Alert Logic Proposes New Standard to Address Key Compliance Concerns in the Cloud
Alert Logic, the leading provider of log management, intrusion detection and cloud security solutions for enterprises and services providers, today announced it has proposed CloudLog as an informational RFC to the standards track of the Internet Engineering Task Force (IETF). While public and private cloud environments are seeing significant growth, security and compliance concerns have been a barrier for broader adoption. As stated in the RFC with regard to current virtualized environments, “there is no guarantee that the same VM image will be running on the same hardware in its next reincarnation. And there is really no clear way to determine how many users share the hardware and what are their identities and roles.” Answering these basic questions is foundational to achieving numerous compliance goals across many standards and mandates, including PCI DSS. The proposed CloudLog defines specifications for logging crucial information required to reliably answer these questions.
“Alert Logic has a long history of helping cloud and hosting service providers address the challenges of security and compliance,” said Misha Govshteyn, VP of technology and service provider solutions at Alert Logic. “However, security vendors can’t solve this problem alone. CloudLog is meant to provide a simple mechanism for everyone in the cloud technology stack to easily expose the required information in an easily consumable fashion to answer what has become a surprisingly complex question in cloud environments: who accessed which system and when?” Though still in the proposal stage to the IETF, CloudLog is garnering support from numerous players in the cloud technology ecosystem, including Ed Laczynski of Datapipe, Dr. Rich Wolski of Eucalyptus Systems, Adam Greenfield of Hosting.com, John Eastman of Mezeo Software, and John Viega of Perimeter E-Security.
Supporters of CloudLog were quoted as saying:
“We look to industry leaders like Alert Logic to provide insight and subject matter expertise so we can stay focused on our service delivery,” said Ed Laczynski of Datapipe, a leading provider of managed services and infrastructure for IT and cloud computing. “Driving this open-standard for cloud logging enables us to continue to deliver compliant solutions knowing the audit and identity logs are meaningful in our cloud environments.”
“As cloud computing achieves widespread adoption, the need for auditing and introspection becomes critical, particularly in the enterprise,” said Dr. Rich Wolski, CTO and co-founder of Eucalyptus Systems. “Private clouds will require the same levels of transparency that traditional data centers support today. A uniform and standardized way to log information will enable an ecosystem of solutions for addressing security, compliance, and performance tuning needs.”
“Hosting.com has long believed that cloud enabled logging is an underserved problem area that is critical to eventual cloud adoption by enterprises,” said Adam Greenfield, senior product manager of Hosting.com. “We are excited to work with Alert Logic on this effort and look forward to embedding the CloudLog standard into our cloud platform.”
“Although cloud storage adoption is growing because it offers reduced costs and increased scalability, the question of security still remains a barrier for some,” said John Eastman, CTO of Mezeo Software. “Incorporating the CloudLog standard into the Mezeo Cloud Storage Platform is not only key to our business to provide a mechanism to log essential data, it also helps to address objections around cloud security.”