Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Regulatory Compliance in the Hybrid Cloud (Sixth in a Series)


In my previous blog, I discussed the second of five key security capabilities, dynamic infrastructure hardening, as part of Hewlett Packard Enterprise (HPE) Helion’s three guiding principles for hybrid cloud security—shaping security standards, a shared responsibility model, and a defense in-depth. The five key security capabilities for protecting your hybrid cloud are—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management. In this blog, I will share information on the fourth of these capabilities, continuous regulatory compliance.

Cloud Security blog series HPE_Sec_Hero_400x267.jpg

Regulatory compliance covers a whole host of requirements and issues. These are not just technical issues that must be dealt with, but involve serious legal issues and financial consequences if an organization is found non-compliant. There are national data sovereignty requirements to comply with and laws effecting the international storage and movement of data such as the EU Data Protection Directive and USA Patriot Act. There are both global and national regulatory requirements for securing personal health data (HIPAA, HITECH), general privacy (PII, SPI), credit information (PCI), sensitive industry data like ITAR and many, many more. Further, these regulations can change quickly with a simple legal finding or challenge, such as the striking down of the EU/USA Safe Harbour agreement, causing compliancy policies to be updated as rapidly as possible. Further complicating the matter is the proliferation of systems and devices on which the data is stored, accessed and displayed. Enterprises need to be keenly aware of where their data resides, how it is used, and who has access to it.

Hybrid infrastructure needs to be protected with continuous regulatory compliance, which is unified with policies and best practices across the hybrid IT environment, not just the hybrid cloud. Enterprises need to have a consistent compliance model across private cloud, public cloud, and traditional IT assets. Keeping data within the required country/region requires policy-based deployment, using consistent out-of-the-box templates for regulatory standards, which creates a solid regulatory compliance IT foundation.

Checking continuously for compliance drift, along with automated scanning and remediation, allows administrators to identify and fix non-compliancy issues quickly. Implementing consistent, regular, auditing and reporting processes gives the enterprise the supporting documentation needed for required “proof of compliancy.” A unified continuous regulatory compliance strategy pays significant dividends to the bottom line by directly reducing auditing compliancy costs.

HPE tools to make it easier to ensure compliance to regulatory requirements and to run reports and analyze environments for compliance drift. These capabilities greatly reduce the time and effort required for auditing. HPE tools can help enterprises generate IT-GRC reports in 5 minutes that otherwise takes 4 weeks, and run IT audits in 3 days that otherwise takes 6 weeks. This can result in enterprises achieving a 97 percent reduction in compliance and auditing effort.

Designed to ensure IT compliance at the business service level, HPE IT Operations Compliance unifies policy management across IT silos and provides visibility into the overall compliance of business services. It provides a single, flexible, policy management model for use across all resource types. This unifies the IT compliance management process across silos and provides a common definition of the desired state for automated audit and remediation. HPE Helion CloudSystem is an ideal solution for enterprises looking to deploy a compliant hybrid cloud and deliver continuous regulatory compliance at the same time.

For the next blog in this series, I will discuss the last of the five key security capabilities: shared access management. To learn more about hybrid cloud security, download the whitepapers from 451 Research Group, Embrace risk: secure your hybrid cloud from HPE and Automate IT Compliance from HPE.

This is the sixth article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.

0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all