There are a number of companies doing log analysis in 'the cloud' - What do people think of the security implications of this?
Your logs that are uploaded are generally inside some sort of private container, however there have been a number of high profile security concerns. This includes holes in regular open-source software as well as lax security by companies providing cloud services.
If you're uploading security logs to a remote system, and that system is compromised, you're essentially giving a blueprint for how to get into your network for those who now have your logs.
What's the best strategy for this? I have a few, each with advantages and disadvantages:
- Never use one of these services - Keep it all in house, though you lose a ton of the analytics they provide unless you've got developers inhouse to do this.
- Filter what you upload - This gives a broken picture. Partial logs don't mean much and it will be difficult to figure out what you should be filtering.
- Put your trust in them - Famous last words? I err on the side of caution and trust no-one.
Each of these has advantages and disadvantages and I'm eager to see what others feel.