Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: Security compliance in the cloud

SimonLeech

This is the eighth in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will look at the role of compliance in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

When talking with customers about cloud transformation, it’s always very clear to me that one of the concerns that customers have is how to ensure consistency across both the cloud, and the traditional data center environment – something that was reinforced by the recent HPE-sponsored 451 Research Group report into hybrid cloud security, which found 45% of respondents had this very concern. It’s therefore very important that customers understand what compliancy means to their business, and how this can impact a successful cloud transformation.

There are typically four areas to think about from a cloud compliance perspective:

  • Corporate policy – Organizations have spent significant amounts of time and effort creating corporate security policies for on-site systems – for example, the use of a security policy template every time a new operating system is provisioned, or a particular approach to testing and deploying security patches. But how can these same standards be applied in a cloud environment?
  • Legislation – Increasingly, organizations are faced with government or international regulations that require them to think differently about how they store and process data. For example, the new GDPR and Privacy Shield regulations that will become mandatory for any organizations processing and storing EU citizen data, forcing organizations to think about how and where they store data in the cloud.
  • Industry regulations – In addition to government regulations, there are also specific industry regulations, such as PCI-DSS for the payment card industry, HIPAA for the US health care industry, and FedRAMP for US federal agencies, that need to be complied with. These will also have an impact on how organizations in those industry sectors deal with their approach to cloud.
  • Real time data – As we’ve discussed in the previous episode, being able to correlate security information coming from on-site systems together with cloud-based systems is vital in order to create a true picture of an organization’s security and compliancy posture.

 In order for an organization to deal with the challenges introduced by compliancy, it’s important that GRC (Governance, Risk management, and Compliance) is integrated early on in the cloud lifecycle. Make sure you understand the requirements that your organization is faced with, and create the appropriate security policies to enforce these requirements. Additionally, make sure tools are in place to ensure compliancy can be monitored in real-time – or, in other words, provide continuous regulatory compliance.

It’s also important to remember that whilst you can outsource your IT operations into the cloud, you can never outsource your organizational risk. For more information, please watch the video below.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group or the Dummies Guide to Hybrid Cloud Security, HPE Edition. You can also learn more about the HPE approach to Hybrid Cloud Security on our website. Other videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

Events
Jan 30-31, 2018
Online
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
Online
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all