Securing the Journey to Cloud in a Digital Economy

Today, factors such as the growing digital population, the inflow of investments, and the digitization of enterprises, as well as favorable government policies, are strengthening India’s cloud market. While businesses have embraced many security techniques to secure workloads in the cloud, security concerns still remain. We sat down with Tushar Haralkar, IBM Security Software, Technical Sales Leader, India / South Asia Region to understand about cloud security concerns and how IBM helps customers manage cloud security in a multi-cloud world.

How is hybrid cloud platform driving client’s digital transformation?

The ability to adapt to change and change digitally has been a defining feature of business success in the past two years. This new dawn of IT innovation relies on hybrid cloud technology to provide scalability, bullet-proof security, seamless management, and reduced costs. In fact, IBM’s latest study shows that 85% of respondents in India have adopted hybrid cloud approaches that can help them drive digital transformation, but many organizations are finding it challenging to integrate all their cloud environments. To maximize the benefits of hybrid cloud investments, organizations must be very strategic in their approach. In this way, they can develop a broad range of value propositions for the company and become a key innovation driver.

With a hybrid cloud platform, applications can run across multiple clouds, data can be moved securely across the cloud estate, and business processes and workflows can be improved. In addition, a hybrid cloud platform simplifies and integrates a large cloud estate into a singular, coherent fabric of capabilities. As we look forward, the case for hybrid cloud is clear. With IBM’s holistic hybrid cloud approach, organizations can tackle the complexities related to security, data management, and compliance that prevent them from taking full advantage of cloud innovation.

What are the Cloud Security concerns for Hybrid Architecture?

Hybrid cloud architecture needs to address key concerns like adapting security strategy for multi-cloud, new tools with unfamiliar technologies, shared responsibility & 3^rd party risk, expanding threat landscape, dissolved perimeter, siloed visibility to threats, securing critical data & managing access, greater risk for misconfigurations and continuous compliance monitoring.

In order to secure hybrid multicloud environments, a different approach is required than in previous security programs that only addressed on-premise environments. A successful journey to hybrid multicloud requires security consideration at every phase of the journey. There is no linear list of tasks to be completed, but rather a continuous iterative cycle of strategy, development, implementation, and management that establishes a secure cloud strategy, develops a roadmap for cloud adoption, and builds a cloud-based application with a coordinated DevSecOps approach for continuous threat management.

The recent IBM Transformation Index: State of Cloud points that while more than 90% of responding financial services, telecommunications and government organizations have adopted security tools such as confidential computing capabilities, multifactor authentication and more, gaps still exist that prevent organizations from driving innovation. In fact, 37% of respondents in India cited security as a barrier to integrated workloads across environments. Listed below are four challenges security leaders and teams face with hybrid cloud models.

• Visibility and control: Companies are increasingly deploying public cloud services and adding private cloud capabilities, making their IT environments more complex from a management and security standpoint. The lack of monitoring of the services leaves them unaware of what is happening inside the environment.
• Data security: It is essential to be able to move data between public and private clouds when working with hybrid clouds. In such cases, there is a high likelihood that your data will be compromised, putting an organization’s privacy rules at risk. Security breaches can be prevented by encrypting and protecting your data with endpoint verification protocols, robust VPNs, and strong encryption policies.
• Risk Management: In order to protect the organization’s Intellectual Property from potential risks, effective risk management and precautionary safety measures are needed. The use of IDS/IPS tools can be used to detect malicious traffic as well as a log monitoring system with advanced firewall and security management capabilities.
• Knowledge and skills gap: In recent years, there has been a severe shortage of cybersecurity skills. Identifying and hiring security professionals who understand the cloud adds a whole new level of challenge to many organizations. Enterprises need to find ways to close this cloud security knowledge gap before it’s too late.

How can firms protect hybrid cloud with Zero Trust?

The shift to cloud requires a shift from static, network-based perimeters to dynamic, Zero Trust principles focused on users, assets, & resources. Firms need to protect hybrid cloud based on 3 key principles of Zero Trust –

• Enable least privilege access by discovering and assessing risk across data, identity, endpoint, apps, and infrastructure
• Continuous verification with context-aware access control to all apps, data, APIs, endpoints, and hybrid cloud resources
• Assume breach and identify threats and automate responses that not only stop the immediate attack, but dynamically adapt access controls

Zero Trust is the strategy or approach, the technology used to adhere to zero trust principles should follow after.

• In order to strengthen adherence to zero trust principles in the modern application stack within a hybrid cloud environment, firms need to remove the implicit trust that applications place in the underlying software stack and host environment.
• In today’s digital connected world, to adhere to zero trust principles in a hybrid cloud environment, IBM advocates moving from operational assurance (trust that your cloud admins will not access your data) to technical assurance (technology enforced such that cloud admins cannot access your data).

How does IBM help manage cloud security in a multi-cloud world?

IBM with its focus on providing a holistic hybrid cloud strategy is well positioned to help organizations address the security, data management and compliance complexities that can prevent them from taking full advantage of cloud innovation. We ALIGN the security strategy to the business, PROTECT identities, data, apps, endpoints, and cloud, MANAGE defences against growing threats and MODERNIZE security architecture with an open platform. IBM Security Software solutions help customers to move confidently to hybrid multicloud and integrate security into every phase of cloud journey.

• Threat Management – Manage threat and event information with precise insights to adapt to new threats and rapidly detect and respond to attacks by using IBM Security QRadar solution
• Data Protection – Locate, classify, secure, and manage critical data wherever it resides. Keep your own cloud data encryption keys by using IBM Security Guardium solution
• Identity & Access Management (IAM) – Identify and manage who has appropriate levels of access for both consumer and workforce across hybrid multicloud environment by using IBM Security Verify solution
• Hybrid multicloud security platform – Provide a single pane of glass that can give visibility into disparate security data to identify the highest priority threats and act faster with orchestration and automation across tools and teams by using IBM Security QRadar XDR Connect solution
• Attack surface management and offensive security – Performs the role of a trusted adversary for customers. Given the exponential growth in exposure points in the hybrid cloud operating environments due to the remote and hybrid working models, the continuous discovery, inventory, classification, and monitoring of an enterprise’s IT infrastructure is mission critical. In fact, ESG data suggests 67% of companies saw the external attack surface expand over the past two years with 69% of them being compromised. On its part, IBM’s Attack surface management (ASM) solution helps clients continuously identify external facing assets, both on-premise or in the cloud, that are visible to attackers and prioritize exposures which pose the greatest risk.

IBM’s ASM solution helps further simplify threat detection and response, building on recent acquisition of ReaQta for endpoint security and the launch of QRadar XDR, it brings automation and skills to IBM X-Force’s elite offensive cybersecurity team while bringing attackers’ point-of-view into security operation center.