IT assurance: A proactive approach to security and resiliency in the New Style of IT
Upcoming SlideShare
Loading in...5

IT assurance: A proactive approach to security and resiliency in the New Style of IT



There is a significant difference in the whole concept of “security” vs. “assurance” that many consumers of IT services don’t recognize. The presence of security provisions could be taken ...

There is a significant difference in the whole concept of “security” vs. “assurance” that many consumers of IT services don’t recognize. The presence of security provisions could be taken as security itself, but does the mere presence actually guarantee your resistance to or protection from harm?



Total Views
Views on SlideShare
Embed Views



1 Embed 26 26



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

IT assurance: A proactive approach to security and resiliency in the New Style of IT IT assurance: A proactive approach to security and resiliency in the New Style of IT Document Transcript

  • Master cloud protection from strategy to delivery HP Cloud Protection Program and Consulting Services Brochure
  • 2 You don’t have to choose between agility and security. Enterprises, service providers, governments are all looking to capitalize on opportunities for most cost savings, revenue growth, and competitive advantage. To do this they must speed innovation, enhance agility, and improve financial management while securing their information and assets against increasing security attacks. The only way they will be able to accomplish these goals is by using technology. But not the same way they have done it over the last several decades. HP can help deliver these promises by leading organizations on a pragmatic journey to the cloud and hybrid delivery. We can help organizations understand the implications of the technology aspects of your strategy and identify the people and process elements. Our approach is called the converged cloud, which provides unconstrained yet secure access to IT resources that organizations require to fulfill their objectives. HP Converged Cloud provides access to infrastructure anywhere, applications anywhere, and information anywhere. Figure 1. HP Converged Cloud Top threats to cloud computing1 • Abuse and nefarious use of cloud computing • Insecure application programming interfaces • Malicious insiders • Shared technology vulnerabilities • Data loss and leakage • Account, service, and traffic hijacking • Unknown risk profile According to a recent HP sponsored research, the volume and complexity of security threats have continued to escalate. Cloud computing is no exception. 2 Most analysts quote security and privacy as the top reasons for businesses not adopting cloud computing. While organizational computing resources and data in the cloud are attractive targets for attackers, cloud computing characteristics and their associated focus on virtualization technology are driving an important change in the security focus areas. HP believes security for the cloud era should be information centric, built in, adaptive, risk based, and proactive. Transform while keeping security intact: HP Cloud Protection Program HP Cloud Protection Program can help you mitigate common threats defined by Cloud Security Alliance (CSA), while addressing process, compliance, and operational security needs in your enterprise hybrid cloud environment. The program enhances our broader enterprise cloud and security solutions with additional cloud- and virtualization-specific security content and capabilities during transformation to a cloud computing or a virtualized environment. 1 2 Hybrid, secure delivery based on common architecture across traditional and all cloud models Information applications infrastructure Choice • Open: standards based across all delivery models • Heterogeneous: hypervisors, development, infrastructure • Extensible: partner ecosystem Consistency • Common architecture: across all delivery models • Portability: for flexibility & optimization • Consumption experience: one simple model Confidence • Security: across info, apps, infrastructure, delivery models • Management: end to end • Automation: for cloud-based architectures and processes Traditional Private cloud Managed cloud Public cloud
  • 3 HP Cloud Protection Program includes: • HP Cloud Protection Consulting Services: mitigates the security risks in a hybrid cloud environment by preparing your people, technologies, processes, and policies for improved protection and compliance. • HP Cloud Protection Center of Excellence: offers innovative lab environment to test and integrate virtualization and cloud security technologies from HP and partners. • HP Cloud Protection Reference Architecture: provides a comprehensive architectural framework that enables cloud protection by streamlining cloud security design from business, functional, technical, and implementation viewpoints. HP Cloud Protection Consulting Services: these services enhance the HP Cloud Consulting portfolio by providing additional security content and capabilities through: • HP Cloud Protection Workshop: provides in-depth discussion and high-level recommendations on your cloud security strategy, in addition to providing an opportunity to: −− Share cloud security best practices and understand the cloud security threat landscape −− Gain organizational stakeholder alignment and confidence for implementing cloud security −− Identify and prioritize strategic initiatives related to cloud security • HP Cloud Protection Roadmap: offers a well-defined path for implementing cloud security controls, based on risk and compliance gap analysis, so that you can: −− Evaluate changes needed with existing security policies, procedures, and products −− Define business and functional requirements that can drive future cloud adoption −− Guide private and hybrid cloud design activities in the future • HP Cloud Protection Design and Implementation Service: provides a comprehensive, secure, detailed design and implementation that is tailored to the organization’s cloud platform and that incorporates selected security controls based on HP and HP partner security solutions −− Leverages HP Cloud Protection Reference Architecture −− Designs and implements HP and partner security solutions that address specific cloud security