Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: Security compliance in the cloud

SimonLeech

This is the eighth in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will look at the role of compliance in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

When talking with customers about cloud transformation, it’s always very clear to me that one of the concerns that customers have is how to ensure consistency across both the cloud, and the traditional data center environment – something that was reinforced by the recent HPE-sponsored 451 Research Group report into hybrid cloud security, which found 45% of respondents had this very concern. It’s therefore very important that customers understand what compliancy means to their business, and how this can impact a successful cloud transformation.

There are typically four areas to think about from a cloud compliance perspective:

  • Corporate policy – Organizations have spent significant amounts of time and effort creating corporate security policies for on-site systems – for example, the use of a security policy template every time a new operating system is provisioned, or a particular approach to testing and deploying security patches. But how can these same standards be applied in a cloud environment?
  • Legislation – Increasingly, organizations are faced with government or international regulations that require them to think differently about how they store and process data. For example, the new GDPR and Privacy Shield regulations that will become mandatory for any organizations processing and storing EU citizen data, forcing organizations to think about how and where they store data in the cloud.
  • Industry regulations – In addition to government regulations, there are also specific industry regulations, such as PCI-DSS for the payment card industry, HIPAA for the US health care industry, and FedRAMP for US federal agencies, that need to be complied with. These will also have an impact on how organizations in those industry sectors deal with their approach to cloud.
  • Real time data – As we’ve discussed in the previous episode, being able to correlate security information coming from on-site systems together with cloud-based systems is vital in order to create a true picture of an organization’s security and compliancy posture.

 In order for an organization to deal with the challenges introduced by compliancy, it’s important that GRC (Governance, Risk management, and Compliance) is integrated early on in the cloud lifecycle. Make sure you understand the requirements that your organization is faced with, and create the appropriate security policies to enforce these requirements. Additionally, make sure tools are in place to ensure compliancy can be monitored in real-time – or, in other words, provide continuous regulatory compliance.

It’s also important to remember that whilst you can outsource your IT operations into the cloud, you can never outsource your organizational risk. For more information, please watch the video below.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group or the Dummies Guide to Hybrid Cloud Security, HPE Edition. You can also learn more about the HPE approach to Hybrid Cloud Security on our website. Other videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and Chief Technologist Security within the Hewlett Packard Enterprise EMEA Hybrid IT Team. Within Hewlett Packard Enterprise, Mr Leech is responsible for influencing and evangelising the security strategy of the Hybrid IT team. Simon is active on Twitter as @DigitalHeMan

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all