Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Industry Interview Series: Xavier Poisson, VP Indirect Digital Services, HPE


This is the tenth in a series of videos and blogs speaking with both HPE and external subject matter experts on various aspects of hybrid cloud security. Today we speak with Xavier Poisson, VP Indirect Digital Services at HPE, about the security issues that organizations need to consider when choosing a cloud service provider. Other videos in the series can be found by searching for the tag cloudsecinterviews.

When looking at moving to the cloud, organizations must decide which cloud service provider (CSP) will best satisfy organizational uptime, availability, and security requirements. The Cloud28+ platform offers an open community of Cloud Service Providers, Cloud Resellers, ISVs, System Integrators, and government entities dedicated to accelerating enterprise cloud adoption and to providing a digital services platform that helps customers deal with those concerns.

I took the opportunity to speak with Xavier Poisson, VP of Indirect Digital Services at HPE, to find out more about what Cloud28+ is doing to help secure enterprise clouds.

Xavier started off explaining that security in Cloud28+ is provided through a number of avenues. First, technology partners, such as Intel with the Intel Trusted Platform, use the Cloud28+ platform to educate participants about cloud security topics. Second, a number of solution partners offer SaaS and PaaS-based services related to security. Finally, the Cloud28+ platform has developed a framework that service providers can use to describe the security capabilities of their services, which ensures that the platform describes cloud security capabilities uniformly--enabling complete transparency to customers.

At HPE, our cloud experts talk with customers about finding the Right Mix of cloud services, which will typically be offered across a combination of public and private cloud platforms. As part of these discussions, the question of what responsibility the CSP has in delivering a secure public cloud is often asked.

Xavier agreed that this topic can be complicated for the end user. Often the CSP will offer a contract containing all capabilities and duties related to data protection, encryption, and availability. Yet in the case of a data breach, the responsibility for the breach falls back to the data controller or owner, which results in limited impact for the CSP.

The EU General Data Protection Regulation (GDPR) will certainly help with this issue as service providers will become more accountable for data privacy and will need to be able to demonstrate this accountability. The Cloud28+ platform also plays a role in ensuring security by making member CSPs describe their privacy and security capabilities to highlight to customers what they are offering.

Xavier also spoke about the major security concerns that customers have when choosing a CSP. Uncertainty around data privacy is a primary concern. Additionally, more customers are becoming aware of the need for improved network encryption and security, as well as better application security using tools such as HPE Fortify to improve the quality of the code that they release.

Xavier ended the discussion by providing advice to customers looking to choose a secure CSP:

  • Look at how the CSP describes the security capabilities of the services listed in their service catalog.
  • Work with CSPs who have been transparent regarding the certifications they have achieved for their cloud services, as transparency is the first part of accountability.
  • Choose CSPs who are thinking about security by design and putting security at the forefront of their offerings.

To watch the discussion in full, please click the video below:

To find out more about Cloud 28+, please visit the website. To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security, or download the HPE special edition of Hybrid Cloud Security for Dummies. Other videos in the series can be found by searching for the tag cloudsecinterviews.

0 Kudos
About the Author


Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security and Risk Management Practice within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan