Proposed cloud-log standard sparks controversy

Cloud computing pushes current log management capabilities to their limit. Experts say it's time for a new standard to simplify the problem

The biggest challenges to accelerating cloud adoption is security, regulatory compliance, and transparency into transactions and systems into internal and especially outsourced cloud compute systems. In the cloud, a simple request by an end user can hit systems on the local LAN, external servers, public clouds, and any number of other resources before its complete.

That, many say, makes reading and understanding the logs of transactions that traverse highly virtualized and cloud-based systems challenging enough to call for a new cloud log standard. Not everyone agrees.

More on cloud computing and security

  • Cloud security predictions for 2011
  • The cloud log challenges are something Misha Govshteyn, VP of technology and service provider solutions at security and log management provider Alert Logic says his company was increasingly running into with their hosting service provider customers.

    "When they send us logs there is often nothing truly auditable within them," he says. "It's a mess of stuff that typical hardware and software devices throw off, but they have zero awareness of what resources are being requested: who asked for the service, what other services helped with the transaction, or even what was all actually consumed by the requestor," he says.

    To that end, Alert Logic —with support from Datapipe, Eucalyptus Systems,, Mezeo Software, and Perimeter E-Security — recently proposed a standard, CloudLog, that aims to simplify log management across cloud providers and platforms. CloudLog, currently submitted as an informational RFC (Request For Comments) to the standards track of the Internet Engineering Task Force (IETF), would simplify how to determine what virtual machines were running on what hardware, or what users, along with their associated roles, were accessing certain resources.

    "Virtual machines are spun up and down all of the time, and they come up on different physical machines. If you end up with a physical machine that was compromised, it's quite the challenge to determine which virtual machines may have been running on that machine at certain times," says John Eastman, CTO of storage services provider Mezeo Software. "All you know is that the system was in the cloud," he says.

    Eastman says that Mezeo has incorporated CloudLog, in its current state, into its Cloud Storage Platform as a way to simplify the logging of essential data. "Before we started using the CloudLog format, we had to try to figure out how to piece all of that information together, because even though we were logging it, it was tough to piece together what systems were supporting what virtual machines," he says. "Using CloudLog has helped us to address certain security objections, such as transparency into who was using exactly which virtual machine," Eastman explains.

    Not everyone is convinced that a new standard is needed, including Raffael Marty, founder and chief operating officer at cloud-based logging service, Loggly.

    "I would like to point out that the 'cloud,' be that SaaS, PaaS, or IaaS, does not require a new logging standard! We had multi-tier, as well as virtualized architectures for years and they are the real building blocks of the cloud. None of the cloud-specific attributes, like elasticity, utility-based payment, etc. require anything specific from a logging point of view," Marty wrote in his blog post, titled Why a Cloud Logging Standard Doesn't Make Any Sense.

    Marty suggested that a logging effort that could help with virtualized, asynchronous, and distributed architectures be dealt with by the Common Event Expression log standard. However, Govshteyn contends that there hasn't been a single vendor implementation of the CEE standard, nor any specification draft publication for review.

    "We need to move on this," Govshteyn says.

    George V. Hulme writes about security and technology from his home in Minneapolis. He can be found on Twitter as @georgevhulme.

    Copyright © 2011 IDG Communications, Inc.

    7 hot cybersecurity trends (and 2 going cold)