Many organizations are struggling to keep up with today’s complex and risky IT security environments. They are faced with many threats and vulnerabilities, too much data, too many disparate tools, and not enough people to manage it all.
IBM Security
Consider the complexity faced by an enterprise security team. On a typical day, the team may receive tens of thousands of alerts, ranging from disruptive malware inadvertently loaded by an employee to a pernicious cybercriminal making a determined run at the company's data. Monitoring is constant—each red flag requires real-time analysis and response.
I recently met with the chief information security officer of a European bank that gets security alerts from more than 50 different tools and sources. He admitted that his security analysts are overwhelmed with data, and the challenge is exacerbated as the financial firm presses forward with more cloud projects every month. The CISO of a large retailer recounted a similar challenge. They’re scrambling to put out security flare-ups, and the risks will only multiply during the holiday shopping season.
Ironically, the move to the cloud is complicating things. I say “ironically” because the benefits of cloud add up in so many other ways, but the fact is that hybrid, multicloud environments—and that’s the direction most companies are heading—can add a layer of security complexity. That’s because the mix of public and private clouds, along with on-premises resources, can create a fragmented security landscape. And many companies may have deployed first-generation cloud security products that were not optimized for a multicloud world.
As a result, security teams may work across dozens of product screens, managing 50 or more tools that weren’t designed to work together, as they move applications and data to the cloud. They must sift through and manage an overwhelming amount of threat data. Gaps may exist, requiring data-integration fixes.
Security pros are the glue that hold it all together, but many teams are short-handed. Demand for skilled security professionals is one of the biggest challenges facing the industry today, amid a shortage of over four million professionals globally, according to (ISC)².
Yet the stakes are high. The average cost of a data breach is $3.9 million, according to the Ponemon Institute’s 2019 Cost of a Data Breach Report, which was sponsored by IBM. In my opinion, the traditional approach to security is just not working. It’s time for a reset in how IT security is implemented and managed.
Silos Are the Norm
Where do we go from here? What’s needed is an open approach that integrates the myriad components of today’s security environments and leverages the advantages of the cloud to assimilate threat and other security data, and that moves us from fragmented security to unified security.
IBM is introducing a new way to do just that. It’s called IBM Cloud Pak for Security, and it helps security teams connect data and workflows, while deploying easily across any cloud environment. It provides a common operating environment and centralized view of information from across hybrid, multiple clouds, and connects the silos of security capabilities that are the norm in many organizations.
IBM Cloud Pak for Security searches for threats, orchestrates actions, and automates responses without requiring that data be transferred from its source for analysis. Existing security products can stay in place. That can be important for CISOs who need to address regulations for data residency. Another benefit: Automation playbooks help under-resourced security teams orchestrate a response, helping to save time and manual effort.
I believe an open approach is essential to this new model. Through the OASIS Open Cybersecurity Alliance, IBM, McAfee and dozens of other companies are coming together to facilitate data and product interoperability. The goal is to develop common, open-source code that any security team can adopt.
Responding with Smarter Security
Open-source technologies are one of the best ways to ensure that enterprise security continues to benefit from our collective efforts and innovations. IBM Cloud Pak for Security is comprised of containerized software that’s pre-integrated with Red Hat OpenShift, the industry’s most comprehensive enterprise Kubernetes platform. And data sharing is enabled by STIX-Shifter, an open-source technology pioneered by IBM that will be further developed by the Open Cybersecurity Alliance.
Let’s face it: Cybersecurity threats and complexity will only keep growing, so we have no choice but to develop better, more open ways of defending and responding. Companies everywhere are moving quickly to the hybrid, multicloud world. It’s time to do that it with smarter security.
