As more and more critical business functions depart the on-premises environment for the cloud, security operations centers (SOCs) face tough challenges in keeping up with the changes and monitoring the new environments. Some rely on vendor-provided management and security tools, some use third-party services to pull in data from their SaaS, PaaS and IaaS providers, and others build their own security portals.
INAP, a provider of data center, cloud and colocation services, faces this problem in spades. Not only does it have to manage and secure its infrastructure, but it also has to provide management and security data feeds to its customers. Since the company also manages multi-cloud instances for customers — in addition to its 600,000 square feet of data center space — it also has to manage infrastructure provided by all the major cloud vendors.
“The traditional monitoring tools don’t work in these environments,” says Jennifer Curry, INAP’s senior vice president of global cloud services. “You don’t have access to the network. You don’t have access to the underlying infrastructure.”
The cloud vendors, including Amazon, Google and Microsoft, provide data feeds. INAP uses its APIs to pull logs and other data into its system, but it’s not as straightforward as it sounds. “The scale and velocity at which we see changes when you’re utilizing APIs — it can be challenging to keep up with that,” Curry says. “It’s the nature of where we are, and of working in the cloud space. It’s evolving very rapidly. It’s constant upkeep.”
When feasible, INAP uses commercially available tools to do this, Curry says. “We’ll write a solution when we know it’s going to be changing rapidly, and we’ll want to customize it.” Right now, there’s no single platform that does everything the company needs. “We do have customizations that are a value-add for our customer base,” she says. “And a single platform won’t allow us to pull things in and out if we find something that’s more efficient.”