While the public cloud offers many benefits, security and compliance concerns can still give CIOs some sleepless nights. These innovative offerings from HPE Pointnext Services can set your mind at ease.
By Stan Grant, HPE NA Marketing
There is no doubt. If you are an IT professional, you have already been involved, or soon will be, in perhaps one of the most important crossroads decisions in the progression of your IT career. That is: When do I move my applications and data to a cloud environment, be it a public, private, or hybrid model? And when, and what, do I move?
The attractiveness of the public cloud has enticed a lot of companies to make the jump and place, first lower, less critical applications, then more and more important ones, into the public cloud. The ability to scale quickly and easily, along with the built-in tools, were the obvious reasons, but the offloading of management and a reduced data center footprint were also attractive features. What’s not to like?
Well, in a primary research study commissioned by HPE*, around 20% of companies surveyed are pushing back on public cloud initiatives, partly due to security concerns, and creating a hybrid cloud experience with on-premises being the lead estate. Furthermore, a significant number (43%) said the public cloud increases risk because the company is primarily responsible for securing data in the cloud. This highlights the fact that there is a level of confusion and uncertainty as to who has the ultimate responsibly to secure data in the public cloud: the company or the cloud service provider?
The Shared Responsibility Model – part of the answer
One of the key tenets of cloud security is the Shared Responsibility model. This basically says there are some things that you, as the customer, are always responsible for, like data, devices, and accounts and identities. And there are some things that the cloud service provider is always responsible for, like physical hosts, networks and data centers. However, in the public cloud, responsibility for that stuff in the middle – like operating systems, network controls, applications, and directory infrastructure – varies depending on whether your services are SaaS, PaaS, or IaaS. You definitely don’t want to miss an important part of your overall risk and security management plan dealing with any confusion.
Further, in the HPE study, it was clear that the people closest to the front lines – the enterprise business development managers and IT decision-makers – were the most concerned about security in the public cloud, even more than the C-suite respondents. Bottom line: there is risk, and nervousness, associated with data and apps sitting in the public cloud.
To further compound the uncertainty, a recent report from ISC2** (Cybersecurity Insiders) says, “When asked about the biggest security threats facing public clouds, organizations ranked misconfiguration of the cloud platform (68%) highest.” Making a mistake in configuration could have long-term consequences. It only makes sense that most organizations will benefit from the flexibility of a hybrid cloud strategy.
Sorting it all out
So, if the answer is truly a hybrid model – part public, part private – how do you approach getting that done, and, at the same time, making it secure so you can sleep well at night, knowing your company won’t be in the headlines tomorrow morning for a security breach?
First, there are some basics to consider.
Security has to be seen, not as a bolt-on addition, but as a central ingredient of everything done in the cloud. Shortcuts can spell trouble, with a capital “T”.
An HPE report Cloud.Nxt: Expert advice to help you get the most out of your cloud transformation outlines an important set of questions to get started in the security and compliance arena, including:
- Are there security regulations, compliance rules, country-specific rules, or state rules regarding data limits and the choice of locations?
- Consider data residency issues between countries, and even states. The impact of placing the data in a highly regulated data privacy country could be devastating to the success of the program and potentially to the company.
Once you answer the basic security and compliance questions, here are three offerings from HPE Pointnext Services that should fit most scenarios.
HPE Rapid Cloud Security Planning Workshop
Part of our HPE Accelerator Workshops for Cloud family of services, this relatively short HPE Pointnext Services engagement helps you go over key challenges in a 90-minute, remote session with HPE cloud security experts. These folks have tons of experience from doing cloud transformation projects over a long period of time. If it’s a security thing, they’ve probably seen it before and know possible solutions to get you securely into the cloud. They use the HPE Cloud Security Framework, based on the Cloud Security Alliance (CSA), and multiple other global security frameworks. The Workshop leverages our HPE Security Reference Architecture – a roadmap to lay out your secure cloud.
HPE Transformation Program for Cloud
If you are in a larger organization and it’s clear that your cloud plan struggled or failed out of the gate, or if you’re just early in your cloud journey, or if you’re looking for more efficiency in the cloud, then this HPE Pointnext Services program is probably for you. It provides you with 3 key offerings:
Cloud Maturity Assessment – An evaluation of the current maturity level for each of the domains within our proven Cloud Transformation Maturity (CTM) framework. And a roadmap is created to track your progress.
Establishment of a CBO (Cloud Business Model) - This may include analyses not only for security, but also economic factors, the application portfolio, DevOps, and more. Plus, it helps with the transition of CBO roles to your stakeholders, as well as early road map tasks.
Definition of the operating model – This includes an assessment of the current state operating model and a definition of the desired future state cloud operating model. A gap analysis between the two states is conducted, leading to next steps and phases of execution to achieve the end-state.
Just to give you a taste of the comprehensive nature of this program, below is a diagram of the various elements of reducing risk and IT operating costs, and instituting a governance structure for your cloud strategy.
HPE GreenLake for Continuous Compliance
This solution enables you to track compliance with more than 1,500 controls from a single dashboard, remain audit-ready at all times, and stay up-to-date with evolving regulations. All of this, while leveraging HPE technical expertise. (Learn more about HPE GreenLake cloud services)
With these HPE services at your disposal it’s reassuring to know you can get the best of the cloud – public, private or hybrid – and it’s secure from attacks.
And your worrisome, nervous nights will likely be a thing of the past.
To learn more about HPE Pointnext Services and how we help you accelerate your digital transformation, visit https://www.hpe.com/services.
*HPE-commissioned study: HPE GreenLake Challenger Research Report, September 2020, Emerald Research Group
** 2020 Cloud Security Report, Sponsored by (ISC)²
Related articles:
7 best practices for closing the IT security gap via HPE's Enterprise.nxt
Building tomorrow's enterprise: Your handbook for success. via HPE's Enterprise.nxt
Want to know the future of technology? Sign up for weekly insights and resources
HPE Experts
Hewlett Packard Enterprise
twitter.com/hpe
linkedin.com/company/hewlett-packard-enterprise
hpe.com
HPE_Experts
Our team of Hewlett Packard Enterprise experts helps you learn more about technology topics related to key industries and workloads.
