Pain points CSNF is being created to solve

Technologists from a number of different companies have come together to develop a solution for creating multi-cloud security notifications. The result is the Cloud Security Notification Framework (CSNF) Decorator, the first public demo of which will take place at ONUG Fall ‘21 next week.  

According to a document released by the ONUG Collaborative Automated Cloud Governance Working Group earlier this year, the CSNF decorator augments security events with contextual information, allowing security teams to better identify security events. 

ONUG explained in a demo recently that having standard definitions and syntax across cloud security providers (CSPs) are necessary in applying automation to security infrastructure. Key benefits include eliminating gaps in the minimal viable security posture, allowing engineers to focus on posture assessment instead of operational activities, and linking cloud security to business value creation.

According to ONUG, the CSNF decorator provides two important services:

  1. A translation between CSPs to a standard model
  2. Enrichment of logs and events. 

The outcomes of the decorator will allow IT professionals to interpret security events and alerts from CSP logs using standards like NIST or MITRE ATT&CK.

According to Nick Lippis, co-founder and co-chair of ONUG, CSNF will be a very community-driven effort. As such, a call to action will be made available to the community next week at ONUG Fall ‘21.

The CSNF effort has been initially driven by developers from Microsoft Azure, Google Cloud, IBM Cloud, Raytheon, FedEx, Cigna, Goldman Sachs, Pfizer, Cisco, and more. 

“The overall vision was to create an open community, enable consumers to easily consume alerts or signals from multiple providers, cloud producers, or even data providers in a consistent or standardized manner,” said Preeti Krishna, principal product manager of Cloud Security at Microsoft and active contributor to the ONUG Automated Cloud Governance working group.