Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What is Cloud Security?

ChrisSteffen

This is the first blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject. In this installment, we will be discussing the topic: "What is Cloud Security?"

ClouSec 101 Series.jpgCloud security is the set of controls and policies that define how information (data), systems, applications and infrastructure is protected when using a cloud environment.  Often, cloud security adheres to a specific regulatory or compliance framework, depending on the computing workloads that are deployed into the cloud. 

Key capabilities that should be considered for a proper cloud security program include identity and access management, data encryption, event detection and monitoring, cloud infrastructure updating and management, and regulatory compliance certifications and standards of the cloud vendor.

An enterprise should have a reasonable expectation that the controls that exist in their on premise environments will translate to controls that they have in their cloud infrastructure. These controls may take on an additional level of complexity – as they are extended to an additional environment. The alternative is to abandon those controls entirely, and starting over with various regulatory and audit groups on an entire new set of controls – basically starting at square one.

It is also important to note the controls that the vendor / hosting provider will require the enterprise to adhere to. Many times, these controls will sync with existing controls. But occasionally, vendors will require additional controls and policies that may add additional cost and overhead to the cloud deployment. 

Cloud security is the primary concern for those looking to implement a cloud solution. According to a recent 451 Research whitepaper, security and compliance considerations were the top barriers for companies considering moving workloads to a cloud environment. 

Regardless of the vendor an enterprise chooses as their cloud provider, cloud security should be one of the top considerations when making that decision.

For the next blog in this series, we will discuss the cloud security topic: "What are the Principles of Cloud Security?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

Download the whitepaper

Download the PaperDownload the Paper

 

0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all