Cloud security monitoring

- [Instructor] So let's now talk about cloud security monitoring. What's important here is that this type of monitoring looks at security systems and their ability to protect. You're maybe wondering why cloud computing monitoring and security are joined. The reality is that effective security is proactive. I can see systems attack based on the way my system performs, based on IP addresses that are coming in from perhaps out of the country, based on the system behaving in a certain way that tells me that there's some compromise that may be going on.

Nine times out of 10 we find that these metrics are more important to us stopping a breech than the current security mechanisms that are there. So the foundations of monitoring and operation, security is one of the underpinnings for how we deal with monitoring and operations. So security is about dealing with the underlying system in terms of how it's behaving and monitoring certain metrics, and you'll see the word metrics when we go through the demo, in terms of how the system is dealing with the current load that's being placed upon it.

What we're doing with security is looking for changes, in other words if the system is operating within certain parameters such as performance and such as capacity and such as cost. If it falls out of those parameters, either below or above, there could be a potential security breech and we're going to automate a corrective action that is going to occur, least of which is letting a human know so they can get in there and figure out if something is actually occurring. So cloud security entails security systems, identity access management encryption systems, things like that that are already systemic to your cloud, security logging and trends, the ability to detect failures.

For example if three or four failures are coming from a particular IP address and they keep getting locked out and then the same IP address is continually trying to access the system, then that's a trend you want to spot and that's corrective action you want to take. Then corrective action, in other words what we're going to do. Once we've found the issue, we're dealing with the security system, we found some type of potential breech. What corrective action needs to occur? In many cases, we're going to lock out the particular IP address. We're not going to allow it to access the system until we determine what's going on.

So the technology needed is, number one, trending, we need to figure out how things are going and metrics that we're going to monitor and how it's going to deal with security issues, alerts, letting someone know that the issue is occurring, automation, the ability to take some sort of automated action based on a certain thing occurring. So in other words alert will notify human. If that human's asleep, we still want to be able to protect your system and we still want to implement automated solutions to go off and protect it.

Logging, the ability to understand what's occurring over a long period of time in terms of who's accessing the system and what they're doing, and then defense, the ability to set up a defense around a particular security action that maybe determine from trending, alerts, automation, logging, all the things we just talked about.