Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: HPE security first mindset


This is the second in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will talk about HPE’s security first mindset when building hybrid clouds. Other videos in the series can be found by searching for the tag cloudsectechvideos.

The information security industry has had many years of experience in protecting traditional on-premise data centers. As we move the operating model to the cloud, the data center is likely to move outside of the safety of the organizational perimeter, and into some degree of a shared service environment. Whilst this won’t necessarily change the security controls that an organization might use to protect the environment, the person responsible for those controls, or the way in which those controls are used, may change.

This video will look some of the principles that HPE follow when designing HPE Helion OpenStack to be a cloud platform with a security-first mindset.  HPE focuses on three main security-first principles, and these offer a very good foundation for understanding cloud security.

Firstly, we believe in the importance of shaping security standards. When you’re choosing a cloud security solution provider, it’s important to choose one who follows a standards led approach. Not only should the cloud itself be based upon standards, but ideally the solution provider should also help to shape security standards — for example, by sitting on the board of standards committees, leading industry security teams, and encouraging community collaboration.

By following a standards-based security philosophy, a solution provider will be able to continuously work to protect the hybrid cloud from the constantly changing security threat.

Secondly, we promote the importance of shared responsibility. With the move to a cloud service provider (CSP), whilst a customer can outsource full operations to a CSP, it’s important to remember that he can never outsource his organizational risk. So the customer needs to find the right level of involvement together with solution providers. The vendor may deliver best of breed security solutions, but it’s up to the company using those products to define the right security policies to protect the organizational business model and manage those security policies in a cloud based environment, following industry best practices.

Finally, we recognize the need for defense in depth. There is no silver bullet for security, and you won’t be able to buy a single solution to solve all security woes. Especially in a cloud environment, it’s important to layer different security technologies together to provide a fully redundant security architecture.

With security built into the cloud from the ground up, together with a solution provider who understands security, you’ll be able to build a cloud using some of the same security tools already in use to protect traditional IT, delivering cost savings and reducing the complexity of securing the hybrid infrastructure.



To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. Other videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author


Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan