Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What is Cloud Security?


This is the first blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject. In this installment, we will be discussing the topic: "What is Cloud Security?"

ClouSec 101 Series.jpgCloud security is the set of controls and policies that define how information (data), systems, applications and infrastructure is protected when using a cloud environment.  Often, cloud security adheres to a specific regulatory or compliance framework, depending on the computing workloads that are deployed into the cloud. 

Key capabilities that should be considered for a proper cloud security program include identity and access management, data encryption, event detection and monitoring, cloud infrastructure updating and management, and regulatory compliance certifications and standards of the cloud vendor.

An enterprise should have a reasonable expectation that the controls that exist in their on premise environments will translate to controls that they have in their cloud infrastructure. These controls may take on an additional level of complexity – as they are extended to an additional environment. The alternative is to abandon those controls entirely, and starting over with various regulatory and audit groups on an entire new set of controls – basically starting at square one.

It is also important to note the controls that the vendor / hosting provider will require the enterprise to adhere to. Many times, these controls will sync with existing controls. But occasionally, vendors will require additional controls and policies that may add additional cost and overhead to the cloud deployment. 

Cloud security is the primary concern for those looking to implement a cloud solution. According to a recent 451 Research whitepaper, security and compliance considerations were the top barriers for companies considering moving workloads to a cloud environment. 

Regardless of the vendor an enterprise chooses as their cloud provider, cloud security should be one of the top considerations when making that decision.

For the next blog in this series, we will discuss the cloud security topic: "What are the Principles of Cloud Security?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

Download the whitepaper

Download the PaperDownload the Paper


0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Priyanka Rai

Cloud Access Security Brokers (CASBs) are on-premises, or Cloud-based security policy enforcement points. CASBs offer secure access, Multi-factor authentication (MFA), automated provisioning for apps and devices, Single sign-on (across devices) and Enterprise mobility management.