There is a new approach that HP is promoting to business services: The Instant-On Enterprise. The key pillars to this are:
and yes, even... Cloud
My focus is cloud security, and I wanted to touch on a common fear that providing adequate security means locking down and environment tightly, to the detriment of innovation.
You have likely heard the concept of building security in rather than bolting it on. My colleague Charlie Bess recently posed on the idea of "Security, Cloud and Tooling Support", noting "recent HP research which reveals that in the past year, one out of every two senior business, government and technology executives have experienced impediments to innovation, technology agility, or customer service due to security constraints."
* But as noted, it can be done. Raymond James, a global financial services company, with 5,300 financial advisors offer personal investing, institutional, and corporate financial management services through the company’s three broker/dealer subsidiaries. Its numbers are impressive: 1.9 million accounts served from 2,300 locations, with total client assets of $233 billion.
* What did the development team at Raymond James do? It created a dedicated production control group responsible for ensuring application security. It deployed HP WebInspect software and HP Assessment Management Platform software to reduce potential risk to customer data to achieved targeted compliance levels -- while still continuing to innovate with new applications.
Moving beyond that, I've been closely involved with key tooling for HP services over the last year in terms of cloud security assessments. There we have incorporated atop a comprehensive ISO27k security assesment, the Cloud Security Alliance guidelines and controls with the same from the European Network and information Security Agency (ENISA) Cloud Computing Risk Assessment.
Pretty compelling stuff whether your looking to assess your entire security program, or a specific implementation of cloud service usage. Either way, a comprehensive approach that is still effiecient and effective was our goal, because unless you understand your risk, and how you secure your environment, you cannot assess a public cloud solutions ability to do better, worse, or equal to you.