Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What are the Principles of Cloud Security?


This is the second blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject.  The previous blog and video discussed the topic: "What is Cloud Security?" In this installment, we will be discussing the topic: "What are the Principles of Cloud Security?"

ClouSec 101 Series.jpg

While there are many considerations for evaluating security for a possible cloud solution, Hewlett Packard Enterprise has narrowed the considerations down to three primary principles when considering security in the cloud:  shaping security standards, a shared responsibility model, and a defense in-depth approach to comprehensive information security.

Shaping Security Standards:  Not only should a cloud provider adhere to information security best practices, but they should also be providing leadership in defining those standards and best practices – a partner that brings security experts together to establish security best practices and a partner that strives for transparency and community involvement.

Picture1.jpgShared Responsibility:  A shared responsibility for information security finds and defines the right mix of vendor and customer involvement to solve the customer’s security challenges. Shared responsibility means both the vendor and customer are responsible for certain aspects of security. Most customers cannot “vendor away” their liability and regulatory considerations.  A cloud vendor will help their customers develop, deploy and configure a secure hybrid cloud, while providing ongoing training on operations and management following security best practices.

Defense In-Depth:  Many security vendors provide a single point solution or product, designed to address a specific aspect of security or compliance. A cloud provider needs to provide multiple layers of security controls, integrating numerous single point solutions to create security redundancies. Also, with an integrated approach, you can use the same security tools to protect your private cloud, public cloud and traditional IT, reducing the number of tools and reducing the complexity of securing your hybrid infrastructure.

These three security principles provide an overview of the approach that HPE takes towards securing a cloud environment. Regardless of the vendor an enterprise chooses as their cloud provider, using these three security principles when choosing their cloud solution will ensure that security considerations are appropriately addressed.

For the next blog in this series, we will discuss the cloud security topic: "What is Cloud Compliance?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

Download the whitepaper

Blog-600x200.pngDownload the Whitepaper


0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

See posts for
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates/locations
Reimagine 2018
Join us at one of the Reimagine 2018 stops and see how we Simplify Hybrid IT, innovate at the Intelligent Edge and bring it all together with HPE Poin...
Read more
View all