Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Shared Access Management in a Hybrid Cloud (Final Blog of the Series)

ChrisSteffen

In my previous blog, I discussed the second of five key security capabilities, dynamic infrastructure hardening, as part of Hewlett Packard Enterprise (HPE) Helion’s three guiding principles for hybrid cloud security—shaping security standards, a shared responsibility model, and a defense in-depth. The five key security capabilities for protecting your hybrid cloud are—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management. In this blog, I will share information on the fifth of these capabilities, shared access management.

Picture1.jpg

Hybrid clouds introduce new challenges to the enterprise for managing verification and access to cloud resources. The last thing an enterprise needs to manage is two or more completely separate and independent access control systems, one for the private cloud and another for public cloud resources. Ongoing strategies to consolidate data centers and increase the use of shared IT services offer the benefit of lowered costs but also require new identity and access management (IAM) approaches and technology. Because information may no longer reside within a specific enterprise, but rather in a remotely operated and managed environment such as the cloud, new capabilities to control access to applications and information resources must be deployed by the information “owner” rather than the hosting organization.

The enterprise hybrid cloud needs to be protected with shared access management. IT management policies need to maintain and enforce consistent access policies across all environments, both internal and external. Properly implemented, access policies ensure people do not get access to things that they shouldn’t. IAM systems must provision users in accordance with established policies and practices appropriate for a “shared” service. The IAM system must not only manage access as defined by the policies, but also provide appropriate auditing for verification purposes. As an organization’s or user’s needs change, the IAM technology must be flexible enough to allow those changes in a timely manner. The use of federated identity provides a proven solution to the challenge of managing users in the cloud, as well as those within the organization’s own environment.

HPE cloud management tools within HPE Cloud Service Automation and HPE Helion OpenStack, support role-based access and access control. HPE Propel software implements a flexible cloud-based end-user IT services portal that provides a single user experience whether using traditional IT services, private cloud or public cloud services. The solution includes an end-user self-service portal and an aggregated IT role-based service catalog. Users can be limited to only ordering cloud services they should have access to. Administrative management has separate access controls to prevent users from accessing administrative controls. Multiple catalogs can be created for different audiences to help control which users have access to services—and integration with enterprise directory services simplifies shared access management.

Series Summary

When building out your hybrid IT infrastructure, security needs to be designed in from the start. HPE’s three hybrid cloud security principles—Shaping security standards, shared responsibility and defense in-depth—provide a strategic foundation for the new style of protection needed in today’s hybrid world. These principles drive the five key security capabilities, which gives your enterprise the confidence to use public and private cloud resources as a strategic IT tool, allowing your business to be more cost effective and agile. In summary:

• Data-Centric Security protects sensitive data at rest, in motion and in use across hybrid infrastructure
• Dynamic Infrastructure Hardening prevents hypervisor breakouts, reduces attack service and protects changing hybrid infrastructure
• Monitoring, Detecting and Responding uses big data to collect, normalize and correlate data to quickly respond to threats
• Continuous Regulatory Compliance allows you to meet government, industry and internal compliance requirements, which helps reduce the effort to complete audits
• Shared Access Management Control provides role-based access to services and integration with enterprise directories

The move to hybrid cloud can be properly secured using products, tools and processes that are available today, but an integrated approach is required. The key to creating a secure hybrid cloud infrastructure is to treat security as something that should be built-in to the IT cloud strategy and its design, not just bolted on as an afterthought.

Finding your right mix, backed by a security-first mindset, allows you to take full advantage of both private and public cloud technologies. Thousands of customers across a variety of market segments have built their hybrid infrastructure with Hewlett Packard Enterprise security concepts and products. HPE Helion allows you to embrace risk knowing your cloud is secure.

To learn more about hybrid cloud security, download the whitepapers from 451 Research Group, Embrace risk: secure your hybrid cloud from HPEAutomate IT Compliance from HPE.Identity and Access Management of the Future from HPE.

This is the seventh and final article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.

  • HPE Cloud
0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all