Cloud Hosting

The routes that organizations are taking to cloud computing are pretty well set. Rather than flocking to individual public clouds as evangelists once envisioned, enterprises are instead maintaining data on premises in various systems and private clouds while also engaging with multiple public cloud platforms.

A larger question remains in how and how well valuable data and application assets can be protected when they are widely dispersed in these hybrid multi-cloud environments. That issue is especially pointed considering the increasing frequency and sophistication of attacks by cyber-criminal and rogue states.

Go here to see eWEEKs listing of the Top Cloud Computing Companies.

Fortunately for businesses, security vendors including IBM are pushing forward individually and in partnerships to address these challenges. IBMs recently announced Cloud Pak for Security incorporates its own formidable assets and also integrates new open source security technologies developed by both the company and its strategic partners. The new platform is part of a family of six IBM Cloud Paks, one being IBM Cloud Pak for Data, a platform that enables customers to comprehensively explore, manage, analyze and govern myriad data assets across their organizations.

Ill be writing more about IBM Cloud Paks, including the Cloud Pak for Data in the coming months. For now, lets consider IBM Cloud Pak for Security and what it offers hybrid multi-cloud customers.

What is the primary issue impacting multi-cloud security? Data and application fragmentation have to be at the top of the list. The more that companies work with cloud technologies, the more comfortable they become. Since no single cloud platform provides everything that organizations need, multi-cloud has become the de facto approach for businesses. In fact, IBMs 2018 Institute for Business Value study found that while 76% of respondents were already using between two and fifteen hybrid clouds, 98% said they will be using multiple hybrid clouds within three years.

Hybrid cloud engagements tend to result in applications and data being spread across private and public clouds, as well as in on premises IT resources. Keeping track of these assets is hard enough but protecting them is even more difficult. Why so? Because of the breathtaking variety of security applications, tools and services utilized by owners and cloud providers. As a result, security teams must devise complex integrations requiring them to switch back and forth between management screens and various point products.

In a recent IBM Security-sponsored SANS Institute survey, over half of security team respondents noted that they struggle to integrate data with disparate security and analytics tools, and to combine data resources spread across hybrid cloud environments in order to spot advanced threats. Dont be surprised if this situation sounds familiar. A decade ago, many businesses struggled with data that became isolated within departments and work groups.

These so-called information siloes were headaches from the perspective of management and governance requirements, and often impacted the core value of data resources and investments. It doesnt require a leap of imagination to see how, absent proper management, hybrid cloud environments could spawn new generations of data siloes located well-outside and beyond the control of business owners. Considering the ever-increasing number of cyber threats and data-seeking bad actors, preventing such outcomes is a topline business goal.

So, what is IBM doing to positively impact these issues? According to the company, its new Cloud Pak for Security can connect with any security tool, any public or private cloud and any on premises IT system, enabling data to be scanned and analyzed for cyber threats and security vulnerabilities without moving it from its original source.

The platform can search and translate security data from a variety of resources, collecting insights across multi-cloud environments. IBM also notes that the platform is extensible, enabling new tools and applications to be added to it over time so that Cloud Pak for Security can evolve to address new security threats.

Initial capabilities include:

Its worth noting that IBM collaborated with numerous clients and service providers during the Cloud Pak for Security design process in order to address critical security interoperability challenges. The new platform includes connectors supporting pre-built integrations with security tools from IBM, BigFix, Carbon Black, Elastic, Splunk and Tenable, as well as public cloud providers including IBM Cloud, AWS and Microsoft Azure. Since Cloud Pak for Security is built on open standards, it can connect additional security tools and data from across a customers infrastructure.

The IT industry is rife with sometimes intriguing commercial products that have little, if any practical application. These solutions in search of a problem are often designed in obverse fashion, betraying developers lack of insight into customers actual needs and requirements. In sharp contrast, with Cloud Pak for Security IBM has devised and designed a solution to address numerous specific problems that plague enterprise customers, as well as critical issues impinging the adoption and benefits of hybrid multi-cloud computing.

This wont come as a surprise to anyone who has paid attention to the sizable investments and commitments IBM has made to open source and open standards. The company also keenly understands the value of collaborating with innovative partners, an especially critical point in the rapidly evolving and fundamentally heterogeneous world of hybrid multi-cloud computing.

Overall, the IBM Cloud Pak for Security platform should provide substantial benefits to its existing customers and is an offering that prospective IBM clients would do well to consider.

Charles King is a principal analyst at PUND-IT and a regular contributor to eWEEK. 2019 Pund-IT, Inc. All rights reserved.

See more here:
IBM Cloud Pak for Security: Full Protection Wherever Data Resides - eWeek