You will want to make sure you have people in house with
the coding skills to set up the alerts that connect with each
platform. Alerts work differently with different cloud pro-
viders, so a coder needs to have a background in the partic-
ular cloud environment – or environments – you are using.
Asking a beginner to set up and manage alert processes in
the cloud could lead to failure.
The cloud providers also have basic sets of security man-
agement tools that provide a wide range of automated
alerts. These tools also carry different names – AWS Ama-
zon Inspector, Azure Sentinel, Google Cloud Security Com-
mand Center – but their service functions are basically the
same. Regardless of the platform, most of these tools get
the job done. The key difference
is, you need to take a more
direct role in configuring and
managing alerts connected to
IaaS platforms.
ing properly, but you can avoid the pain of having to do
extensive integrations, coding or addition of API
connectors.
If you are going from on-premises to the cloud, you will
want to perform a few basic functions as you design and
implement your alerting strategy:
• Know what alerts you have in your on-premises envi-
ronment. You may be able to extend or mirror in the
cloud the alerts you already have on-premises.
• Understand the security features you have in
your on-premises environment. Again, you may
be able to extend some alerting
functions into the cloud, but
chances are you will need to
broaden the management func-
tions to protect two separate
environments.
You must not make the
fatal mistake of assum-
ing it is someone else's
•
responsibility to watch
this infrastructure.
If you want to take a more active
role managing alerts – and the
events behind them – you may
need to shift to third-party
alerting tools. For example, if
you are trying to correlate the logs and audits for a security
operations center, you will want to create a management
pane to look at the appropriate alerts. Without this layer,
you could subject yourself to a stream of thousands of
alerts you do not need to view. Third-party tools like Splunk
or Exabeam provide threat detection along with that extra
management pane layer.
Cloud-native alerting tools and their third-party counter-
parts each have their own advantages. Third-party tools
are useful because they give you the greatest flexibility,
configuring alerts to a much finer degree – which events
trigger alerts, how often alerts are sent, who gets them,
how quickly the alerts are escalated and what actions are
triggered. Cloud-native tools are usually free, and they are
built for the cloud. You will have to make sure they are work-
Determine how you are going
to consume cloud services. Dif-
ferent platforms require varying
levels of oversight and different
blends of alerting capabilities.
Conclusion
One reason organizations move to the cloud is to offload to
others the management of mundane, back-end tasks. But
you must not make the fatal mistake of assuming it is some-
one else’s responsibility to watch this infrastructure. You
still need to keep track of the key facets of your business,
and implement an alerting strategy that fits your cloud
model. Without this alerting strategy, you will face risks on
a variety of fronts – everything from security breaches to
cost overruns from the overuse of cloud services. With an
alerting strategy, you will know what you own, gain more
visibility and take advantage of the many benefits the cloud
has to offer. Build the alerting strategy that will help you
sleep well at night. Good luck and reach out if you need help.
FALL 2019 | THE DOPPLER | 41