Working in the security industry can be humbling. And frustrating. Not only are you dealing with attacks that change continuously, but you’re also reacting to shifts in the business landscape. In my opinion, the rapid move to cloud is clearly one of the biggest changes to business in the last five years. However, in our race to address the security challenges presented by the journey to cloud and application modernization, we may have made our situation worse.
Let’s break it down.
First, as businesses move workloads onto the cloud, data becomes fragmented across on-premises and multiple cloud ecosystems. For security teams, getting visibility into risk and threats in this data can be daunting. Over the years, many organizations have had to add new tools to solve the problem, even if each tool only solves a singular issue. This has resulted in an abundance of security tools. A study conducted by Forrester Consulting and commissioned by IBM found that 91 percent of organizations are concerned with complexity. On average, organizations are managing 25 different security products or services from 13 vendors.
We have also seen an explosion of security telemetry data, for example, endpoint threat detection, cloud and software-as-a-service (SaaS) services, and other sources. These have fueled the implementation of data lakes in an attempt to bring this data together in a cost-effective way for improved threat and risk detection, but massive data stores can present their own set of challenges.
Finally, all of these tools seem to have amplified another problem: disjointed workflows. All of these solutions, each with their own data silo, have different user interfaces and workflows. This can add time, integration and knowledge overhead to security teams. When you consider that estimates show enterprise security organizations are dealing with potentially thousands of events every day, disjointed workflows can have a huge impact on team effectiveness.
In short, security teams are simply overwhelmed.
They are faced with too many disconnected tools and too much disconnected data. Combine these two things with a growing skills gap and you can have a powder keg of risk. Threats may be overlooked or missed. Or conducting a thorough investigation and coordinating a response may take too long, potentially magnifying the impact of an attack.
Unfortunately, unless something changes, I believe the move to cloud and application modernization will only continue to make the situation worse.
Modern Business Requires a Modern Approach to Security
A few years ago, while talking to a customer, it hit me. The volume and variety of security data being generated means that it’s no longer possible to move it all to one place for threat and risk detection. And this problem is likely to get worse.
Coming out of that meeting, it became clear to me that for security teams to succeed in a hybrid, multicloud world, security platforms needed to be transformed. Delivering success in the future requires breaking the linkage between delivering security solutions and owning all the data.
Let’s take a simple use case. You get a security alert from one of your threat intelligence systems and then need to conduct a search for those indicators of compromise (IoCs). In a traditional world, you could execute that against a single system. However, now you’ve got business being done across multiple clouds with multiple security systems. Trying to do that same search for IoCs across any system in the organization — on premises and across multiple clouds — can be difficult, to say the least. This can leave your business incredibly vulnerable to a number of threats that aren’t immediately visible.
Once an attack is identified, the current landscape of multiple clouds and systems might pose another issue: delayed response. Responding appropriately to a security incident often requires a series of actions across clouds and teams. This takes time and, during an incident, any delay in response can amplify the impact of the attack.
What if you could streamline your company’s response based on the required action? How do we get there?
First, I believe we have to stop looking at security systems that are focused on specific pieces of infrastructure or use cases as end-to-end solutions. Security systems are not islands; they must be connected to make them effective as organizations need them to be. This means several things:
- Connecting data: As highlighted above, most organizations don’t really need — nor do they want — duplicate data and use cases. Connecting the tools already in place can help organizations gain new insights and deeper detail about threats putting the business at risk or adding extra cost and effort through data and use cases duplication.
- Connecting workflows: Orchestrating a response to a security incident is not just a task for the security team, it should involve the entire organization. Common playbooks and automated actions can help keep everyone focused on the threats that matter most, helping to improve response times and minimize the impact of threats.
- Connecting openly: Speaking with enterprise security professionals, it’s clear to me that flexible solutions are important in today’s world. Connecting security tools requires more than just extracting value from existing investments. Today, building a world-class security ecosystem also means being connected to the security community. There are a number of open-source projects and standards that aim to build interoperable security solutions that give organizations the innovative solutions they need.
Connected Security Built for the Hybrid, Multicloud World
Today’s businesses are actively moving to the cloud to help improve their customer experience and enhance collaboration among employees and partners. Security should be at the heart of these initiatives, connecting and improving process and providing the tailwind that propels business forward.
With the introduction of IBM Cloud Pak for Security, we are not only reimagining what security could be — we are making it a reality.
- For organizations struggling with too many products, we are offering a platform that integrates existing security tools, helping to generate deeper insights into threats across hybrid, multicloud environments while leaving data where it is.
- For organizations worried about response time, a unified interface helps orchestrate actions and automate responses to security incidents.
- For organizations concerned with flexibility, Cloud Pak for Security is pre-integrated with Red Hat OpenShift, so it can be installed and run on any environment. It also leverages open-source technology co-developed through the OASIS Open Cybersecurity Alliance.
The journey to cloud is happening. Don’t let security derail your efforts. IBM Cloud Pak for Security is the open, connected solution that is built to help protect this hybrid, multicloud world.
Register for the webinar: “Security in a Hybrid, Multicloud World: Challenges and Solutions”
VP, Product Management, IBM Security