Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What are the Principles of Cloud Security?

ChrisSteffen

This is the second blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject.  The previous blog and video discussed the topic: "What is Cloud Security?" In this installment, we will be discussing the topic: "What are the Principles of Cloud Security?"

ClouSec 101 Series.jpg

While there are many considerations for evaluating security for a possible cloud solution, Hewlett Packard Enterprise has narrowed the considerations down to three primary principles when considering security in the cloud:  shaping security standards, a shared responsibility model, and a defense in-depth approach to comprehensive information security.

Shaping Security Standards:  Not only should a cloud provider adhere to information security best practices, but they should also be providing leadership in defining those standards and best practices – a partner that brings security experts together to establish security best practices and a partner that strives for transparency and community involvement.

Picture1.jpgShared Responsibility:  A shared responsibility for information security finds and defines the right mix of vendor and customer involvement to solve the customer’s security challenges. Shared responsibility means both the vendor and customer are responsible for certain aspects of security. Most customers cannot “vendor away” their liability and regulatory considerations.  A cloud vendor will help their customers develop, deploy and configure a secure hybrid cloud, while providing ongoing training on operations and management following security best practices.

Defense In-Depth:  Many security vendors provide a single point solution or product, designed to address a specific aspect of security or compliance. A cloud provider needs to provide multiple layers of security controls, integrating numerous single point solutions to create security redundancies. Also, with an integrated approach, you can use the same security tools to protect your private cloud, public cloud and traditional IT, reducing the number of tools and reducing the complexity of securing your hybrid infrastructure.

These three security principles provide an overview of the approach that HPE takes towards securing a cloud environment. Regardless of the vendor an enterprise chooses as their cloud provider, using these three security principles when choosing their cloud solution will ensure that security considerations are appropriately addressed.

For the next blog in this series, we will discuss the cloud security topic: "What is Cloud Compliance?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

Download the whitepaper

Download the WhitepaperDownload the Whitepaper

 

0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all