Interoperable Security Information and Event Management Framework for Multi-cloud Environment

Download PDF
Open Webpage

Jung-Hwa Ryu, Seo-Yi Kim, Ri-Yeong Kim, Yeeun Kim, Seongmin Kim, Il-Gu Lee

Published: 2024, Last Modified: 26 May 2026SecureComm (2) 2024EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Multi-cloud environments offer various technological and economic benefits over conventional single-cloud setups by leveraging resources from multiple cloud service providers (CSPs). However, these environments often overlook the related security issues. In particular, integrating services from various CSPs presents challenges in maintaining consistent security policies, making multi-cloud setups more challenging for detecting security threats related to identity and access management (IAM) with lateral movement and threat propagation. This study presents an analysis of potential IAM security threats in multi-cloud environments and proposes a new security response methodology, iSIEM (interoperable security information and event management framework), for enhancing interoperability and compatibility among security-monitoring cloud services. To achieve this goal, we derived three penetration-testing scenarios based on CloudGoat to assess real-world IAM security threats in multi-cloud settings. The iSIEM methodology supports workload mobility across clouds and addresses discrepancies in security logs across heterogeneous cloud platforms owing to mismatch judgments arising from security logs produced by each cloud’s security tools. Our evaluation shows that iSIEM enhances the efficiency of security management in multi-cloud environments, thus improving accuracy by a minimum of 10.71% and maximum of 23.08% compared to legacy security tools reliant on a single CSP.