The security of data in cloud environments has always been one of the factors assessed by organizations considering adopting a SaaS SIEM. The lower operation and maintenance costs are evident, but many security professionals have concerns about putting their data in the hands of the solution provider. This happens not only with cloud luddites, but also with those already using cloud resources while still trying to keep direct control over who can access their data. Sometimes the concerns are around the ownership of the data; the data can go to the cloud, as long as it is hosted under the organization’s own account.
Considering these requirements, Securonix developed a deployment model where customers can host the entire data ingestion pipeline and storage in resources under their own AWS account. Securonix still hosts in its AWS account the core application services, monitoring, microservices, as well as the disaster recovery for the solution. With this model, the customer can leverage all the benefits of a cloud native SIEM solution without having to send its data to be hosted in another organization’s AWS account.
This scenario is not only interesting for those with strict data ownership requirements. Some big enterprises have moved lots of data and resources to AWS and are part of the AWS Enterprise Discount Program (EDP). They may be able to get resources at a better rate than others. So why not use this better price? If you can get more S3 at a very low cost, why would you pay to use S3 at a higher price, if we could deliver the same solution to you while leveraging the resources in your account? That’s right, if you have a good price for those resources, you can pay that price when using our solution!
Another interesting reason to use what we’ve been calling the “bring your own cloud” model is when you want to access the data from other solutions in addition to the Securonix platform. Some organizations have data scientists running security use cases, such as threat hunting, leveraging general purpose data analytics tools. They want to keep doing that even when using a cloud SIEM to ingest, normalize and enrich the data. Our solution operates on an open data model and our backend is based on open technologies, such as Apache Solr and Kafka. Data is stored in accessible formats, such as Parquet files in S3. In the same way we use AWS standard offerings, such as EMR and Athena, to provide analytics for your data, you can keep doing the same. It’s easy to do that if the data is already in your own environment. Any concerns about losing the ability to access and use your security data are simply gone with this model.
Although the concept of cloud SIEM is simple, some organizations have complex requirements that can only be met by a robust and well-designed solution. A few months ago, Securonix was the only security analytics platform rated with a top score in “Deployment and data architecture” by Forrester in their “Wave: Security Analytics Platforms Scorecard, Q4 2020“. Our Shared Account Deployment model is another example of Securonix’s ability to deliver the best solution for any scenario.