CSNF: Open Approach to Multi-Cloud Security Notifications

Public cloud spending, which is expected to reach an astounding $110.5 billion dollars by 2024, has brought a wave of worry upon every large enterprise. As public cloud consumption increases at a linear rate, the volume of security alerts and notifications is rising exponentially. And with no common definitions or syntax for these security events, the multi-cloud consumer’s SecOps teams are forced to drive up tools and personnel spending to maintain a minimum viable security posture across their data.

To solve this notification crisis, cloud providers like Microsoft, IBM and Google have been working alongside enterprise cloud consumers through the ONUG Collaborative to develop the Cloud Security Notification Framework or CSNF. The goal of CSNF is to make a common open source security notification framework available across the industry so that automated cloud governance and policies can become a reality.

Here’s a deeper look at how a standardized framework like CSNF achieves positive outcomes for all parties involved in cloud computing:

Solving the problem

Over the past nine months, the top cloud service providers have been working with enterprise cloud consumers like FedEx, Cigna, Raytheon Technologies, Goldman Sachs, etc., listening to their challenges of operationalizing hybrid and multi-cloud developments. Through these sessions, standard requirements were developed for a CSNF “decorator.” The decorator aims to provide cloud consumers with an ability to “decorate” and enrich security events and alarms with additional context to improve understanding. This, in turn, would increase the consumer’s ability to determine the most critical notifications.

For cloud providers and consumers alike, running a security platform calls for time-consuming and costly integration efforts to bring log files in from disparate sources, like asset inventory, vulnerability assessment, endpoint angles, IDS products, and security alerts. With a standardized framework such as CSNF, notifications can be formed to simplify integration efforts and enhance contextual processing for a whole cloud ecosystem. As market adoption progresses, cloud providers, consumers, and industry vendors alike will witness transformations that result in productivity optimization.

• Cloud consumers: In addition to streamlining operations for enterprise cloud consumers, CSNF would provide greater control and visibility over the security posture of their assets. The rise in cloud governance throughout consumers also would provide greater control and protection, thus encouraging further cloud consumption from any provider.

• Cloud service providers: A unified framework would erase the barrier-to-entry that hinders an enterprise consumer from using more services from a specific cloud provider. In addition, a rise in consumer cloud governance would allow for added control and security, thus encouraging additional cloud consumption from multiple cloud providers and increasing provider revenue.

• Vendors: Cloud industry vendors that maintain security software and tools as a service are also allocating more funds to engineering resources. These resources need to specialize in each cloud provider’s ton mengineering needs and labor, vendors could focus on developing new products and operations that benefit end-users.

Everyone involved in the cloud security ecosystem would have to endure this change together, but eliminating the friction associated with security events would offer a more stable environment for years to come. In facing the current notification crisis with a standardized CSNF solution, the goal is to allow for a common information model so all industry players can work more efficiently.

What’s up next for multi-cloud CSNF

Enterprise multi-cloud consumers have provided the aggregate requirements, and CSNF has entered the building phase. Cloud providers are at work developing the prototype, while consumers are providing guidance to ensure the acceptance of CSNF by the community and industry as a whole.

The pandemic has accelerated the cloud adoption process for almost all organizations worldwide. As a result, a decrease in IT noise must be a priority for businesses to operate efficiently. By bringing the largest cloud service providers and consumers together, ONUG will ensure that all parties involved will have the resources needed to execute a smooth transition within their organization.