Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What is Data Protection?


This is the eighth blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject.  The previous blog and video discussed the topic: "What are Monitor, Detect and Response?" In this installment, we will be discussing the topic: "What is Data Protection?"

Data protection is a key capability of hybrid cloud computing and information security that explains how data is secured at all parts of the process from loss and/or corruption.ClouSec 101 Series.jpg


As part of any cloud infrastructure solution, how data is handled and secured is paramount. A data-centric security model ensures unified data protection across private cloud, public cloud and traditional IT.


The best approach is to secure the data at every stage: when it is being stored (at rest), when it is being sent across a network (In motion) and when being used by an application or database (in use). Any data encryption and cloud solution should have a method of protecting data in all of it various stages.

Data protection can also include data classification, which is the determination of the type of data, as well as the sensitivity of the data. Some data may be sensitive to a particular business process or priority (financial data, intellectual property), while some data may be deemed sensitive by a governmental regulatory DataProtection.jpgrequirement (personally identifiable information such as Social Security numbers (SSNs), driver’s license numbers, credit card and bank account numbers). Also, completing a data inventory is the first step in fulfilling the types of privacy requests that may be required by those companies needing to comply with the newly adopted US-EU Privacy Shield agreement.

Lastly, a data protection solution must address the use and management of the keys used to encrypt the data. There are many types of key management solutions, and it is critical to find one that integrates with the cloud solution, but also meets your key management needs. Often, a cloud solution will deploy with a key management solution, eliminating the need to purchase a third party management tool.

Data protection considerations should be one of the – if not the – primary factor when selecting a cloud infrastructure solution. Understanding how the data protection strategy integrates into a company’s overall security vision is a critical component of any cloud infrastructure decisions. Regardless of the vendor an enterprise chooses as their cloud provider, understanding how data protection will be affected and implemented as part of their cloud solution will ensure that security considerations are appropriately addressed.

For the next blog in this series, we will discuss the cloud security topic: "What is Cloud Infrastructure?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all