Chapter 7

Logging and Orchestration

Evil events from evil causes spring.

—Aristophanes

You can't play a symphony alone; it takes an orchestra to play it.

—Navjot Singh Sidhu

Log and event management is an essential component of cloud compliance. Collecting and analyzing logs can help you answer key questions about who or what is accessing your environment and what, if anything, was changed. You should ask yourself these questions before the auditors do.

Orchestration is a major underpinning of cloud services. The scale, agility, and self-service associated with cloud services require it. Orchestration involves finding areas of operations to reduce the overall amount of effort required to perform business-related functions. It eliminates certain repetitive tasks by automating the selection of common and easily assembled choices or using information from one component to configure other components.

Logging Events

Security Information and Event Management (SIEM) is a broad term that encompasses managing information about the security of your environment. You can distill SIEM to a few simple questions:

• What is the current state of your environment?
• What just happened?
• Was it in compliance with your policies?

It's that simple. The simplicity of the task, however, belies the complexity of accomplishing it in practice. With hundreds of products producing logs; myriad IT policies about access; dozens of products for consuming, analyzing, and reporting on logs; along with a host of orchestration ...