Most cloud service vendors don't provide SIEM claims, says expert

Customers may need to negotiate with public cloud providers to get event data, says CSO Chris Poulin

Security event management is a big problem for cloud vendors

Most public cloud service vendors are not providing security information and event management (SIEM) for their customers, claims Chris Poulin, Q1 Labs chief security officer.

Poulin said that although SIEM enables virtual environments to function properly in firms’ private cloud architectures, it becomes more complicated in the public cloud.

“That's because now you have a third party who isn't motivated to provide that level of visibility,” said Poulin.

He warned that public cloud providers might not even give firms access to the event, security and system log files unless this is established in initial negotiations.

SIEM has emerged as an important market for companies that need to deal with various compliance initiatives such as Sarbanes-Oxley, Basel II and PCI-DSS.

Poulin added that the SIEM industry is trying to figure out what services it should provide in the event of large enterprises moving to the public cloud in sizable numbers.

“Customers want to do far more complicated things with their own data, and I don’t think cloud providers can provide this sort of analysis yet,” explains Poulin.

As for Google and Microsoft’s public cloud services offerings, Poulin pointed out that Google could provide SIEM: “It has a business intelligence engine and it wouldn't be hard [for Google] to turn this towards SIEM instead of marketing, where it is now.”

Poulin said Microsoft provides "defence-in-depth" security but added: " Having read its Azure Services security paper, I don’t think it gets SIEM. That view isn’t reflective of Q1 Labs, it's just me personally.”