Embed Size (px)
Citation preview
Solution overview
Achieve complianceHP Benelux Data Centres offer local cloud solutions
Solution overview | Achieve compliance
The two HP Benelux Data Centres offer secure and flexible space providing market-leading services. They offer a resilient, enterprise-class, cloud-enabled solution to meet demand for local data centre services.
HP is making a significant investment in the Benelux region to cater to those companies that need to retain their data within national borders. These local data centres are a direct result of a strategic focus based on application modernisation, security, and information management. They provide:
• Next-generation data centres using the latest cooling and power methodologies
• Industry-leading Power Usage Equivalent (PUE) rating
• Secure access with audit capabilities
• Flexible provisioning in the cloud—use only what is needed, when it is needed
Converged cloud meets traditional infrastructure needs
Not all applications are ready to move to the cloud, and many will never move there at all. Traditional infrastructure is here to stay and so our converged cloud is created around this concept. Move what makes sense into a private, virtual private, or public cloud and leave the rest in the traditional enterprise environment. This hybrid delivery model maximises both investments and performance as you run your business—getting the best out of existing and new applications and services.
Pay as you grow
HP Enterprise Cloud Services—Virtual Private Cloud (VPC) and the Benelux Data Centres provide server, storage, network, and security bundles you consume as a service. They allow you to:
• Only pay for the resources you use.
• Adjust IT capacity as rapidly as your business requires.
• Run your applications and processes whilst accessing them over a network that’s managed to HP security standards.
We bring you system integration experience, enterprise-grade security, and a legacy of operational excellence. This makes these cloud services available for core business workloads.
Compliancy in the cloud
Regulating authorities and government, such as the Dutch National Bank1 or the EU2, will issue specific directions regarding moving to cloud. In general, regulators require you to have Governance Risk management and Compliancy (GRC) in place to deal with new laws and regulations, new threats, and reporting requirements. You need to be “in control,” which means:
• The specific cloud risks are identified.
• Policies are adapted to cope with these new risks.
• The system of internal controls enforces these policies.
• Governance is in place to measure and monitor effectiveness.
HP cloud offers:
• Enterprise-grade cloud offerings in both private and virtual private models
• Twin next-generation data centres delivering the latest in technology solutions
• Resiliency options offering 99.999% availability if required
• Market-leading security and compliance
• Audit capability—know where your data is
What keeps you up at night?
• Where is my data in the cloud?
• Who can access my data?
• Do we comply with privacy and other relevant laws?
1 http://www.toezicht.dnb.nl/binaries/Cloud%20computing_tcm50-224828.pdf
2 “Unleashing the Potential of Cloud Computing in Europe”: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF
Cloud concerns include:
• Where is my data in the cloud?
• Who can access my data?
• Do we comply with privacy and other relevant laws?
This should, at a minimum, result in:
• Management has oversight over the cloud, recognises the value, understands the technology, understands the risks, and mandates cloud policies.
• Risk management will be performed at both the business and technical level.
• Staff are aware of risks in using cloud applications and functions.
• Management must know and authorise who is using the cloud.
• Management must know and authorise what is put in the cloud.
Virtual Private Cloud—your roadmap to the cloud
VPC and the Benelux Data Centre can aid you in your journey to the cloud and allow you to benefit from the advantages of cloud services models. These include flexibility, availability, and reduced costs. This will occur in an environment designed to deliver a secure, auditable, and compliant service that meets the requirements of regulating authorities.
Main security features and standardsThe standard internal control and security features of VPC include:
• You know where your data is.
• Implemented on virtual or physical dedicated servers
• Secure connection to your internal network and HP management network
• Access to VPC compartments controlled by client-managed firewall
• Intrusion detection and prevention systems
• Network access monitored by the HP Global Cyber Security Centre
• Automated resiliency features allow virtual clients to continue to operate normally in case of entity failure
• Disaster recovery facilities to second Benelux Virtual Private Cloud location
• Standard and optional security services and features including:
– Patch management
– Vulnerability scanning
– Encrypted backup and archiving services
– Strong authentication services
– Security policy management
– Load balancing
• Compliant to standards and regulations including:
– International standards such as ISO27001, PCI, TIA942 Tier3, ITAR, and more
– Local standards such as EU privacy law (HP complies with the U.S. – EU Safe Harbor framework), Dutch Financial Regulators
– The security architecture for VPC is shared via the CSA –STAR
– VPC has been approved to deliver services under the U.S. federal government’s FedRAMP cloud security programme.
• HP has been awarded TRUSTe’s Privacy Seal.
VPC provides logical isolation of your servers and storage. This level of segregation gives you security and peace-of-mind and helps meet requirements for compliance and auditing.
Customising compliancy
HP NL Audit & Compliance is aware of the possible consequences when you cannot demonstrate that you are in control and offers services to “stay in control of cloud” through a specialised team. Our Audit & Compliance team understands your specific compliance requirements, facilitates specific compliancy needs, and acts as a partner on all IT governance challenges and issues, ensuring a smooth, safe, and controlled journey to the cloud.
Solution overview | Achieve compliance
Rate this documentShare with colleagues
Sign up for updates hp.com/go/getupdated
Assurance methods
HP NL Audit & Compliance takes your regulatory requirements and specific policies as a starting point and documents how these are addressed by the standard internal controls and security services of our data centre VPC offering. The team will draw up an assurance and audit plan that will indicate how the effectiveness of these controls will be monitored and assured.
We recognise that new technologies such as cloud, the degree of dependency of your business on IT, and the new online persistent attacks of cybercrime require interactive audit and monitoring procedures. Building on the standard assurance reports VPC is designed to deliver, HP NL Audit & Compliance will work with you to define the compliance-enforcing techniques, monitoring reports, and regular assurance activities that will meet your compliance requirements. This exercise is based on the Assurance Framework shown in Figure 1 and documented in your assurance and audit plan.
This approach provides:
• Immediate enforcement of most relevant compliance policies
• Regular compliance reports on selected standards
• Early warning of threats, risks, and potential noncompliance situations
• Dashboard reporting to support governance
• Monitoring reports (Arcsight or ePCM) on data location, transactions, network traffic, authorised access, data transfer
• Transparency and auditability of your cloud solution
• “In control” and audit reports by certified auditors
• Costs reduction of external and internal audits
Solution overview | Achieve compliance
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
4AA4-7616EEW, September 2013
Assurance andaudit plan
Client audits• External/internal audit
ECS VPC compliance reporting• PCI; ISO 27001; ISAE3402
HP NL—Stay in control of cloud• Monitoring information• SIEM compliance reports• HP assurance and audit activities
• Regulatory requirements• Client policies• International standards
HP converged cloud • Traditional IT• Private cloud• Managed cloud• Public cloud
Figure 1. Assurance Framework
