“The last few years we have seen a rise of log management and SIEM solutions aimed at compliance-aware organizations. … With software in the cloud, network, system and application logs are no longer easily accessible by IT organizations. They either have to negotiate access to these logs during contract time, or they have find new ways of monitoring user activities. Given that the IT organizations don’t ‘own’ the software, it makes it even more difficult to ‘hack’ around the system. Without access logs, IT organizations may not be able to answer simple questions from auditors, such as ‘who have accessed the financial information in the past quarter?’”

Link to Resource: Tough Security Questions for SaaS Providers

Source: Cloud Feed

SIM Resource Guide Section: Security Information Management Best Practices