How to manage security as a cloud services broker

With written contribution by Andrew Wahl

 

When your IT organization adopts a cloud service broker model, the business user may never be aware of the distinction between public cloud service and private clouds—after all, they requisition computing resources through a self-service web portal and IT provisions in a largely automated fashion those cloud services that best suit the requirements. However, there are unique security implications for private vs. public cloud services.

 

Security Architecture

As I have noted in previous blog posts, a risk-based security strategy is essential, one where each layer of architecture is secured and integrated as part of a Cloud Management platform. One fundamental challenge that must be addressed is how current cloud technologies are often isolated from each other, and frequently tasked to work within siloed operational teams. This always results in security gaps and inefficient IT processes.

 

An integrated approach, including advanced network security, is key: no single technology will be sufficient to protect dynamic cloud environment like that of the cloud. (For more on this, read one of previous posts, HP Cloud Management - security comes integrated)

 

Securing access

The interconnected architecture of cloud services also requires a careful execution of access rights. It’s important that a strategy is in place to restrict which business users and various IT roles can access data and modify cloud services. Working with a cloud management platform that clearly defines the variations in user and administrator roles through the existing enterprise directory and LDAP DN structure can simplify how you authorize new users and control access to the platform.

 

Security of Public Cloud Services

Within private cloud services, you clearly have control over how security is managed. Public cloud services present a different challenge. You will need to examine the security capabilities of each service provider; some may have only perimeter security, so it will be up to you to harden operating systems and administer secure passwords. Similarly, some public cloud services may provide anti-virus protection while others don’t.

 

In each case, the IT enterprise security team will have to assess what measures need to be in place at each layer of the stack to meet overall security requirements.

 

In the cloud, security is a shared responsibility to protect the services. The public cloud service provider will deliver some capabilities, but IT organizations need to then work with what they are given to ensure they achieve the levels of security they require.

 

Ultimately, your organization needs to be in a position to take responsibility for the cloud services you deliver to the business, whether they are private, public or a hybrid of the two.

 

Learn more

HP’s comprehensive IT Operations Management portfolio of tools can help address data security issues. Find out how HP Cloud management provides comprehensive, end-to-end security for application, platform and infrastructure services with cloud brokering and heterogeneous environments. Visit www.hp.com/go/cloudmanagement

 

Alternatively, meet us at HP Discover in Barcelona. See security for the cloud in action at the demo booths and learn from the breakout sessions what it means to provide cloud services that are secure and compliant.

 

 

Editor's Note: This is the fifth in a series of thought leadership blog posts on the seven things you need to know about becoming a successful cloud services broker. To catch up on the series, be sure to read these posts:

1.        Your cloud transformation starts here: How to develop a strategic plan

2.        Building on a foundation of automation

3.        How to decide what cloud services to offer

4.        Managing SLAs for your cloud services

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Lending 20 years of IT market expertise across 5 continents, for defining moments as an innovation adoption change agent.


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation