Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What is Data Protection?

ChrisSteffen

This is the eighth blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject.  The previous blog and video discussed the topic: "What are Monitor, Detect and Response?" In this installment, we will be discussing the topic: "What is Data Protection?"

Data protection is a key capability of hybrid cloud computing and information security that explains how data is secured at all parts of the process from loss and/or corruption.ClouSec 101 Series.jpg

 

As part of any cloud infrastructure solution, how data is handled and secured is paramount. A data-centric security model ensures unified data protection across private cloud, public cloud and traditional IT.

 

The best approach is to secure the data at every stage: when it is being stored (at rest), when it is being sent across a network (In motion) and when being used by an application or database (in use). Any data encryption and cloud solution should have a method of protecting data in all of it various stages.

Data protection can also include data classification, which is the determination of the type of data, as well as the sensitivity of the data. Some data may be sensitive to a particular business process or priority (financial data, intellectual property), while some data may be deemed sensitive by a governmental regulatory DataProtection.jpgrequirement (personally identifiable information such as Social Security numbers (SSNs), driver’s license numbers, credit card and bank account numbers). Also, completing a data inventory is the first step in fulfilling the types of privacy requests that may be required by those companies needing to comply with the newly adopted US-EU Privacy Shield agreement.

Lastly, a data protection solution must address the use and management of the keys used to encrypt the data. There are many types of key management solutions, and it is critical to find one that integrates with the cloud solution, but also meets your key management needs. Often, a cloud solution will deploy with a key management solution, eliminating the need to purchase a third party management tool.

Data protection considerations should be one of the – if not the – primary factor when selecting a cloud infrastructure solution. Understanding how the data protection strategy integrates into a company’s overall security vision is a critical component of any cloud infrastructure decisions. Regardless of the vendor an enterprise chooses as their cloud provider, understanding how data protection will be affected and implemented as part of their cloud solution will ensure that security considerations are appropriately addressed.

For the next blog in this series, we will discuss the cloud security topic: "What is Cloud Infrastructure?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all