Cloud Security 101 Series - Review and Summary...
Christopher Steffen
Vice President of Research - Information Security at Enterprise Management Associates (EMA)
For the past several months, I have been publishing a series of educational blogs, highlighting some of the major considerations surrounding information security in the cloud. In the series, we provided definitions and best practices for many of the elements that should be considered part of a cloud security program. In addition to a blog, each topic has a short video, providing some additional information on the subject.
Below is a summary of each of the topics, as well as links for more information.
What is Cloud Security?
Cloud security is the set of controls and policies that define how information (data), systems, applications and infrastructure is protected when using a cloud environment. Often, cloud security adheres to a specific regulatory or compliance framework, depending on the computing workloads that are deployed into the cloud.
What are the Principles of Cloud Security?
While there are many considerations for evaluating security for a possible cloud solution, Hewlett Packard Enterprise has narrowed the considerations down to three primary principles when considering security in the cloud: shaping security standards, a shared responsibility model, and a defense in-depth approach to comprehensive information security.
What is Cloud Compliance?
Cloud compliance is the area of hybrid cloud security which talks specifically how a company’s cloud infrastructure will be regulated, and some of the differences and similarities between the controls used to regulate on premise systems and the workloads migrated to the cloud.
What is Data Sovereignty?
Data sovereignty is the discussion around how data that has been converted into some digital form is covered by the laws and regulations in which it is located. The rules and regulations that are generally part of any data sovereignty discussion are in a near constant state of change.
What are Safe Harbor and GDPR Regulations?
The Safe Harbor Principles and the General Data Protection Regulation (GDPR) are two of the many laws / regulations that are part of the data sovereignty discussion. Specifically, the Safe Harbor Principles is an agreement between the European Union and the United States which allowed some US based companies to comply with EU Data Privacy Protection regulations. The GDPR is a new regulation adopted by the European Commission that strengthens and unifies data protection standards for citizens of the EU.
What is Identity Management?
Identity Management - sometimes also called access management or identity and access management (IAM) - is the various ways that an enterprise can use and manage to allow their employees and users to gain access to computing resources based on their identity and the rights and privileges associated with that identity.
What are Monitor, Detect and Response?
In any computing environment, the IT professionals that maintain the environment need to have visibility as to what is going on in the environment. With proper visibility, they can monitor the environment for anomalies, detect anomalies when they occur, and formulate a proper response to resolve.
What is Data Protection?
Data protection is a key capability of hybrid cloud computing and information security that explains how data is secured at all parts of the process from loss and/or corruption.
What are Cloud Security Controls?
Cloud Security controls, then, are the sets of standards that an enterprise uses to evaluate the effectiveness of the security policies and procedures implemented in their cloud environment to mitigate risk and reduce security vulnerabilities.
What is Risk Management in the Cloud?
The way that an enterprise deals with risk in the cloud is much the same as it does with their on premise infrastructure, with the caveat that they must now also deal with a cloud provider in addition to their own risk standards.
We hope that the series has been a benefit to you, and increased the awareness of these important information security considerations. Regardless of the vendor an enterprise chooses as their cloud provider, understanding these key cloud security topics will empower a company to make more informed security based decisions when adopting a cloud infrastructure and formulating the company’s overall security vision and strategy.
To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security.