1. Technical Field
This disclosure relates generally to cloud-based environments and, in particular, to techniques to produce context-specific data for various purposes, such as cloud resource monitoring, data logging, compliance analysis, reporting, problem determination, and forensics, among others.
2. Background of the Related Art
Businesses often have to provide information to show compliance with different external regulations including government and industry regulations and, in addition, to demonstrate compliance with internal policies and procedures. These external regulations include, for example, the Sarbanes-Oxley (SOX) Act, the Health Insurance Portability and Accountability Act (HIPAA), and the like. Often times, compliance with these and other regulations may be shown using information contained in audit logs maintained by information technology (IT) organizations. For compliance reasons, these audit logs often are maintained for years. Audit logs are useful for checking the enforcement and effectiveness of information technology controls, accountability, and vulnerability, and/or risk analysis. An information technology organization also may use auditing of security related critical activities to aid in forensic investigations, such as security incidents that may occur. When a security incident occurs, an audit log enables an analysis of the history of activities that occurred prior to the security incident occurring. These activities include, who did what, when, where, and how. With the analysis of an audit log, appropriate corrective actions may be taken. Audit logs are typically made available in relational databases to allow easy querying of the information by reporting programs or software to generate operational and trend reports.
While compliance may be seen to ensure the ability to ensure that a security policy is enforced, compliance may also be applied to other types of policy, such as service level agreements (e.g., using timestamps on audit logs to ensure that an overall Service Level Agreement (SLA) is satisfied), legislative compliance (e.g., on control or release of privacy-related information), or even policy management itself (e.g., who changed a policy, when and how, and was it in compliance with the policy for compliance-policy-management). Further, compliance with a particular policy, or a detailed forensics examination of actions within a system, may require more than just “audit” logs. It may also require access to error and trace logs, typically used within the scope of a problem determination examination.
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser over HTTP.
Emerging cloud environments are being created out of existing IT infrastructures that are being adapted to support cloud-based services. One key characteristic of cloud computing that is different from existing environments is the requirement for so-called “multi-tenant” support, sometimes referred to as multi-customer single deployment. To satisfy this requirement, service providers have to be able to isolate different customer usage of the cloud services. In particular, customers have compliance guidelines that they follow, and need to follow, when using cloud services. These customers look to service providers to support their compliance requirements, and they desire to obtain data from the service providers to use for compliance analysis. The service providers need to supply that data, but at the same time maintain isolation between and among their specific customers that are sharing cloud resources. Generally, IT infrastructures do not allow for separating out compliance data contained in log files and audit records.
A specific problem is that cloud service providers do not have an efficient and secure mechanism by which they can obtain visibility into the cloud resources they are managing on behalf of their tenants. Secure visibility and transparency into the cloud provider's infrastructure and security controls, which can be elusive, are essential in achieving the problem of ensuring cloud computing compliance. Indeed, the problem of ensuring compliance becomes cumbersome when the resources are virtualized and spread across multiple locations and are shared by multiple projects and tenants. Also, the problem is exacerbated when cloud consumers request compliance reports (e.g., for meeting their audit requirements) in multiple contexts. As a consequence, visibility needs to be provided at various contexts, e.g., an identity context (who did what), a resource ownership context (who owns what resource), and an environment/workload context (what applications or infrastructure were used), and so forth. Indeed, often a particularly complex compliance requirement calls for visibility across many such contexts.