Talk With an Expert

Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?

Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative? (PDF, 3.30MB)Published: 18 May, 2020
Created by
Dennis Taggart

The basic tenets of information security remain relatively unchanged even while specific examples of security-related tools, processes, and procedures may shift in popularity over time. Deciding what to prioritize and recommend as a security professional can be challenging, but the most straightforward cases are those justified by the quantitative reduction of risk. In this search for quantitative risk reduction, it is worthwhile for security professionals to consider that the methods used to fulfill basic security needs in one environment may not provide the same benefit in another. The 2019 version of the Cloud Security Alliance's Top Threats to Cloud Computing document warns of critical security issues facing public cloud consumers (Cloud Security Alliance, 2019, p.40). The CSA also acknowledges their work concentrates less on some of the more traditional security threats like 'vulnerabilities and malware', while calling for further research (Cloud Security Alliance, 2019, p.40). This whitepaper inhabits the category of additional research and also occupies a space parallel, but perhaps not identical to classical security views. This research assumes a slightly-less-traditional approach by not taking the value of flow logging, or its costs in the cloud, for granted. It further asserts that given limited resources, there may be more directly valuable logging sources available. This paper establishes a quantitative methodology for judging the effectiveness of flow and non-flow logging as applied in a public cloud environment. It exercises this methodology by simulating top cloud computing threats and examining the capabilities of each.

Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?