Should You Monitor Your Cloud Assets Internally or Outsource the Job?

Most organizations and industries now use cloud service providers, or CSPs, to host systems and services. This may take the form of IaaS, PaaS, or SaaS (see box), depending on the needs of the business. As part of their service agreements, CSPs are typically required to submit third-party assurance reports such as International Organization for Standardization (ISO), Payment Card Industry (PCI), or Service Organization Control (SOC) to demonstrate compliance with specific regulations and their adherence to contractual obligations.

IaaS – Infrastructure as a service. Networking and computing resources offered by service providers.

PaaS – Platform as a service. Service or application platforms which allow customers to provision, instantiate, run, and manage a computing platform and one or more applications.

SaaS – Software as a service. Delivery of applications from a centrally hosted location, through internet connectivity.

XaaS – X as a service, often used to refer to anything as a service.


For greater transparency into their cloud-based systems, most organizations also employ one or both of two methods for monitoring CSPs: cloud monitoring tools or managed services.

Cloud monitoring tools are similar to other IT tools in that they are configured for a system and typically monitor through an installed agent or via an API collecting data from the target system. The tools collect data about specific metrics, such as uptime, health, resource allocation, resource usage, and active/idle connections, and may generate alerts based on thresholds or events. The alerts may be sent to a system dashboard, or other form of external communication, such as email or text message.

With managed services arrangements, third parties use a suite of tools to simplify the monitoring process for system owners and help prioritize responses. Monitoring services ingest monitoring data, filter through that data, and alert the system owner when action is required, and at agreed-upon intervals to facilitate oversight.

Several factors should be taken into account in deciding whether to use internal monitoring tools or to outsource these services. Consider the following questions and risks:

  • What are the business/operational requirements for maintaining visibility?
  • Are there regulatory requirements that may be affected or relevant?
  • Would other contractual obligations be impacted by sharing monitoring data with third parties?
  • How would access be granted, and data transmitted, to the in-house tool or monitoring service? Is this method easily secured and encrypted within acceptable levels?
  • Do we have systems or service providers already in place that can monitor cloud assets?
  • Do we have in-house employees with the skills to monitor these systems? If so, do they have capacity to monitor additional systems?
  • How does total cost of ownership for implementing a monitoring tool(s) in-house compare to hiring an outsourced monitoring service?  (At a minimum, the analysis of tools cost should include costs of software, hardware, training, and salary for any additional personnel required. Analysis of outsourced monitoring services should incorporate  one-time implementation costs, base subscription fees, incidental fees and any known recurring costs.)

This is not an exhaustive list, and organizations will need to address other questions based on their unique characteristics. To find out how Weaver can assist your organization with customized cloud monitoring programs, contact us. We are here to help.