIQ. “As organizations look to implement and take advantage of the potential benefits of SIEM-as-a-Service, the CSAs SIEM guidance report will play a vital role in formalizing and extending best practices as well as providing guidance on the key considerations for implementing hybrid or cloud SIEM.”