Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Post

Logs for Better Clouds - Part 9: Pay per Use

Log Reports to enable Pay-per-Use

Wow, quite a journey...

We spent time in articulating how and why logs contribute to building Trust between Cloud Providers and customers, paving the way for smoother and cleaner relationships between clients and provider.

This time, let's look at another specific use case for logs, Pay per Use enforcement, and continue bringing clarity and remove opacity from the Clouds.

Report for Billing Purposes - Pay per use
If you haven't read earlier parts of this "Logs for Better Clouds" series, we touched upon the reasons why pay-per-use is important in the context of Clouds.

Predictive rightsizing is a difficult if not impossible exercise that represents a barrier of entry for Cloud adoption. It implies either paying too much for unnecessary service, or risking Denial of Service in case we need an extra oomph.

Pay per use requires a granularity so fine that it allows visibility on exactly what resources were consumed.  The Cloud Provider then charges for these resources, not more and not less.

Looking at a back to back scenario, an organization could then use these reports in order to charge back internal organizations based on their usage.  In case of dispute, further reports based on raw logs would be available to demonstrate specific usage.

Pay-per-Use is a promise that can be fulfilled through the use of logs and log reports.

Instead of having to deploy countless number of specialized tools to monitor, follow, track and report on these minute uses of virtual IT resources, Cloud Providers can rely on the ease of deployment, ease of use and accuracy of Log Management tools.

The figure below represents an actual report from one of LogLogic's customer that shows usage of an application on a per BU Business Unit for billing purposes.  The report was generated based on raw logs, these being available to clients via search features if accuracy of the report needs to be validated and in case of dispute.

Figure 7 – Report showing actual usage for pay-per-use billing purposes

Another example is pay-per-use VM Vulnerability Management Cloud Providers. The billing charge could be based on the total number of vulnerability tests performed, which is a combination of the number of IP tested and the number of tests performed for each IP address. It is not necessarily easy to calculate this; the number of vulnerability tests depends on the type of OS, hence on the IP address, as well as the date and time in which these tests were performed, because the number of vulnerabilities changes in time and so do the number of tests.

In this scenario, a SaaS Provider properly managing logs will be able to charge their clients based on the exact number of vulnerability tests performed across the board, and provide reports to support the invoice generated.

In case of doubt, a client can always find out when an IP was scanned, and each of the tests performed through a report that details and singles out the corresponding logs.

Another example is when a SaaS CRM is able to charge enterprises for the exact usage, based on transactions and storage, users and reports. With log reports supporting all that data so that enterprises know they pay exactly for what they consumed, not more, not less.

There are countless examples of IaaS Infrastructure as a Service, PaaS Platform as a Service, and SaaS Software/Security as a Service Pay per Use opportunities.

No matter what you are asking a Provider to do for you, make sure that you get indisputable proof of your consumption in the form of reports based on logs.

More Stories By Gorka Sadowski

Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.