Much like traditional IT security, cloud security controls can be broken down into four categories: deterrents, preventatives, detectives and correctives.
However, due to the complexity of some control sets for certain industries, for instance where compliance and regulation is paramount, moving your existing control tool kit over to a public cloud provider may not be so straightforward.
While the big cloud providers do provide a highly reliable set of security controls, they are always geared towards the needs of the masses, not the few or the niche. This adds another level of complexity for businesses in financial services for example, who would always need to match their on-premise security controls to their public cloud.
So how flexible are the big cloud providers? While AWS and Azure do provide, or are working towards meeting basic regulatory compliance concerns, highly regulated workloads would still be better kept on-premise – making hybrid cloud the best option in these instances.
As part of out Cloud Security Guru series, we spoke to Chris Steffen, Chief Evangelist of Cloud Security at Hewlett Packard Enterprise to get the big picture:
Read Chris’ recent blog post on Cloud Security Controls.
Learn more about HPE Cloud Security and download the Critical Security and Compliance Considerations for Hybrid Cloud Deployments report by 451 Research.
Connect with Chris:
Twitter: @CloudSecChris
Medium: medium.com/@csteffen
LinkedIn: Chris Steffen
Blog: HPE Community
