Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

“Mutterings” on Hybrid Cloud – Including Cloud Security!


If you haven’t seen the Trevor Potts article from The Register on hybrid cloud computing, you need to check it out. Potts provides an excellent overview of the state of cloud computing – actually providing a very comprehensive definition of “What is Cloud?” – and focuses specifically on the benefits of a hybrid cloud infrastructure. He closes with this:

In short, HPE has done this hybrid cloud infrastructure in practice already. It has done it successfully and is now ready to train its workforce more broadly in the tools, techniques and lessons learned. As I see it, HPE has settled on the right strategy. It has built up a portfolio of technologies and experience that support this strategy and has a nice list of customer wins to go to market with…Seemingly, it's only major vendor – so far - muttering "hybrid" that actually seems to know what it is doing. Let’s see how that translates into execution.

I was excited to see that our strategy of hybrid cloud computing being recognized for the forward thinking cloud infrastructure of the future. But I wanted to take a moment and discuss something that the article does not mention and I consider to be a key component to the overall hybrid cloud solution – and HPE software strategy: information security.


Potts opens the article with mention of the HPE “four areas of transformation”, and while not listing them directly, does include that they include the “buzzword heavy “hybrid infrastructure’”. While not getting into a discussion about the HPE marketing campaigns, one of the four transformation areas that HPE is focused on is Protecting your Digital Enterprise.

451 Research conducted a study, surveying IT practitioners and business leaders, and found that the greatest concerns for a business migrating their workloads to a cloud environment involve information security and regulatory compliance. HPE recognized this concern from our customers and users, and the “Protect” transformation area is focused on addressing information security and compliance considerations. In the case of the HPE hybrid cloud solution, protecting the hybrid cloud so your enterprise can innovate is one of the cores of the HPE hybrid cloud “Right Mix” solution.

HPE has identified the five key capabilities necessary for securing a hybrid cloud environment:

  • Data-centric security: Protecting data is the core of security and compliance controls. Data needs to be secured at rest, in motion and while in use. It should maintain an index with a searchable data format after it is protected and the encryption should be multi-layered.
  • Dynamic infrastructure hardening: Just like on-premises machines, the cloud infrastructure needs to be updated and hardened to reduce attack surfaces. Traffic between virtual machines needs to be secured, and core operating systems should be patched and hardened to prevent hypervisor breakouts.
  • Monitor, detect and respond to breaches and security events: Businesses need complete visibility into all parts of their hybrid cloud environments. There must be a method to collect and analyze log data from multiple sources into a single location and format. The data must be meaningful and actionable—providing specific steps and actions for a coordinated response from security teams.
  • Continuous regulatory compliance: Compliance is critical. A cloud solution must adhere to a consistent set of auditable controls across the entire hybrid cloud environment. The model should be policy-based and include integrated tools that automatically check for compliance drift against common regulatory standards.
  • Shared access management: The hybrid cloud solution must also have a common method for shared identity and access management across all components. It should include a portal for administrative functions, as well as an integration point with the established enterprise directory services. Ideally, it would also offer a federated single sign on (SSO) for multiple cloud environments.

Security Capabilities.jpg

Hybrid cloud is the cloud solution of the future, and HPE is leading the pack in hybrid cloud, with information security at the core of the solution. I encourage you to check out the links in the article to learn more about the importance of information security in any hybrid cloud solution.


0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

See posts for dates
See posts for locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all