CSNF—One Less Hurdle to Multi-Cloud
The New Security Standard for Cloud Providers
A new standard in cloud security notification is being introduced that will vastly simplify the integration of security telemetry from public cloud providers. This will enable the seamless consumption of public cloud security logs, events, and notifications into existing enterprise security frameworks, assuming all public cloud providers buy in (and most are). This blog addresses the impact on enterprises and technology providers of this exciting initiative and which of the leading cloud service providers are embracing it.
Barriers to Public Cloud Adoption
One of the challenges enterprises faced when moving to the public cloud was the lack of access and security controls, including the difficulty of integrating and monitoring the proprietary security telemetry generated by each cloud service provider (CSP) into their in-house security governance framework. Each organization was left to build or buy their own integration tools to consume, filter, transpose, and persist this data into their existing security information and event management (SIEM), security orchestration, automation, and response (SOAR), and security data lakes (SDL) infrastructure.
Differentiating Cloud Offerings—Leverage Their Strengths
As CSPs matured, their offerings began to become differentiated with one CSP perhaps a better solution for storage heavy workloads, another better for high bandwidth i/o workloads, and another for artificial intelligence (AI) workloads. Some enterprises became early adopters of multi-cloud, however when they were faced with the challenges stated above only multiplied due to the consumption of security telemetry data from disparate sources and entirely different formats.
ONUG to the Rescue
The Open-Community Network User Group (ONUG), a coalition of business and technology professionals working in collaboration with CSPs, are driving the creation of an open standard for security notification called the cloud security notification framework (CSNF). The outcome of this initiative is to have the CSPs present a uniform format of security telemetry that enables the use of NIST, MITRE, and ATT&CK standards to consume information across multiple CSPs in the same manner as they consume security data from their on-prem data centers.
Multi-Cloud Grows Up (Microsoft, Google, and IBM Play Nice)
Three of the four leading public cloud providers (Microsoft, Google, and IBM) are participating in the CNSF standard with only one of the big four abstaining (Amazon). The three CSP participants seem to appreciate the strategic importance enterprises place on the ability to leverage multi-cloud deployments to choose best-of-breed services and avoid vendor lock-in.
Technology Service Providers Can Benefit
This move will enable technology service providers that support multi-cloud from spending valuable development and testing resources ensuring their offerings work with each CSP’s different proprietary security format. These resources can now be redirected to focus on features and functions in their offerings, such as providing a richer more intuitive UX in their dashboards or working on the integration of AI technologies and automation workflows to quickly identify and remediate any incidents.
But Where Does this Leave Amazon?
This is an interesting position for Amazon to take and they run the risk of being left out in the cold for enterprises that take a multi-cloud first approach to their strategic public cloud planning. Having the ability to have disparate cloud vendors plug into an enterprises existing security governance framework is a big deal and could be a showstopper for some enterprises once CNSF is available across multiple CSPs.
The bottom line for enterprises is that this will make the move to multi-cloud and enable the migration of workloads between CSPs that much easier. The three vendors that are embracing CSNF have made other multi-cloud friendly moves in the areas of deployment and management tools, so supporting CSNF follows this trend. Time will tell whether Amazon concedes and embraces CSNF or continues to rely exclusively on its own proprietary toolset.