Abstract

The management of information security operations is a complex task, especially in a cloud environment.  The cloud service layers and multi-tenancy architecture creates a complex environment in which to develop and manage an information security incident management and compliance program. This paper presents a novel security operations center (SOC) framework as a service for cloud service providers and customers. The goal is to protect cloud services against new and existing attacks as well as comply with security policies and regulatory requirements. The SOCaaS design is based on multi-governance and defense in depth models and fits within the multi-tenancy cloud services. A SOCaaS provider is a trusted entity that collects event and system logs from cloud systems to ensure proactive incident management and compliance with regulations. The proposed approach provides better managed services for customers wanting to outsource their information security operations to attain reliable, transparent, and efficient security and privacy.