The implementation of a cloud-based SIEM may provide benefits that traditional on-premise solutions can’t. These include scalability, security, and cost-efficiency. However, there are some things to consider before deciding if the cloud is right for you! This article will give you a headstart in your search for a SIEM solution and how to decide if cloud SIEM is the right choice for your organization.

Cloud SIEM deployment means customers don’t need to ship, receive, install and configure SIEM appliances (whether physical or virtual) before the SIEM solution can consume their first log sources. No more navigating around a data center or VPNs (Virtual Private Networks) when configuring your SIEM solution for remote access. You can access whatever you need from the SIEM user interface. You don’t have to worry about bottlenecks or downtime because cloud-based solutions offer better scalability and quicker recovery time when resources are added on the fly or if crashes happen unexpectedly.

However, there are several factors to consider when deciding whether cloud-hosted SIEM is appropriate for your organization’s needs. These include the cost of inbound network bandwidth, latency, and on-site requirements like OS updates. For instance, data generated in an IaaS environment may incur a fee of exportation. Consideration should also be given to the data treatment methodology that will comply with policy and regulatory requirements.

• Must the data be filtered, obfuscated, and encrypted for transport?
• Must data reside in specific geographic regions?
• Must it be encrypted for long-term storage?

Although this list of questions is not exhaustive, it offers a primary framework for buyers and vendors to use when determining whether cloud SIEM meets their requirements.

1. What are the technical and budgetary constraints of my cloud SIEM environment?
2. Are there costs associated with moving the data when the relationship with the cloud SIEM vendor ends?
3. Does the vendor’s licensing model allow on-demand scalability elasticity (e.g., dynamic data ingestion, compute, and storage needs)?
4. How often will information in the cloud SIEM be patched or upgraded to keep up with new threats and vulnerabilities?
5. What are the security measures taken by the vendor for operations and delivery of the SIEM solution?
6. Does the vendor offer robust data collection, transport, and storage options to support my use cases?
7. Is the SIEM solution cloud-native?
8. What are the vendor’s service level agreements (SLAs) and evidence of process maturity in delivering rapid feature, function, and content updates while maintaining product availability and functionality?
9. Can the vendor offer mature processes for deployment, management, and break-fix when using cloud SIEM?
10. What is the vendor contract charge for early termination (EX) or extension up to the end of the contract?

As cloud security solutions grow in popularity, there are some questions potential buyers should ask before purchasing to ensure they meet their needs and specific use cases. Hope that this helps you decide which SIEM solution would work best for your organization.