Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Dynamic Infrastructure Hardening in the Hybrid Cloud (Fourth in a Series)



In my previous blog, I discussed the first of five key security capabilities, data-centric security , as part of Hewlett Packard Enterprise (HPE) Helion’s three guiding principles for hybrid cloud security—shaping security standards, a shared responsibility model, and a defense in-depth. The five key security capabilities for protecting your hybrid cloud are—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management. In this blog, I will share information on the second of these capabilities, dynamic infrastructure hardening.

Cloud Security blog series HPE_Sec_Hero_400x267.jpgHybrid cloud environments are constantly changing, with new services being ordered, existing services being scaled up or down and other services being stopped. Securing the dynamic infrastructure that supports cloud services requires special consideration. Protection with dynamic infrastructure hardening involves several aspects of IT security best practices to reduce the overall attack surface. By eliminating unnecessary operating system components, the exposed IT footprint is reduced, thereby offering fewer opportunities for hackers to exploit.

Perimeter security should no longer be the core of corporate security that it once was. However, it is still important to continue implementing properly managed intrusion detection and firewalls as a component of an overall security strategy.

Network separation at both the physical and logical level, and securing virtual machine (VM) to VM traffic to create secure domains using micro-segmentation, is extremely important. Opportunities for both deliberate and inadvertent breaches are greatly reduced. When a breach does occur, it is contained and limited in scope. The HPE hybrid cloud strategy helps enterprises configure their infrastructure with security zones to provide multiple layer protection and prevent hackers from getting access to all services and infrastructure.

Critical security patches must be applied as quickly and as automatically as possible, while causing the least disruption possible to the clients. The cloud operating system and supported hypervisors must be properly configured and managed to prevent hypervisor breakouts otherwise known as Virtualized Environment Neglected Operations Manipulation (VENOM). Hewlett Packard Enterprise provides critical security patches to ensure customer’s cloud environments are protected from the latest attacks, hardening the cloud infrastructure to reduce the attack surface.

Combined with HPE’s three hybrid cloud security principles, the five key security capabilities—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management—provide the right mix of security for a secure hybrid cloud environment. HPE dynamic infrastructure hardening delivers a comprehensive defense to reduce attack surfaces with security features built-in, not bolted on, with products including HPE Helion CloudSystem, HPE Helion OpenStack® and integration with complementary security technologies from companies like Catbird®.

For the next blog in this series, I will discuss the third of the five key security capabilities: monitor, detect and respond. To learn more about hybrid cloud security, download this whitepaper from 451 Research Group.


This is the fourth article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.

0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all