Light Dark
September 14, 2015 By Charles Kolodgy 3 min read
Cloud Security

Hail Mary passes and walk-off home runs are game-changing plays, but their impact is limited to one game. In these cases, the underlying game changers were the introduction of the forward pass and the lively baseball. Information technology has its own game-changing elements, most recently mobility and cloud computing. However, information security has yet to match these technologies — which limits their effectiveness and diminishes overall security. Maintaining enterprise security requires a similar evolution of security capabilities.

Mobility and cloud computing has decentralized the role of IT and fundamentally changed the way people work, how business is conducted and the value of connectivity.

IT Is Outpacing Security

The proliferation (and user acceptance) of mobile devices and easily accessible cloud-based applications entice lines of business (LoBs) to find their own solutions. The rise of shadow IT allows executives to quickly adjust to a volatile business environment. Scalability, elasticity and cost benefits are the hallmarks of cloud computing that are moving information technology from a supporting function to one that enables the quick delivery of new products and services.

However, IT security is being left behind. It has become extremely difficult for organizations to exercise full control over their data and applications as they proliferate on multiple devices, reside in the cloud and cross into social networks. Existing security controls have difficulty identifying legitimate users since the number of such users has grown. New distributed architectures are hard to secure, so organizations struggle to match identity management, data confidentiality and availability with user needs and expectations.

The Fortress Mentality Is Ineffective

IT security is important to protect the IT infrastructure, information and transactions. There are many standards and regulations, especially those relative to customer privacy, which organizations are required to follow. Historically, security capabilities are designed to build a fortress around systems and data. The proliferation of devices, applications, authorized users and network connections vastly expands attack surfaces. Attackers are also utilizing new technologies, and thus the fortress security model has become untenable with a security infrastructure that is not designed to handle mobility and cloud computing.

Some organizations will resist change, but the old command-and-control approach, which could be enforced within a traditional enterprise, will not survive in the extended enterprise. Organizations instead will need to relinquish old control models and shift to an open and integrated framework that provides the flexibility to securely enable advanced IT tools.

Security for Cloud Applications and Enablement

The forward pass and lively baseball transformed the way their games were played — and the end result of them — but not the underlying foundations of the sports. Any future game-changing security product will be on that same level. They will drastically modify the security fortress mentality by improving the security proposition behind the expanded enterprise.

To be successful in a cloud-centric domain, security must be able to mitigate risk while being able to handle the demands of this evolving IT environment driven by individual productivity. Providing security for cloud enablement needs to include a flexible platform to provide visibility, identity management, policy enforcement and threat mitigation across multiple cloud services.

Innovators Required

The building blocks to construct an efficient and effective cloud security gateway exists in pieces, and it will take an innovator who has all the building blocks and the wherewithal to pull them together to deliver it. The forward pass and lively baseball were game changers, but it took a Pop Warner and a Babe Ruth to recognize them as such, and to use their considerable talents to set the transformations in motion. IBM Security, as a leading provider of identity and access management, mobile security, security intelligence, intrusion prevention and application security, has all of the building blocks, which, when coupled with infrastructure mobility and cloud solutions, is poised to be the innovator that can dramatically change the way mobile and cloud computing security is provided.

Read the IDC white paper: A CISO’s Guide to Enabling a Cloud Security Strategy

 |  |  |  | 
Charles Kolodgy
Senior Security Strategist, IBM

More from Cloud Security
October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

May 15, 2024

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature