Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Sharing Responsibility for Data Security in the Cloud

As organizations shape the contours of a secure edge-to-cloud strategy, it’s important to align with partners that prioritize both cybersecurity and risk management, with clear boundaries of shared responsibility.

The security-shared-responsibility model is essential when choosing as-a-service offerings, which make a third-party partner responsible for some element of the enterprise operational model. Outsourcing IT operations has become a smart business strategy. But outsourcing operational risk is untenable, given the criticality of data-first modernization to overall enterprise success.

“Intellectual property is key to a company’s success,” notes Simon Leech, operational security lead for HPE GreenLake Cloud Services. “Therefore, it’s up to CIOs to do due diligence about what sort of security controls are in place and to ensure data is well protected in an [as-a-service] operating model. The security-shared-responsibility model provides a clear definition of the roles and responsibilities for security.”

Having a well-articulated and seamlessly integrated security-shared-responsibility model is table stakes. Organizations are spending far more time grappling with the costs and consequences of highly complex cyberattacks, to the tune of a 72% spike in costs over the last five years, according to the Accenture/Ponemon Institute’s “Ninth Annual Cost of Cybercrime” study. Specifically, the study attributed an average $4 million loss to business disruption, with another $5.9 million associated with information losses. In total, the global cost of cybercrime is skyrocketing, expected to grow 15% annually to hit the $10.5 trillion mark by 2025, noted the “2020 Cybersecurity Ventures” report.

HPE GreenLake: Security by Design

Against this backdrop of heightened cybercrime activity, organizations are more vulnerable as the proliferation of platforms, internet-of-things (IoT) devices, and cloud applications has created an expanded attack surface and widened security gaps. A new security-by-design approach infuses security practices and capabilities directly into new systems as they are built — versus addressing security requirements later as an afterthought.

An organization’s approach to security must also scale at the speed of digital transformation. This means that security must be automated and integrated directly into continuous-integration/continuous-delivery (CI/CD) pipelines, ensuring that safeguards are applied consistently across workloads, no matter where data resides. This also makes it easier for developers to create secure code. As organizations grapple with additional complexity challenges, they need access to third-party security experts to close up any internal security gaps.

The HPE GreenLake security-shared-responsibility model differs from that of the typical cloud provider, because the as-a-service platform delivers a public cloud experience everywhere, including in a company’s private data center and/or in a shared colocation facility. The company or colocation provider maintains responsibility for securing the connectivity and physical data center, and HPE’s responsibilities vary, depending on the chosen HPE GreenLake consumption model. For example:

  • In a bare metal model, HPE is responsible for securing the HPE GreenLake infrastructure and cloud experience but the customer takes ownership of everything on top of that infrastructure, including the operating system (OS), hypervisor, container orchestration, applications, and more.
  • With containers and virtual machines, the responsibility shifts and HPE GreenLake handles security for the lower layers that includes the hypervisors, software-defined networking, and container orchestration. Here again, the customer is responsible for securing the guest OS, applications, and data.
  • For workloads, such as SAP Hana delivered as a service or electronic health records as a service, HPE GreenLake takes security responsibility for everything up through the application layer whereas the customer maintains ownership of data security.

“In all three scenarios, security of customer data is always the responsibility of the customer,” Leech says. “It’s ultimately their responsibility to decide what data they put in the cloud, what data they keep out of the cloud, and how they keep that data protected.”

Best Practices for Security Success

Drill down into the details. Leech cautions that the No. 1 rule for security success is understanding the boundaries of responsibility and not making any premature assumptions. Organizations should confer with their cloud service provider to clearly understand and delineate who has responsibility for what. Most cloud providers, including HPE, offer collateral that drills down into the details of their security-shared-responsibility model, and customers should take full advantage.

“The risk is really one of blissful ignorance,” he says. “The assumption can be made that security is there, but unless you actually go into the contract and look at the details, you might be making a wrong assumption.”

Include the enterprise risk management team. Invite the enterprise risk management team into the discussion early on, so it has a clear understanding of the potential risks. With that knowledge, it can help determine what is acceptable, based on a variety of factors, including the industry, specific regulatory climate, and customer demands.

Follow security-by-design principles. Use the security-shared-responsibility model as an opportunity to address security early on and identify potential gaps. In addition to automation and ensuring that security is code-driven, embrace zero trust and identity and privilege as foundational principles. “By understanding what those gaps are early enough, you can build compensating controls into your environment and make sure it is protected in a way you’d expect it to be,” Leech explains.

Know that visibility is essential. Security monitoring should be a part of the routine to gain a full understanding of what’s happening in the environment. Organizations can opt to do security monitoring on their own or enlist additional services as part of an HPE GreenLake contract. “It goes back to that idea of blissful ignorance,” Leech says. “If I’m not doing any security monitoring, then I never have any security incidents, because I don’t know about them.”

The HPE GreenLake edge-to-cloud platform was designed with zero-trust principles and scalable security as cornerstones of its architecture and development — leveraging common security building blocks, from silicon to cloud, that continuously protect your infrastructure, workloads, and data so you can adapt to increasingly complex threats. For more information, go to https://www.hpe.com/us/en/greenlake/greenlake-security.html.

Cloud Security


Read More from This Article: Sharing Responsibility for Data Security in the Cloud
Source: News

Category: NewsAugust 25, 2022
Tags: art

Post navigation

PreviousPrevious post:Avoiding Last-Mile Challenges for Remote WorkersNextNext post:Geopolitical risks could present new opportunities for CIOs: Gartner

Related posts

휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
May 9, 2025
Epicor expands AI offerings, launches new green initiative
May 9, 2025
MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
May 9, 2025
오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
May 9, 2025
SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Recent Posts
  • 휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
  • Epicor expands AI offerings, launches new green initiative
  • MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.