A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure.
The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries.
Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service.
An engineer, who is designing the new service, is deciding how to segment customers.
Which of the following is the BEST statement for the engineer to take into consideration?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The engineer designing the new log aggregation service for a managed service provider needs to consider several factors, including the types of logs that will be collected and the sensitive nature of some entries. Additionally, the engineer must consider how to segment customers in the service.
Option A: Single-tenancy is often more expensive and has less efficient resource utilization. Multitenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.
Single-tenancy means that each customer has their own dedicated instance of the service, while multitenancy means that multiple customers share the same instance. While single-tenancy provides more isolation between customers and reduces the risk of cross-customer exposure in the event of service vulnerabilities, it is often more expensive and has less efficient resource utilization.
Multitenancy, on the other hand, allows for better resource utilization and cost efficiency, but it may increase the risk of cross-customer exposure if a vulnerability is found in the service. However, this risk can be mitigated through appropriate security controls such as access controls, data encryption, and monitoring.
Option B: The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls.
Outsourcing security to an existing cloud company can provide benefits such as faster deployment and well-tested security controls. However, the managed service provider still has a responsibility to ensure the security of the service, and outsourcing does not absolve them of this responsibility. Additionally, outsourcing can introduce new risks, such as third-party dependencies and loss of control over security policies.
Option C: Due to the likelihood of large log volumes, the service provider should use a multitenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
This option takes into consideration the large volumes of logs that are likely to be collected and suggests a multitenancy model for the data storage tier, which can provide cost efficiencies. Data deduplication can further reduce storage costs by eliminating redundant data. Encrypting data at rest provides additional security for sensitive log entries.
Option D: The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.
This option suggests giving customers on-premises appliances, which can provide additional control and security. However, this approach can be expensive and complex to manage, and it may not be practical for all customers. Additionally, installing agents on endpoints can introduce security risks if not properly managed.
In summary, the engineer needs to consider the trade-offs between single-tenancy and multitenancy, as well as the costs and benefits of outsourcing security. Additionally, the engineer should consider the likely volume of logs, the need for cost efficiency, and the sensitivity of some log entries when deciding on a segmentation model. The most secure approach may involve on-premises appliances and endpoint agents, but this approach may not be practical for all customers.