Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: Review and Summary

ChrisSteffen

 For the past several months, we have gone on an educational journey to learn mClouSec 101 Series.jpgore about the basics of information security and cloud security. Today’s blog is a summary of that series – a series of ten blogs and videos that provides the basics of information security in the cloud. In the series, we provided definitions and best practices for many of the elements that should be considered part of a cloud security program. In addition to a blog, each topic has a short video, providing some additional information on the subject.

Below is a summary of each of the topics, as well as links for more information.

What is Cloud Security?
Cloud security is the set of controls and policies that define how information (data), systems, applications and infrastructure is protected when using a cloud environment. Often, cloud security adheres to a specific regulatory or compliance framework, depending on the computing workloads that are deployed into the cloud.

What are the Principles of Cloud Security?
While there are many considerations for evaluating security for a possible cloud solution, Hewlett Packard Enterprise has narrowed the considerations down to three primary principles when considering security in the cloud: shaping security standards, a shared responsibility model, and a defense in-depth approach to comprehensive information security.

What is Cloud Compliance?
Cloud compliance is the area of hybrid cloud security which talks specifically how a company’s cloud infrastructure will be regulated, and some of the differences and similarities between the controls used to regulate on premise systems and the workloads migrated to the cloud.

What is Data Sovereignty?
Data sovereignty is the discussion around how data that has been converted into some digital form is covered by the laws and regulations in which it is located. The rules and regulations that are generally part of any data sovereignty discussion are in a near constant state of change.

What are Safe Harbor and GDPR Regulations?
The Safe Harbor Principles and the General Data Protection Regulation (GDPR) are two of the many laws / regulations that are part of the data sovereignty discussion. Specifically, the Safe Harbor Principles is an agreement between the European Union and the United States which allowed some US based companies to comply with EU Data Privacy Protection regulations. The GDPR is a new regulation adopted by the European Commission that strengthens and unifies data protection standards for citizens of the EU.

What is Identity Management?
Identity Management - sometimes also called access management or identity and access management (IAM) - is the various ways that an enterprise can use and manage to allow their employees and users to gain access to computing resources based on their identity and the rights and privileges associated with that identity.

What are Monitor, Detect and Response?
In any computing environment, the IT professionals that maintain the environment need to have visibility as to what is going on in the environment. With proper visibility, they can monitor the environment for anomalies, detect anomalies when they occur, and formulate a proper response to resolve.

What is Data Protection?
Data protection is a key capability of hybrid cloud computing and information security that explains how data is secured at all parts of the process from loss and/or corruption.

What are Cloud Security Controls?
Cloud Security controls, then, are the sets of standards that an enterprise uses to evaluate the effectiveness of the security policies and procedures implemented in their cloud environment to mitigate risk and reduce security vulnerabilities.

What is Risk Management in the Cloud?
The way that an enterprise deals with risk in the cloud is much the same as it does with their on premise infrastructure, with the caveat that they must now also deal with a cloud provider in addition to their own risk standards.

We hope that the series has been a benefit to you, and increased the awareness of these important information security considerations. Regardless of the vendor an enterprise chooses as their cloud provider, understanding these key cloud security topics will empower a company to make more informed security based decisions when adopting a cloud infrastructure and formulating the company’s overall security vision and strategy.

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

Download the whitepaper

Blog-600x200.png

0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all