Compensating Controls in a Hybrid Cloud

So I’d never hear of “compensating controls in a hybrid cloud” before.  I learned about today while reading the CCSP book. I knew the concept, but never formally. I’ve always made a point to keep things monitored. I’ve also implemented redundant monitoring  before. But reading about this has made me want to standardize this technique as a new baseline going forward.

CCSP Logo on the Compensating Controls post pageI’m envisioning redundant systems with automatic provisioning. One set to a higher warning threshold. Icinga2 and LibreNMS perhaps? Will have to include the deployment of their configuration into the system build process. Though I could also  automate it externally I suppose.  I already have Icinga2 pulling computer objects directly from Active Directory via LDAP query. That works well. I’ll need something similar for Libre though. Still, that shouldn’t be a heavy lift.

I also want to check into Azure specific offerings. I know they have Azure Monitor. But having recently discovered Operations Management Suite. I’m now wondering what else is out there.

Another thing to consider would be automatic remediation actions. With two monitoring systems it’s possible for both  to attempt remediation.  This could lead to some undesired and potentially unexpected behavior. So there would have to be some more logic in B to detect if A had run. If it had, B wouldn’t do so as well.

Probably something like a log file would do the job. If system A runs the last step is to log “success” in a file. System B looks for that file entry before  running. If system A is down or fail, system B will act.

Anyway, there’s my thoughts for today. Time to start work.  Check out some other professional development posts .