Cloud computing offers a variety of benefits to enterprises, including scalability, mobility, greater choice of devices to access applications and data, and business continuity and disaster recovery. But cloud adoption can also create new challenges, such as managing a high volume of security alerts, notifications, and events when no cloud security notification definitions or feedback loop between cloud providers exists. The ONUG (Open Network User Group), an enterprise cloud community of Global 2000 companies, is currently working with major cloud providers, vendors and end-users to lay out a Cloud Security Notification Framework (CSNF).
Nick Lippis, Co-Founder and Co-Chairman and ONUG, provides more insights into the challenges that enterprises face with security notifications and the progress that ONUG has made on CSNF.
What is the Cloud Security Notification Framework?
Lippis: CSNF provides a standardized way for enterprise cloud consumers to receive security events, alarms, logs, etc., from all cloud providers. CSNF is implemented via a concept called a “decorator.” The decorator decorates security messages from AWS, GCP, Azure, IBM Cloud, and more and puts them into a common format.
This format has a range of attributions, two of which are to map security events to MITRE ATT&CK and NIST controls. This is how a common language is provided, and all providers will use standard meanings of terms. The decorator creates a common security information model, which has hugely positive implications for the industry.
Why is it vital now?
Lippis: The only thing that is holding large enterprises back from consuming more public cloud services is the lack of controls. The controls in private data centers to protect assets and govern their use are completely different in the cloud and different yet between cloud providers. No enterprise is going to give up control of its data and applications. Thus, cloud providers have not provided appropriate controls and governance of the resources their customers consume and in a way that allows them to have confidence in their security and governance.
Related to this topic is that that all large enterprises have had to spend large sums on their security infrastructure, such as (security information event and management (SIEM), security data lakes and security orchestration, automation and response (SOAR). Additionally, enterprise spending on security staff is leveling off while cloud consumption increases. Better use and automation of this infrastructure is needed to minimize the need for highly skilled staff such as data scientist to program and babysit security data lakes.
The bottom line is the status quo is running out of gas, and there will be a leveling off of cloud spend in the large enterprise if security reporting is not standardized.
What are the CSNF’s goals?
Lippis: The main goal is to reduce the toil and cognitive load that consumes so much time of SecOps professionals through automation. To accommodate this, CSNF has three goals:
- Ease ingestion of CSP security notification data into security infrastructure, such as data lakes and other security plus observability tools
- Provide CSPs translational services to understand security notifications between and across CSPs in a common way
- Extended log information field attributes to better understand context, so that cloud consumers can associate a priority to an asset they are receiving security notices on
How will end users use the framework?
Lippis: The decorator democratizes security data. There is nothing that SecOps has to do; the decorator does it for them. They will be much more productive, have much higher visibility of security events across multiple CSPs, and the vendors who sell security tools can focus on better dashboard, insights and automated response algorithms.
ONUG is advancing to the decorator’s building phase, in which CSPs will develop a prototype, collaborate with ONUG for input and guidance to assure the decorator will be well received by the community and industry at large.
A minimum demonstration of the decorator is planned at ONUG Spring, May 5-6, 2021, and an in-depth demonstration will take place at ONUG Fall, Oct. 20-21.