Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: Security visibility in the cloud


This is the seventh in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will discuss the importance of security visibility in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

We’re at a pivotal point in the evolution of security monitoring. Whilst it’s now fairly commonplace for an enterprise to operate or outsource a 24x7 SOC, or Security Operations Center, based around a SIEM, or Security Information and Event management, platform, many organizations are facing challenges to adapt these SOCs into a model that works for the New Style of IT – hybrid cloud, big data, and Internet of Things are all producing huge amounts of data and security alerts, and in many cases the traditional SIEM is unable to keep pace. In fact, HPE recently reported a year-over-year decline in overall security operation maturity in the 2016 State of Security Operations report, citing the transformation of IT alongside the increasing professionalization of the cybercriminal community as being the main factors for the decline.

Traditional security monitoring platforms have always focused on the three Cs – Collect, Correlate, and Consolidate – so that a security analyst is quickly able to use the intelligence delivered by the SIEM to identify a threat vector and decide a suitable response. However, whilst this works well for an on premise model, where all security alerts coming into the SIEM platform are originating locally, it’s often not a cloud-friendly approach. Take for example the adoption of a cloud based SaaS offering for office productivity – whilst in a traditional model, the application servers are internal, and security alerts are easily integrated into the SIEM platform, in a cloud model, all of the security intelligence lives somewhere in the cloud, and is not always easily integrated into a local SIEM instance.

Today when evaluating cloud service providers (CSP), it’s important to understand the CSP’s approach to information sharing, as well as the SIEM platform capabilities – is the CSP prepared to deliver security alerts to your on premise SOC, and is the SIEM mature enough to offer an API to consume that data?

The video below discusses the role of security visibility in the cloud in more detail, and highlights the benefits of the HPE ArcSight platform in this context.



To learn more about hybrid cloud security, download the whitepaper from 451 Research Group or the Dummies Guide to Hybrid Cloud Security, HPE Edition. The 2016 HPE State of Security Operations report can be downloaded here. You can also learn more about the HPE approach to Hybrid Cloud Security on our website. Other videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author


Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

Read for dates
HPE Webinars - 2019
Find out about this year's live broadcasts and on-demand webinars.
Read more
Read for dates
HPE at 2019 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2019.
Read more
View all