Security Monitoring for Enterprises: Top 7 Considerations

Any organization that deals with customer data understands the importance of protecting their data. You need to inspire trust in your customers. In order to hand that data over in the first place, they need to rely on you as a trusted brand who protects their sensitive information. Brands who breach customer trust have a lot to lose besides their reputation: according to the World Economic Forum, there’s a potential $10 trillion in global growth from digital consumers over the next ten years. In order to unlock this potential, companies have to inspire trust and create secure experiences for their customers. According to a CA Technologies study, 48 percent of consumers stopped using a service after a reported data breach, and 50 percent of executives at companies with public data breaches have felt the long-term business impacts of that breach.

There are many tools and technologies available to help ensure a secure experience for your users. This post will focus on (an albeit important) one: security monitoring. As Sensu’s CTO, I’m clearly not unbiased, but my recommendations here come from over a decade of experience in the industry — what I’ve seen in terms of effective (and ineffective) security monitoring.

Security Monitoring: What to Look For

When evaluating any solution for its security, you’ll certainly do your due diligence and research. Here are some additional considerations to be aware of:

1. Find a solution that supports and uses standard cryptography. Make sure the company you’re evaluating is doing the latest and greatest in terms of transport layer security (TLS), including staying up to date with industry best practices around implementation and management.
2. Look for architecture that allows you to deploy in a way where you don’t have to compromise your security designs or overall security practices. Said another way: you should seek out monitoring tools that traverse your network gateways and routers, so operators don’t have to compromise security by punching holes for monitoring.
3. Seek a solution that fits your existing deployment workflows. If you have an extremely locked down (or hand-rolled) configuration management process, find a solution that’s designed to fit within that process — that doesn’t force a separate workflow onto your team.
4. Look for a monitoring tool and execution platform that empowers you to lock it down, if need be. For Sensu 1.0, that takes the form of Safe Mode, which provides an extra layer of security by ensuring that subscription checks aren’t able to be executed on a client without the client having the check definition on disk. For Sensu 2.0 (now in Beta!), we’re working on an allow list that dictates which centrally configured checks can execute. Because it’s configured on the agent itself, you can say ahead of time: “Hey agent, you’re only allowed to execute these exact commands.” This gives users the opportunity to choose which checks you configure centrally and disable them without having to do anything on the client. (You can read more about this feature and follow its progress on GitHub.)
5. Opt for open source technology. The benefits to open source from a security standpoint are multitudinousness: the entire codebase is available for your compliance team to examine and audit; it’s often backed by robust, active communities that are constantly improving the software; and it’s increasingly becoming the standard for enterprise infrastructures (as opposed to the exception). According to Google Cloud’s 2018 State of DevOps report, “58% of respondents agreed that their team made extensive use of open source components, libraries, and platforms, with over 50% agreeing that their team planned to expand the use of open source software.” And, major financial institutions are already on board: Capital One, for example, is a self-described open-source first organization — “actively using, contributing to, and managing open source software projects.”
6. Choose on-premise, or “monitoring behind the firewall,” as opposed to a SaaS solution. SaaS-based monitoring providers send your data to a third-party beyond your control, making it difficult for you to enforce your own security policies. Monitoring behind the firewall gives you ultimate control to enforce your security policies and take every precaution to ensure that customer data is secure.
7. Consider ROI by finding an efficient yet flexible monitoring tool. There are solutions that do it all: taking all your data and sending it somewhere where it’s durable, auditable, and can generate reports on it. But that comes at a high storage cost. Because it’s so cost prohibitive, organizations cut corners by monitoring less, leaving intentional holes in their visibility and reporting capabilities that can lead to even costlier breaches and downtime. A monitoring event pipeline, like Sensu, can be tailored specifically for the task you need, and is efficient with the amount of data it produces and captures.

I hope this post offered some food for thought in terms of seeking out a security monitoring solution. In future posts, we’ll dive deeper into how to secure Sensu, as well as hear from the Sensu Community. Stay tuned!