- Community Home
- >
- Software-Defined Infrastructure
- >
- Shifting to Software-Defined
- >
- Cloud Security 101: What is Cloud Compliance?
-
- Forums
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- OEM Solutions
- Servers: The Right Compute
- Shifting to Software-Defined
- Telecom IQ
- Transforming IT
- Infrastructure Solutions German
- L’Avenir de l’IT
- IT e Trasformazione Digitale
- Enterprise Topics
- ИТ для нового стиля бизнеса
- Blogs
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Forums
-
Blogs
-
InformationEnglish
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
Cloud Security 101: What is Cloud Compliance?
This is the third blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject. The previous blog and video discussed the topic: "What are the Principles of Cloud Security?" In this installment, we will be discussing the topic: "What is Cloud Compliance?"
The IT environments of today’s companies are highly regulated, not only by government regulations, but also by third parties that a company chooses to do business with. Cloud compliance is the area of hybrid cloud security which talks specifically how a company’s cloud infrastructure will be regulated, and some of the differences and similarities between the controls used to regulate on premise systems and the workloads migrated to the cloud.
Cloud compliance covers a whole host of requirements and issues: basically any issues or controls that are currently regulated for on premise systems have an analog in the cloud. There are national data sovereignty requirements to comply with and laws effecting the international storage and movement of data such as the EU Data Protection Directive and USA Patriot Act. There are both global and national regulatory requirements for securing personal health data (HIPAA, HITECH), general privacy (PII, SPI), credit information (PCI), sensitive industry data like ITAR and many, many more.
Companies should take special care when selecting a cloud provider, understanding how the cloud provider will aid in meeting the customer’s compliance controls. Many providers already have very mature programs in place to deal with common standards, and are able to map those standards to customer controls as part of their workload migration and onboarding process. It is critical that an enterprise choose cloud vendors that are able to meet or exceed their security and compliance standards – mapping and assisting in audit and compliance activities should be delineated in contracts and service level agreements before any workload migrations start. With the variety of cloud solutions in the marketplace, a solution exists that will mesh with a company’s compliance concerns, and allow them to maintain the progress in security and compliance maturity they had achieved before migrating to the cloud.
According to a recent 451 Research report, compliance related concerns are the most significant barrier to cloud adoption. Understanding how cloud compliance solutions fit with a company’s overall security vision is a critical component of any cloud infrastructure decisions. Regardless of the vendor an enterprise chooses as their cloud provider, understanding how cloud compliance will be affected and implemented as part of their cloud solution will ensure that security considerations are appropriately addressed.
For the next blog in this series, we will discuss the cloud security topic: "What is Data Sovereignty?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.
ChrisSteffen
Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.
- Back to Blog
- Newer Article
- Older Article
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
- Dwinake Smith on: HPE announces improved provisioning, compliance en...
- Troy TIner on: How Workload-Aware Networks Work
- Kyle Atwood on: SAP HANA gets certified on HPE SimpliVity - why th...
- joe allen on: How VM data is managed within an HPE SimpliVity cl...
- DriverMy on: Wanted: A Better Way to Manage and Optimize Multi-...
- Mr Hard Stone on: Simplified Management – Operate HPE SimpliVity dat...
- Chansta on: HPE at Google Next event, July 24-26
- BradV on: HPE simplifies infrastructure management with anno...
- Jeroen_Kleen on: HPE announces 1 million HPE OneView licenses and u...
- Jeroen_Kleen on: Cost and Utilization Challenges of a Hybrid Cloud ...
-
Cloud
268 -
Composable Infrastructure
308 -
Converged Management
63 -
Hyper Converged
196 -
Security
1 -
virtualization.
1
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2019 Hewlett Packard Enterprise Development LP