Data Audit
Conduct a data audit to regularly review, inventory, and inspect the usage and condition of data.
- key elements of a data audit policy:
- audit periods
- audit scope
- audit responsibilities
- internal/external
- audit processes and procedures
- applicable regulations
- monitoring, maintenance, and enforcement
- audits are predicated on logging
- event logging
- security logging
- traffic logging
- etc.
- log review and audit is a specialized task for personnel with specific training
- log analysis for cloud requires additional specialized knowledge
- common issues with log review:
- log review and analysis is not often a priority
- no dedicated personnel to log review
- is an additional duty of existing departments
- automation helps, but requires configuration and maintenance
- Log review is mundane and repetitive
- volume of logs can result in lack of attention to monitors
- Reviewer needs to understand the operation
- needs to understand authorized vs unauthorized activity
- Logging can be expensive
- Logs can take up lots of space and time
- comes with additional software to manage
- log review and analysis is not often a priority
Audit Mechanisms
- 3 areas of audit mechanism and implementation for CCSP:
- Log collection
- log collection in cloud environments has advantages and challenges
- cloud providers often have native log collection tools
- multi-cloud, SaaS, hybrid cloud, and on-prem can make log collection difficult
- Log correlation
- need to correlate logs together for a better understanding of events
- can be difficult with multi-cloud and complex environments
- SIEM tools help simplify this
- Packet capture
- auditing cloud and on-prem systems can require packet capture to validate traffic flows
- cloud makes packet capture very difficult, or impossible
- need to consider the architectural, technical, and contractual limits CSPs may have
- generally, packet capture is not available for most SaaS and PaaS environments without direct vendor involvement
- Log collection