Conducting security monitoring and audit trails
Monitoring is a crucial part of security in the cloud. Monitoring in the context of cloud security is about logging activities done on your cloud environments, such as user login events (both success and failure), actions taken (who did what and when, and what was the end result – success or failure), documenting all actions done (also known as an audit trail), storing events in a central repository with limited access to logs (according to the need to know concept), raising alerts according to pre-configured rules (for example, only alert me when the root account or administrator managed to successfully log in to the management console), and being able to take actions.
In cloud environments, all resources are based on APIs, which allows us to deploy the resources and make changes to them. We control cloud resources (as we have seen in previous chapters) using security controls (from security groups through a WAF. All cloud...
