4

Under what conditions would you be comfortable storing server log data residing in a secure facility, off-premises?

When would you consider a SaaS /hosted solution and what value add should that provide?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536

2 Answers2

5

If the requirement is purely storage (no active analysis required), then it would seem sensible to encrypt the data using GPG/PGP or similar before sending to the offsite facility.

At that point from a security standpoint the primary issues are availability of the data to be accessed when required, so it'd be important for the provider to be able to prove that they take appropriate measures (backup, redundancy, DR/BCP, etc) to ensure that the data is available if needed.

If the idea is that the data will be processed at the 3rd party site and therefore needs to be processed in the clear, then the risks change substantially as there's a confidentiality/integrity risk as well.

So then it'd likely depend on what's in the logs, as there might be regulatory requirements for processing the information (eg, EU Data Protection Act), and the supplier would need to provide strong evidence that their security controls are at the same level or higher than the customer to ensure that the log data is appropriately managed.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
1

My direct observation is orgs are very accepting of securely sending and storing log data in the cloud when they have no in-house security talent and desire help with analyzing the log data.

SaaS/hosted solutions appear to be gaining in popularity and trustworthiness and they can make it easier for an org to work with an outside party hired to help analyze logs.

Trust is the key comfort measure. Trusting the keeper/maintainer of the log data & the respective infrastructure is vital (be it SaaS/hosted/or managed by in-house talent).

Tate Hansen
  • 13,714
  • 3
  • 40
  • 83