A smarter way to secure your cloud
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  security ibminterconnect cloud smartcloud cloud-security
0 Comments | 4,800 Visits
This post was contributed by Darren Argyle, World Wide Security Solutions Market Leader for IBM Security. Connect with Darren on Twitter @D_Argyle.
It's been over a week since I attended IBM InterConnect in Singapore, and with some great customer feedback still ringing in my ears, I thought it timely to provide some reflective thoughts.
For the most part I was sharing my days and evenings with our valued customers from the region, either in the ‘meet the expert’ sessions, hosting them in the evening or sitting in with them in the 'hot topic' sessions (Defending Against Cyber Threats with Security Intelligence) that Brendan Hannigan (IBM GM Security Systems division) was leading. Mitigating new attacks from cyber-criminals, hacktivists, espionage, & disgruntled insiders dominated client discussions, and in an evolving multiple-perimeter environment, and particularly when using cloud computing, being confident that your data is safe becomes an even greater challenge.
The business benefits of cloud are well documented, reduced costs and increased flexibility, but many still fear taking those first steps toward optimizing their IT because of concerns about security. These concerns reminded me of the early days of outsourcing, a perceived loss of control and visibility of their enterprise systems, however with agreed security controls and operational security governance in place, outsourcing vendors, such as IBM, have been able to demonstrate a level of control that clients and auditors find satisfactory. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services, so it’s easy to see where these concerns come from. For private/hybrid clouds in particular, it’s especially important that the security solution technologies are scalable, integrated and intelligent to protect against new threats, regain visibility and demonstrate compliance with activity monitoring and security intelligence.
EXA Corporation was in attendance at IBM InterConnect, and their experience provides us with an excellent case study for securing private/hybrid cloud. EXA has multiple offices across Japan and was faced with the challenge of how to best manage various servers located in each office, while also providing secure access and defending the enterprise from attacks. Working with IBM they embarked on a risk based security approach to cloud computing and built a secure hybrid private cloud. They were able to integrate proprietary and external data centers as one virtual data center and by deploying federated identity manager software they were able make it transparent to users. This mechanism has unified the management of user information, enabled the single sign-on based on a single ID, improved the customer experience and usability of the system, and created a secure authentication environment. See full case study here.
Moreover, in a ‘meet the expert’ session I was hosting on cloud security, a similar discussion started with a CISO from an Indian organization; they were looking to build a private cloud to improve SAP service delivery speed and quality to their distributed business units across India. The CISO was particularly concerned about defending against the increasing cyber attacks that were highly publicized during 2011 and the first half of 2012 (see IBM X-Force Reports 2011/2012) and was curious as to what additional security controls he’d need to consider for cloud. Having quickly established that he’d already gained support from his senior executive team and security was already embedded into the design phase of this new project, his organization was well on its way to a successful outcome. So, we talked about the next set of priorities and I offered some advice based on the approach we have taken with other customers, using the IBM security framework as a reference point to show how security solutions need to integrate and enable security intelligence, to stay ahead of the threat and be protected against the latest sophisticated attacks (learn more in the IBM Cloud Security Solutions brief)
When securing cloud there is no one size fits all, so building a cloud strategy roadmap with security at its heart and using a proven security framework as a reference point (including - people, data, applications and infrastructure), you have transparency of the risks and appreciation of the accelerated value that can be gained from using the cloud. In today’s multi-perimeter environments corporate data is stored in so many places, making sure that data is safe and can be accessed securely is now a business priority when competing on a world stage. The media headlines about a business should be about growth and profitability, not being a victim of a security breach and causing shareholder confidence to drop. A “secure” cloud environment provides the opportunity for business to innovate with confidence, be more agile and be faster to market.