IT Operations Management (ITOM)

How to automate cloud security compliance so even novice users provision assets securely

How to automate cloud security compliance so even novice users provision assets securely


Prasanna Mulgaonkar.PNGBy Prasanna Mulgaonkar, CEO and Founder at Cloud Raxak Inc


Editor’s note: This article is part of an ongoing series of guest posts by HP Software customers about Automation and Cloud Management use cases.

You can read the previous posts here:


There’s no question that the public cloud offers the potential for tremendous benefits when building and managing applications. But for most enterprises, security risks continue to be a big sticking point—which is severely limiting the ability to make the most of public cloud services.


Developing an enterprise application in the public cloud has become so easy, that enterprises have started to adopt this technology for cost and flexibility. For example, a marketing manager may need to quickly create a consumer loyalty application to respond to the competition. To accelerate time-to-market, the business may choose to create their own application using the public cloud services without fully understanding the security requirements and risks associated with it. Deployments like these, by novice users, are not necessarily compliant to corporate security policies, are not adequately monitored throughout the lifecycle of the service, and increase the potential for a security breach. To solve this dilemma, enterprises need to make security compliance as simple as provisioning virtual machines.


Consistent and Cost Effective Public Cloud Security


To ensure consistent security compliance across the enterprise, application teams and IT organizations need to apply standard security profiles and controls across both private and public cloud infrastructures. Unfortunately, applying these security profiles manually is slow, expensive and can increase security risks. Given that security compliance is up to 40 percent of the cost of managing virtual applications in the cloud, automating these processes is critical.


Cloud Raxak Protect is a SaaS-based service, that empowers IT and application development teams by automating security compliance across both private and public clouds. Starting with provisioning and continuing through the application lifecycle, Cloud Raxak Protect enables cloud apps to be deployed securely, quickly, cost-effectively and without human error.

Integration with HP CSA


At HP Discover 2015 in Las Vegas, HP and Cloud Raxak demonstrated the integration of Raxak Protect with HP Cloud Service Automation (CSA). The combined solution offers customers an HP CSA service catalog with the Raxak Protect security compliance baked in. This enables one-touch security provisioning and continuous compliance management and empowers novice cloud users to provision assets in the cloud that are compliant with corporate security policies.


The integration of HP CSA with Raxak Protect provides an industry first service management capability with security postures integrated into the services in the Service Catalog. Organizations have already trained their users to request IT services through a Services Catalog. It is now possible for such users to request deployment of assets in both private and public clouds with the corporate security posture uniformly baked in. Once the infrastructure is deployed, CSA calls the Raxak Protect API to enforce the corporate compliance profile. This enforcement continues on a specified periodic basis through the lifecycle of the asset. The compliance logs and reports are stored in an audit-ready immutable form. Reporting is also seamlessly integrated with the CSA interface.



Cloud Raxak.png


Thus for companies already using CSA for private clouds, Cloud Raxak allows an easy extension to public clouds with a consistent private- and public-cloud security posture. We view this industry first capability, as an extension to the CSA value proposition.


Our service demonstrates that a simple-to-use SaaS service can work with any cloud; it also demonstrates the suitability of CSA to support SaaS services.


Learn more

Read more about HP Cloud Service Automation, or visit


About the author: Prasanna Mulgaonkar is CEO and Founder at Cloud Raxak Inc., which automates and simplifies the delivery of cloud security compliance across the enterprise. Prasanna has a deep background in Endpoint Security, Computer Vision, Networking, Network Security, Robotics, and Actuators. He was appointed to the U.S. Army Science board from 1998-2007 and a consultant to the Defense Science Board. Prasanna currently holds eight patents.


  • infrastructure management
0 Kudos
About the Author


Nimish Shelat is currently focused on Datacenter Automation and IT Process Automation solutions. Shelat strives to help customers, traditional IT and Cloud based IT, transform to Service Centric model. The scope of these solutions spans across server, network, database and middleware infrastructure. The solutions are optimized for tasks like provisioning, patching, compliance, remediation and processes like Self-healing Incidence Remediation and Rapid Service Fulfilment, Change Management and Disaster Recovery. Shelat has 23 years of experience in IT, 20 of these have been at HP spanning across networking, printing , storage and enterprise software businesses. Prior to his current role as a Manager of Product Marketing and Technical Marketing, Shelat has held positions as Software Sales Specialist, Product Manager, Business Strategist, Project Manager and Programmer Analyst. Shelat has a B.S in Computer Science. He has earned his MBA from University of California, Davis with a focus on Marketing and Finance.

Occasional Contributor

Excellent article but I would love to see more details on how they help organisisations agree on what the Security Stance needs to be. That was the biggest challenge when we implemented a similar system a few years back.

The use of CSA and cloud platforms to provision the platform now means that everything is provisioned in the same way but the standards to which they are provisioned needs to be agreed up front or there will be a lot of restrospective work to be done.

//Add this to "OnDomLoad" event