Understanding the Intersection of Security and IT-as-a-Service

Shifting to a pay-as-you-go IT consumption model helps meet security objectives, while achieving cloud’s promises of agility and economics.


Security is invariably a top concern among executives, whether it relates to cloud, infrastructure, or any technology implementation. Boards of directors too are worried about potential fallout from breaches and hacks.

Yet, public cloud in particular — where access and security are less in their control —gives CSOs pause. Plus, there are compliance concerns. Some regulations, such as the General Data Protection Regulation, dictate that sensitive information must reside, if not on-premises, then within the owner’s (customer) geographical location.

However, keeping apps and workloads on private infrastructure has tradeoffs for the business. There is the potential loss of the speed and agility afforded by easy cloud access, as well as higher IT resource costs, including both capital and operational expenses.

The advent of hybrid cloud — a mix of public and private environments — has offered a way to gain cloud benefits while securing other workloads privately. And yet, here again, new complexities arise. Now organizations must decide where each application and workload is placed, which is no small consideration. Factors including cost, capacity, performance, and security come into play, and having to make these decisions for dozens if not hundreds of workloads can be an inefficient use of time. And ultimately, no matter where each app goes, security services must be procured and provisioned.

IT-as-a-Service Meets Security Objectives

So, how does an organization reap agility, economics, and security in a mixed cloud environment? Enter IT-as-a-Service (ITaaS), a consumption-based approach for IT.

It’s not necessarily new. The as-a-service model has successfully enabled businesses to offload time- and resource-intensive management of infrastructure and services to IT providers. The same concept applies to ITaaS. Although it is not entirely a cloud-based model, ITaaS can be applied to hybrid cloud environments.

ITaaS is a win-win for security and the business. At the outset, the ITaaS provider’s knowledge and expertise can quickly help CSOs and CISOs determine whether applications and workloads are best suited for cloud or on-premises data centers. For workloads kept on private infrastructure, the business only pays for the IT capacity — such as scalable storage — actually used, while security teams retain control.

For resource-stretched security teams, ITaaS offerings such as backup-as-a-service and disaster recovery-as-a-service can simplify workload management and mitigate risks. Some providers also offer dedicated expertise in cybersecurity and compliance – freeing staff to focus on higher level security planning and initiatives, such as testing new apps in development, providing security training and support for employees, and overseeing new technology implementations.

Secure ITaaS from HPE GreenLake

ITaaS enables the best of the hybrid world. For example, HPE Greenlake offers consumption-based IT services that combine the flexibility and cost savings of public cloud with the security and performance of on-premises IT. HPE GreenLake enables companies to choose from a catalog of hardware, software, and expertise in a pay-per-use model — all within the control of the on-premises environment.

Learn more at hpe.com/greenlake.

Copyright © 2019 IDG Communications, Inc.