Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Protecting data in your hybrid cloud (Third in the Series)



In my previous blog, I discussed Hewlett Packard Enterprise (HPE) Helion’s guiding principles for hybrid cloud security: shaping security standards, a shared responsibility model, and a defense in-depth. In addition to the guiding principles, HPE has five key security capabilities for protecting your hybrid cloud—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management. In this blog, I will share information on the first of these capabilities: data-centric security for the hybrid cloud infrastructure. Cloud Security blog series HPE_Sec_Hero_400x267.jpg

Data-centric security ensures unified data protection across private cloud, public cloud and traditional IT. Confidential data should be secure at all times—at rest, in motion and in use. The typical approach to encryption is to encrypt and decrypt data at each stage, in storage, in transit over networks and in databases. As an example, sensitive data is typically encrypted when it’s stored in a storage device. When it’s retrieved, the data is decrypted. When that data is transmitted, it is encrypted, transmitted and then decrypted. Next, the data is used by the application. This process creates gaps where the data is not secured.

HPE’s data-centric security approach is different. With data-centric security, data is encrypted when first received. The data continues to be encrypted throughout its use to ensure there are no security gaps.

Gaps.jpgData-centric security employs unique HPE security technologies. HPE’s Format-Preserving Encryption (FPE) is a fundamentally new approach to encrypting structured data, such as credit card or Social Security numbers. FPE is encryption that protects the data while maintaining the data format. This allows existing applications to use encrypted data without modification. HPE Secure Stateless Tokenization (SST) solution is an advanced, patented data security technology for protection of payment card data. The advantages of HPE Secure Stateless Tokenization (SST) include random tokens with no databases, no data synchronization, no collisions, and high performance response. This new approach to tokenization helps assure protection for payment card data and significantly reduces compliancy audit scope.  HPE Stateless Key Management enables on-demand key generation and re-generation without an ever-growing key store. The result is a system that can be infinitely scaled across distributed physical and logical locations with no additional overhead. HPE employs multiple layer encryption to provide additional layers of security. With multilayer encryption, data is encrypted at the application level, tenant level and hard drive level, which ensures sensitive data is protected at all times. 


Many enterprises would like to put data in public clouds like AWS or Microsoft’s Azure, but are concerned about putting sensitive data in a public cloud. There are also concerns about encryption key management scalability and putting key management in public clouds. HPE enables enterprises to place sensitive data in public clouds by protecting sensitive data with data-centric security. Additionally, HPE’s encryption key management solution is highly scalable and allows enterprises to host encryption key management tools in a private cloud while protecting data in a public cloud. This prevents unauthorized access to keys for sensitive data held in public cloud

Combined with HPE’s three hybrid cloud security principles, the five key security capabilities—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management—provide the right mix of security for a secure hybrid cloud environment. Data-centric security delivers data encryption that never leaves a gap that could be exploited.

For the next blog in this series, I will discuss the second of the five key security capabilities: dynamic infrastructure hardening. To learn more about hybrid cloud security, download this whitepaper from 451 Research Group.

This is the third article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.





About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all