Step #5 for successful cloud brokering: Protect service offerings

There are a number of unique security implications to consider when comparing private and public cloud services. If you don't have one already, it's smart to develop a risk-based security strategy. No single technology will sufficiently protect a dynamic cloud environment. And the fact that cloud technologies are often isolated and managed by siloed operations teams only compounds the problem. A risk-based security strategy can secure each layer of your architecture, but you should integrate them as part of a comprehensive cloud-management platform.

 

Security architecture

As I have noted in previous blog posts, a risk-based security strategy is essential, one where each layer of architecture is secured and integrated as part of a Cloud Management platform. One fundamental challenge that must be addressed is how current cloud technologies are often isolated from each other, and frequently tasked to work within siloed operational teams. This always results in security gaps and inefficient IT processes.

 

An integrated approach, including advanced network security, is key: no single technology will be sufficient to protect dynamic cloud environment like that of the cloud. (For more on this, read one of previous posts, HP Cloud Management - security comes integrated.)

 

Securing access

The interconnected architecture of cloud services also requires a careful execution of access rights. It’s important that a strategy is in place to restrict which business users and various IT roles can access data and modify cloud services. Working with a cloud management platform that clearly defines the variations in user and administrator roles through the existing enterprise directory and LDAP DN structure can simplify how you authorize new users and control access to the platform.

 

Security of public cloud services

Within private cloud services, you clearly have control over how security is managed. Public cloud services present a different challenge. You will need to examine the security capabilities of each service provider; some may have only perimeter security, so it will be up to you to harden operating systems and administer secure passwords. Similarly, some public cloud services may provide anti-virus protection while others don’t.

 

In each case, the IT enterprise security team will have to assess what measures need to be in place at each layer of the stack to meet overall security requirements.

In the cloud, security is a shared responsibility to protect the services. The public cloud service provider will deliver some capabilities, but IT organizations need to then work with what they are given to ensure they achieve the levels of security they require.

 

Ultimately, your organization needs to be in a position to take responsibility for the cloud services you deliver to the business, whether they are private, public or a hybrid of the two.

 

Learn more

HP’s comprehensive IT Operations Management portfolio of tools can help address data security issues. Find out how HP Cloud management provides comprehensive, end-to-end security for application, platform and infrastructure services with cloud brokering and heterogeneous environments. Visit http://www.hp.com/go/cloudmanagement.

 

--With written contribution by Andrew Wahl

 

Related links:

Step #1 for successful cloud brokering: Start with a strategic plan

Step #2 for successful cloud brokering: Plan for all types of services

Step #3 for successful cloud brokering: Automate common processes

Step #4 for successful cloud brokering: Manage service SLAs

Labels: Cloud
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
Lending 20 years of IT market expertise across 5 continents, for defining moments as an innovation adoption change agent.


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation