Consistent Auditing in the Cloud Era
With the growth of cloud computing and the increase of customers deploying workloads in hybrid clouds, having the ability to audit information in a standard way across multiple cloud platforms has come to the forefront. The good news is that a lot of work has already been done in this area. The DMTF addressed this need with a new initiative launched last year that looks at the ability to create open standards to federate and expose auditing data for cloud consumers. While it’s still early, I expect that over time this direction will give cloud consumers more confidence that their data is safe and that they’re getting what they paid for.
In addition, the DMTF released a whitepaper earlier this year that presents several use cases that could benefit from standards interfaces and data formats. These uses cases explore a variety of scenarios that highlight the need for interoperability, including the need for cross-platform tools to validate compliance controls and security procedures adherence. Other use cases looked at the ability to verify controls around geo-location. I encourage you to read through this whitepaper, to see if you agree with the scenarios and decide if they reflect your current IT environment.
Following the whitepaper, the DMTF recently published a draft of a new specification called “Cloud Auditing Data Federation (CADF) – Data Format and Interface Definitions Specification.” This specification provides a data format and interface definitions that support the federation of normative audit event data along with domain specific identifiers and standardized event classifications to and from public clouds and / or hybrid clouds. This data can then be used to create customized reports and logs. Today there are many logs and other interfaces from which you need to understand and decode to find the needed information and there are many different codes and messages that must be understood to get a true picture. With this new standard, there is hope that over time cloud providers will be able to report information in a consistent way through a standard REST-based interface. This will enable better verification and contractual commitments by cloud consumers.
Adoption of the CADF specification as well as other open standards from cloud providers’ management platforms such as Cloud Infrastructure Management Interface (CIMI) and the Open Virtualization Format (OVF) would also go far to instill greater trust in “cloud hosted applications.” Cloud consumers rely on their service provider to deliver specific services along with associated service levels – however, once this specification is implemented, consumers will be able to have complete confidence in the provider to deliver without fail. This would be a significant step forward in fulfilling the promise of an open cloud marketplace, which I know customers are ultimately after.
What do you think about the DMTF’s whitepaper and new specification? Will these efforts help you on your cloud journey? I welcome your feedback and comments.