As a vendor how should we integrate monitoring into a remote zero trust environment?
Hi all,
First let me give some context to our situation:
We are a supplier of a managed service that runs on our own physical hardware in a remote datacenter (that processes sensitive data).
Our remote service & hardware is monitored in a Zabbix instance that is located in our own datacenter.
Until recently our customers accepted having an VPN-tunnel to our hardware to make sure we are able to monitor them.
More recent customers, with more strict security principles in place, tend to dislike this way of working and mainly because of "zero trust"-principles.
What if Zabbix collects, by accident/breach, sensitive data?
For such situations we could deliver another Zabbix instance that remotely collects & stores the data (data remains on customer network).
But in such cases we have an issue to follow up:
So may question would be how would you deal with such situations?
It is also important to mention that they usually have less issues with aggregated data.
Sending out an alarm report every 5 min and pull that info into our current Zabbix, would be a workaround .
But it does not feel right and I am also curious on how this can be solved in a proper way.
Regards,
Kevn
First let me give some context to our situation:
We are a supplier of a managed service that runs on our own physical hardware in a remote datacenter (that processes sensitive data).
Our remote service & hardware is monitored in a Zabbix instance that is located in our own datacenter.
Until recently our customers accepted having an VPN-tunnel to our hardware to make sure we are able to monitor them.
More recent customers, with more strict security principles in place, tend to dislike this way of working and mainly because of "zero trust"-principles.
What if Zabbix collects, by accident/breach, sensitive data?
For such situations we could deliver another Zabbix instance that remotely collects & stores the data (data remains on customer network).
But in such cases we have an issue to follow up:
- External mailing: same issue (data could be extracted) + we don't want to monitor a mailbox
- I know, we could parse etc ...
- Dashboard monitoring (must be through jump server): here we would need someone to be watching the dashboard 24/7 ... not ideal either.
So may question would be how would you deal with such situations?
It is also important to mention that they usually have less issues with aggregated data.
Sending out an alarm report every 5 min and pull that info into our current Zabbix, would be a workaround .
But it does not feel right and I am also curious on how this can be solved in a proper way.
Regards,
Kevn