Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What is Risk Management in the Cloud?


This is the tenth and final blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject. The previous blog and video discussed the topic: "What are Cloud Security Controls?" In this installment, we will be discussing the topic: "What is Risk Management in the Cloud?"

Just like compliance in the cloud and security controls in the cloud, the way that an enterprise deals with risk in the cloud is much the same as it does with their on premise infrastructure, with the caveat that they must now also deal with ClouSec 101 Series.jpga cloud provider in addition to their own risk standards.

Managing risk is critical – a company’s IT solutions often provide a significant avenue for risk – something that can adversely affect the company. Arguably, the greatest risk to any company is their employees, which are also their greatest asset.

Some larger companies have risk management programs, and the company’s cloud solution should be included as part of that program. Using compliance and security controls, the risk manager can work with the CISO and the CIO to determine the level of risk that a cloud solution can bring to a company. For example, a company that deals with very sensitive information may have legitimate concerns about how that information is stored and treated in a cloud environment. A risk manager will evaluate the security controls in the environment and determine if the risk of migrating that data to a cloud is greater than keeping the data on premise. It is critical for the CISO / CIO to assist the risk manager in making correct and informed decisions.

Smaller companies may not have a dedicated risk manager or risk management plan – this role is filled by the CIO / CISO / CEO for the company. But the evaluation to migrate workloads to the cloud does not necessarily change. Often in smaller companies, an honest evaluation will show that migration to a cloud environment provides greater security to workloads and data than the small company can hope or afford to provide on their own.

For years, companies have lived with the belief that physical possession of their infrastructure was the best and safest way to mitigate risk. But the continuous improvements in cloud security are evolving that reality into a myth. At the end of the day, managing risk is all about how well the company’s executives sleep at night. The biggest fear is to turn on the news in the morning and find out that they were part of a huge – and very public – data breach which will have material adverse impacts on their company. Regardless of the vendor an enterprise chooses as their cloud provider, understanding and managing the risks associated with adopting a cloud infrastructure is a critical part of a company’s overall security vision and long term risk management strategy.

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

Download the whitepaper



0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

June 19 - 21
Las Vegas, NV
HPE Discover 2018 Las Vegas
Learn about all things Discover 2018 in Las Vegas, Nevada, June 19 - 21, 2018.
Read more
See posts for dates
See posts for locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
View all