requirements • HP Cloud Protection Foundation Service: this prepackaged service provides extra level of security for HP CloudSystem-based platforms and virtualization partner technologies by applying HP and industry security best practices. The service mitigates CSA threats through cloud and virtualization level hardening, supports hybrid cloud security, and offers rapid and tight integration between partner security products and HP CloudSystem. Based on layered building-block approach and on strong collaboration between HP and HP partners including VMware, Intel® , Symantec and Microsoft® , the service offers protection at different levels: −− CloudSystem platform −− Virtual Machine Manager (VMM) −− Network and Storage virtualization −− Virtualization management layer −− Hardening configurations along with virtual machine manager specific security product integration and configuration HP Cloud Protection Center of Excellence: cloud protection design and implementation requires a hands-on approach that accelerates best-practice sharing and adoption. To that end, our consultants contribute to the broader cloud and virtualization security research and innovation through HP Cloud Protection Center of Excellence—a physical lab environment where unified testing and integration of HP and partner products are managed. Strong collaboration with HP Software, HP Labs, VMware, and other third-party products provide tested virtualization and cloud service-level protection. The lab environment provides: • Use-case testing to support customization of unique enterprise requirements through lighthouse programs • Innovation to study and evolve cloud security controls and threat mitigation in areas such as virtual machine lifecycle security and secure cloud bursting • Opportunity to test configuration and integration of new products from partners and third parties HP Cloud Protection Reference Architecture: in a traditional IT environment, you can have control over data and infrastructure. But, in a hybrid cloud environment, data control and ownership can cross the organizational boundaries and extend into the service provider infrastructure. You need a comprehensive reference architecture to verify that all aspects are considered and accounted for, and that proper security controls are defined to support this multidimensional environment. Used extensively during the roadmap and design phases, HP Cloud Protection Reference Architecture can: • Provide an architectural framework that you can use to streamline your enterprise hybrid cloud security discussions with internal stakeholders • Cover cloud security from different viewpoints—business, functional, technical, and implementation—to better reflect the diverse needs of the stakeholders involved in an organizational cloud project • Clarify key concepts and characteristics of enterprise hybrid-cloud protection
  • Figure 2. HP Cloud Protection Program overview Gain from proven cloud protection expertise: HP Cloud Protection Consulting Services HP Cloud Protection Consulting Services can provide several significant advantages for organizations looking to implement a robust cloud and virtualization security framework. The benefits include: • Integrated and holistic cloud protection approach: this is reflected in the workshop, roadmap, design, and implementation phases of cloud projects against CSA threats, and across the policy, procedure, process, people, and technology aspects. • Business and IT cloud protection alignment: this streamlines enterprise hybrid-cloud security discussions, based on business, functional, technical, and implementation needs. • Innovative lab environment: we test and integrate HP and partner products, leveraging research conducted at HP Labs on cloud, virtualization, and security. Organizations across the globe trust our cloud protection solutions, which leverage the broader HP Enterprise Security and Cloud portfolio. The portfolio includes managed enterprise security services, HP Labs innovations, and HP security products encompassing: • Governance, risk and compliance management, business continuity, and security operations • Software security assurance • Data and content security • Data center security • End-point security and network security • Identity and access management Empowered with the technology, innovation, and experience that HP offers, you can be ready to deliver secure information—wherever your Always-On Enterprise wants to go. Technology with a human touch You rely on technology to run your business efficiently. To stay competitive and capitalize on new revenue opportunities, you have to learn how to access technology in new ways. Team with the HP technology consulting and support experts to help you take full advantage of technology to drive your business. Combining technology expertise with business intelligence, our service professionals help organizations across the globe meet their evolving needs. They can do the same for you. Connect with our service experts to explore ways to do more with your technology investments and move your business forward. Visit Global citizenship at HP At HP, global citizenship is our commitment to hold ourselves to high standards of integrity, contribution, and accountability in balancing our business goals with our impact on society and the planet. To learn more, visit, and for information about HP environmental programs, go to Learn more Take the lead in cloud protection as you evolve your future infrastructure. Learn more about HP Cloud Protection Services by visiting: Consulting Services Consulting Services • Roadmap • Foundation services • Workshop • Design • ISSM methodology Reference Architecture • Single source: virtualization to cloud • Product integration: HP ArcSight, Fortify, TippingPoint, and other complementary non-HP security products Center for Excellence • Research and development • Use-case testing • Partner integration: VMware, Intel, Symantec • HP Labs innovations Get connected Get the insider view on tech trends, support alerts, and HP solutions © Copyright 2011–2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft is a U.S. registered trademark of Microsoft Corporation. Intel is a trademark of Intel Corporation in the U.S. and other countries. 4AA3-8250ENW, Created November 2011; Updated August 2012, Rev. 1