Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Principles of Hybrid Cloud Security (Second of a Series)


In my previous blog, I discussed some of the ways that Hewlett Packard Enterprise (HPE) can help you secure your hybrid cloud deployment, using some of the findings from 451 Research to identify security and compliance related concerns. In this blog, I wanted to share the HPE Helion guiding principles for hybrid cloud security.

Picture1.jpgHPE’s information security and compliance approach for hybrid cloud deployments is based on three philosophies, or security principles: shaping security standards, a shared responsibility model, and a defense in-depth approach to comprehensive information security.

The foundation of a trusted security solution provider requires supporting industry standards. But that’s not good enough. You want a partner that provides industry leadership by helping to define security standards that protect your hybrid infrastructure—a partner that brings security experts together to establish security best practices and a partner that strives for transparency and community involvement. HPE engineers lead the OpenStack security team, contribute to the PCI Data Security Standards organization and encourage community collaboration with HPE Threat Central. With a standards-based security philosophy, HPE is as visible as possible in every aspect of hybrid cloud security and continuously works to protect your hybrid cloud from the constantly changing security threat.

HPE believes in shared responsibility for information security, finding the right mix of involvement for customers and their security challenges. Shared responsibility means both the vendor and customer are responsible for certain aspects of security. For example, HPE develops products and services with security features, while customers define security policies and manage security from within the cloud—performing functions such as application control, data protection and access management. We help our customers develop, deploy and configure secure hybrid clouds, then provide training on operations and management following security best practices.

HPE supports a defense in-depth model for integrated, built-in security. Most security vendors provide a single point solution, addressing only one aspect of security or compliance. HPE’s hybrid cloud security provides multiple layers of security controls, creating security redundancies. For example, internal network protections exist on top of host layer protection that exist on top of application and data layer protection—no single breach can circumvent all the layers of security within the environment. HPE security solutions are built-in, not added on later. And with an integrated approach, you can use the same security tools to protect your private cloud, public cloud and traditional IT, reducing the number of tools and reducing the complexity of securing your hybrid infrastructure.

HPE’s three security principles provide an overview of the approach that HPE takes towards securing a cloud environment. The formula for confidence in securing a hybrid cloud environment rests in HPE’s five key security capabilities: a data-centric security approach; dynamic infrastructure hardening for your hybrid cloud infrastructure; the ability to monitor, detect and respond to breaches and security events with a coordinated response; maintenance of continuous regulatory compliance of your hybrid cloud environment and shared access management for identity and access management across your hybrid cloud environments. Each of these key capabilities will be discussed in greater depth in a future post in this series.

This is the second article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.

0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all