The idea is something that we all knew had to happen, Microsoft launches a Cloud version of its operating system. Microsoft has been working on their super computer software for quite a while, with the Data center edition of their servers. Add to that Amazon Web Services supporting the Windows Cloud OS or Windows Server 2008, this starts being more interesting the more you dig into the story.
Of course we won’t see the Cloud OS until it hits the street, but if it behaves like any other cloud operating system, this makes computer security more interesting because there are now excellent ways of getting logging back to the home IT shop.
The whole idea of logging with PCI and other legal compliance like SOX is that everything has to be logged. Using windows, it is easy to make a hook to dump something to the windows operating log, along with a Linux/Unix box doing the same thing to syslog. However, many of the log events in windows are going to tie into the windows ecosystem, meaning decent log management ability with the windows system. That alone, along with a cloud based storage system might actually allow a company to meet all their needs and obligations for logging, without having to spend tons of money on a local SAN; you just move everything into the cloud.
Using the native raw storage space of the cloud, and native processing power, log management, long the bane of information security people might actually become easier, not necessarily simpler, but easier. This means that people can now track events from log to log by being able to store massive amounts of data in the database now, rather than how people have been doing it, which is to prune the database of nothing but high level alerts, or alerts that they know they want. It is easier to follow the security bouncy ball when you have the whole picture, and the whole set of logs.
It will be good to get hands on with the cloud OS and see what it really does in relationship to how a standard windows operating system works. With the Hooks for IIS logging, C2 level SQL logging, and the OS logging events, and then dumping them into the cloud for forensics, legal compliance, and other uses, this might end up being a good thing.