Working in the security industry can be humbling. And frustrating. Not only are you dealing with attacks that change continuously, but you’re also reacting to shifts in the business landscape. In my opinion, the rapid move to cloud is clearly one of the biggest changes to business in the last five years. However, in our race to address the security challenges presented by the journey to cloud and application modernization, we may have made our situation worse.

Let’s break it down.

First, as businesses move workloads onto the cloud, data becomes fragmented across on-premises and multiple cloud ecosystems. For security teams, getting visibility into risk and threats in this data can be daunting. Over the years, many organizations have had to add new tools to solve the problem, even if each tool only solves a singular issue. This has resulted in an abundance of security tools. A study conducted by Forrester Consulting and commissioned by IBM found that 91 percent of organizations are concerned with complexity. On average, organizations are managing 25 different security products or services from 13 vendors.

We have also seen an explosion of security telemetry data, for example, endpoint threat detection, cloud and software-as-a-service (SaaS) services, and other sources. These have fueled the implementation of data lakes in an attempt to bring this data together in a cost-effective way for improved threat and risk detection, but massive data stores can present their own set of challenges.

Finally, all of these tools seem to have amplified another problem: disjointed workflows. All of these solutions, each with their own data silo, have different user interfaces and workflows. This can add time, integration and knowledge overhead to security teams. When you consider that estimates show enterprise security organizations are dealing with potentially thousands of events every day, disjointed workflows can have a huge impact on team effectiveness.

In short, security teams are simply overwhelmed.

They are faced with too many disconnected tools and too much disconnected data. Combine these two things with a growing skills gap and you can have a powder keg of risk. Threats may be overlooked or missed. Or conducting a thorough investigation and coordinating a response may take too long, potentially magnifying the impact of an attack.

Unfortunately, unless something changes, I believe the move to cloud and application modernization will only continue to make the situation worse.

Modern Business Requires a Modern Approach to Security

A few years ago, while talking to a customer, it hit me. The volume and variety of security data being generated means that it’s no longer possible to move it all to one place for threat and risk detection. And this problem is likely to get worse.

Coming out of that meeting, it became clear to me that for security teams to succeed in a hybrid, multicloud world, security platforms needed to be transformed. Delivering success in the future requires breaking the linkage between delivering security solutions and owning all the data.

Let’s take a simple use case. You get a security alert from one of your threat intelligence systems and then need to conduct a search for those indicators of compromise (IoCs). In a traditional world, you could execute that against a single system. However, now you’ve got business being done across multiple clouds with multiple security systems. Trying to do that same search for IoCs across any system in the organization — on premises and across multiple clouds — can be difficult, to say the least. This can leave your business incredibly vulnerable to a number of threats that aren’t immediately visible.

Once an attack is identified, the current landscape of multiple clouds and systems might pose another issue: delayed response. Responding appropriately to a security incident often requires a series of actions across clouds and teams. This takes time and, during an incident, any delay in response can amplify the impact of the attack.

What if you could streamline your company’s response based on the required action? How do we get there?

First, I believe we have to stop looking at security systems that are focused on specific pieces of infrastructure or use cases as end-to-end solutions. Security systems are not islands; they must be connected to make them effective as organizations need them to be. This means several things:

  • Connecting data: As highlighted above, most organizations don’t really need — nor do they want — duplicate data and use cases. Connecting the tools already in place can help organizations gain new insights and deeper detail about threats putting the business at risk or adding extra cost and effort through data and use cases duplication.
  • Connecting workflows: Orchestrating a response to a security incident is not just a task for the security team, it should involve the entire organization. Common playbooks and automated actions can help keep everyone focused on the threats that matter most, helping to improve response times and minimize the impact of threats.
  • Connecting openly: Speaking with enterprise security professionals, it’s clear to me that flexible solutions are important in today’s world. Connecting security tools requires more than just extracting value from existing investments. Today, building a world-class security ecosystem also means being connected to the security community. There are a number of open-source projects and standards that aim to build interoperable security solutions that give organizations the innovative solutions they need.

Connected Security Built for the Hybrid, Multicloud World

Today’s businesses are actively moving to the cloud to help improve their customer experience and enhance collaboration among employees and partners. Security should be at the heart of these initiatives, connecting and improving process and providing the tailwind that propels business forward.

With the introduction of IBM Cloud Pak for Security, we are not only reimagining what security could be — we are making it a reality.

  • For organizations struggling with too many products, we are offering a platform that integrates existing security tools, helping to generate deeper insights into threats across hybrid, multicloud environments while leaving data where it is.
  • For organizations worried about response time, a unified interface helps orchestrate actions and automate responses to security incidents.
  • For organizations concerned with flexibility, Cloud Pak for Security is pre-integrated with Red Hat OpenShift, so it can be installed and run on any environment. It also leverages open-source technology co-developed through the OASIS Open Cybersecurity Alliance.

The journey to cloud is happening. Don’t let security derail your efforts. IBM Cloud Pak for Security is the open, connected solution that is built to help protect this hybrid, multicloud world.

Register for the webinar: “Security in a Hybrid, Multicloud World: Challenges and Solutions”

More from CISO

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022.While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your processes,…