Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Principles of Hybrid Cloud Security (Second of a Series)

ChrisSteffen

In my previous blog, I discussed some of the ways that Hewlett Packard Enterprise (HPE) can help you secure your hybrid cloud deployment, using some of the findings from 451 Research to identify security and compliance related concerns. In this blog, I wanted to share the HPE Helion guiding principles for hybrid cloud security.

Picture1.jpgHPE’s information security and compliance approach for hybrid cloud deployments is based on three philosophies, or security principles: shaping security standards, a shared responsibility model, and a defense in-depth approach to comprehensive information security.

The foundation of a trusted security solution provider requires supporting industry standards. But that’s not good enough. You want a partner that provides industry leadership by helping to define security standards that protect your hybrid infrastructure—a partner that brings security experts together to establish security best practices and a partner that strives for transparency and community involvement. HPE engineers lead the OpenStack security team, contribute to the PCI Data Security Standards organization and encourage community collaboration with HPE Threat Central. With a standards-based security philosophy, HPE is as visible as possible in every aspect of hybrid cloud security and continuously works to protect your hybrid cloud from the constantly changing security threat.

HPE believes in shared responsibility for information security, finding the right mix of involvement for customers and their security challenges. Shared responsibility means both the vendor and customer are responsible for certain aspects of security. For example, HPE develops products and services with security features, while customers define security policies and manage security from within the cloud—performing functions such as application control, data protection and access management. We help our customers develop, deploy and configure secure hybrid clouds, then provide training on operations and management following security best practices.

HPE supports a defense in-depth model for integrated, built-in security. Most security vendors provide a single point solution, addressing only one aspect of security or compliance. HPE’s hybrid cloud security provides multiple layers of security controls, creating security redundancies. For example, internal network protections exist on top of host layer protection that exist on top of application and data layer protection—no single breach can circumvent all the layers of security within the environment. HPE security solutions are built-in, not added on later. And with an integrated approach, you can use the same security tools to protect your private cloud, public cloud and traditional IT, reducing the number of tools and reducing the complexity of securing your hybrid infrastructure.

HPE’s three security principles provide an overview of the approach that HPE takes towards securing a cloud environment. The formula for confidence in securing a hybrid cloud environment rests in HPE’s five key security capabilities: a data-centric security approach; dynamic infrastructure hardening for your hybrid cloud infrastructure; the ability to monitor, detect and respond to breaches and security events with a coordinated response; maintenance of continuous regulatory compliance of your hybrid cloud environment and shared access management for identity and access management across your hybrid cloud environments. Each of these key capabilities will be discussed in greater depth in a future post in this series.

This is the second article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.

  • HPE Cloud
0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all