Transforming IT
cancel
Showing results for 
Search instead for 
Did you mean: 

The Adaptive Continuum: Rethinking Security and Protection in a Hybrid World

Lois_Boliek

As the transition to modern, hybrid IT environments accelerates, can security and protection keep pace?

It’s a question that’s nagging at the minds of many IT leaders these days. In a recent survey by 451 Research, security and compliance were identified by IT pros as the primary challenges for the adoption of cloud-enabled technologies (see Critical Security and Compliance Considerations for Hybrid Cloud Deployments). As the analyst firm notes, those concerns are not an “absolute inhibitor” for the move to cloud. Far from it; the economics of cloud efficiencies are just too attractive to ignore, as are the opportunities to surprise and delight customers and internal users with increasingly innovative services, and to head off competitive disruptions.

HPE Security IT Services2.jpgBut as businesses continue to unroll their hybrid cloud transformations, they’re confronting a growing and increasingly dynamic threat landscape. Innovative cloud platforms expose potentially vulnerable entry points outside the on-premises data center, and create attack surfaces that the adversarial eco-system can target with new forms of malware. The overall sophistication, funding and orchestration of these attacks is continuously increasing. At the same time, and partially in response to those developments, regulatory requirements are escalating, driving the need for constant monitoring across IT systems to identify and remediate compliance issues.

To survive and prosper in this complex and constantly morphing risk environment, businesses can no longer rely on the static, monolithic, inwardly-focused security and protection strategies that worked for pre-cloud IT. A new approach is needed, one that’s open and flexible enough to respond rapidly and intelligently as changes unfold in the threat landscape. One that provides in-depth defense across the entire continuum of IT operations – from the data center, to the edge, to the cloud.

Equally important, it must ensure that SLAs with service providers are enforced. The fact that a company’s data resides on a service provider’s equipment doesn’t relieve that business from the responsibility to protect its data. Nor does it eliminate the risk of fines and lawsuits in the event of a breach.

The adaptive continuum: building agile defense across the delivery models

Today’s hybrid IT operations distribute workloads, applications and data across a variety of resources and delivery models. In the on-premises zone, core data center assets, composable infrastructure, and private clouds interact with compute power allocated to the intelligent edge. In the off-premises zone, IT’s reach extends into community clouds and private clouds to leverage infrastructure, platforms and software delivered as services.
Boliek Security for Hybrid Figure 1.pngSecurity Strategies for a Hybrid World Figure 1A comprehensive security and protection strategy recognizes that different methods and technologies are needed in each of these elements, but it views the entire structure as a holistic, end-to-end system. Think of it as a seamless, adaptive continuum of protection that needs to be connected through automation, integration and management oversight across all delivery models.

What’s more, it’s a continuum with depth – and this is what gives the security and protection layer its resilience and its ability to adapt to, and guard against, new threats. At HPE Pointnext, we focus on four key areas to help companies build deep defense:

  1. Secure your on-premises and off-premises IT services delivery platforms. We work with you to develop an overarching security architecture and apply controls to protect your infrastructure, data, apps and users. We align, standardize, and simplify methodologies and technologies across the board, applying defense-in-depth principles throughout.
  2. Implement strong governance, privacy and compliance. We help you build continuous, end-to-end systems to tighten policy enforcement and manage the intricate web of requirements around data ownership and confidentiality. We help you establish SLAs with service providers and ensure that security providers can demonstrate the effectiveness of their controls.
  3. Ensure continuity and resiliency, edge to core to cloud. A careful classification of your data assets can help you identify security risks and requirements that are crucial to maintaining business continuity. We can help you design unified continuity and disaster recovery plans to protect your data and ensure recoverability.
  4. Integrate IT and security operational processes and intelligence. It’s important to develop an ongoing end-to-end detection and response capability so that you can manage security breaches across the enterprise, and across cloud and on-premises environments. Strong predictive analytics and security intelligence capabilities can help here. We emphasize the importance of a framework that encompasses people and processes as well as technologies – a traditional approach, but one that’s essential today, when even a simple error in security patch management can result in a serious breach.

HPE Pointnext is the ideal partner to help you build adaptive, comprehensive security and protection for your hybrid IT environment. We can point to a history of innovation in open, standards-based toolsets and frameworks, operational security service management models, and business continuity/disaster recovery (BC/DR) systems. We’re proud of our quarter-century of experience in delivering security services, and our extensive global ecosystem of security partners and BC/DR practitioners.

To learn more, see the following:

 

 

 

0 Kudos
About the Author

Lois_Boliek

The worldwide security leader for HPE Pointnext Advisory and Professional Services and certified CSO.

Labels