SOCaaS: Security Operations Center as a Service for Cloud Computing Environments

The management of information security operations is a complex task, especially in a cloud environment.  The cloud service layers and multi-tenancy architecture creates a complex environment in which to develop and manage an information security incident management and compliance program. This paper presents a novel security operations center (SOC) framework as a service for cloud service providers and customers. The goal is to protect cloud services against new and existing attacks as well as comply with security policies and regulatory requirements. The SOCaaS design is based on multi-governance and defense in depth models and fits within the multi-tenancy cloud services. A SOCaaS provider is a trusted entity that collects event and system logs from cloud systems to ensure proactive incident management and compliance with regulations. The proposed approach provides better managed services for customers wanting to outsource their information security operations to attain reliable, transparent, and efficient security and privacy.

[1]  Eoghan Casey,et al.  Digital Evidence and Computer Crime , 2000 .

[2]  Eoghan Casey,et al.  Digital Evidence and Computer Crime - Forensic Science, Computers and the Internet, 3rd Edition , 2011 .

[3]  Stefan Fenz,et al.  SIEM-based framework for security controls automation , 2012, Inf. Manag. Comput. Secur..

[4]  Thomas Finne,et al.  A conceptual framework for information security management , 1998, Comput. Secur..

[5]  Yves Deswarte,et al.  An Approach for Security Evaluation and Analysis in Cloud Computing , 2013 .

[6]  Hanady M. Abdulsalam,et al.  SECaaS: security as a service for cloud-based applications , 2011 .

[7]  Brett van Niekerk,et al.  Cloud-based security mechanisms for critical information infrastructure protection , 2013, 2013 International Conference on Adaptive Science and Technology.

[8]  A. Blumstein,et al.  Deterrence and incapacitation : estimating the effects of criminal sanctions on crime rates , 1980 .

[9]  Muttukrishnan Rajarajan,et al.  Trust Model for Optimized Cloud Services , 2012, IFIPTM.

[10]  T. Aaron Gulliver,et al.  CCIPS: A Cooperative Intrusion Detection and Prevention Framework for Cloud Services , 2014 .

[11]  Lori M. Kaufman,et al.  Can Public-Cloud Security Meet Its Unique Challenges? , 2010, IEEE Security & Privacy.

[12]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[13]  M. Kozlovszky,et al.  IaaS type Cloud infrastructure assessment and monitoring , 2013, 2013 36th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[14]  Hiroyuki Sato,et al.  A Cloud Trust Model in a Security Aware Cloud , 2010, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet.