Today, organisations use a mix of cloud and on-premise resources to achieve agility, security, and security. While the cloud offers a range of benefits, visibility and security issues pose a challenge.
As per IBM’s 2020 Cost of a Data Breach Report, businesses lost $3.86 million per data breach incident. The survey was jointly conducted by IBM and Ponemon Institute, reviewing 524 companies from 17 countries and 17 sectors. The report said cloud misconfiguration was among the leading causes of data breaches, accounting for about one in five data breaches studied.
Now, IBM has announced new and enhanced services to help organisations manage their cloud security strategy. These services integrate cloud-native, IBM, and third-party technologies to create a unified security approach across cloud ecosystems.
IBM Security Services
“We cannot assume that legacy approaches for security will work in this new operating model – instead, security should be modernised specifically for the hybrid cloud era, with a strategy based on zero trust principles that bring together context, collaboration and visibility across any cloud environment,” said Vikram Chhabra, Global Director, Offering Management and Strategy, IBM Security Services.
IBM Security Services for Hybrid Cloud bundles security technologies with consulting and management services. These services work across multiple clouds such as Amazon AWS, Microsoft Azure, IBM Cloud, and Google Cloud.
The services use AI and automation to identify and prioritise risks, manage threats, and connect data with their broader security operations and on-premise systems. These services can support clients across different stages of the cloud security journey: advising organisations on how to move data, users, and workloads; risk monitoring; threat management of existing hybrid cloud architecture etc.
Some of the main services of this suite include:
• A new advisory and managed security services called the Cloud Native Security Services. This service provides centralised visibility and monitoring of native security controls across cloud environments, reducing the risk of cloud misconfiguration and providing insights into potential threats.
• The new advisory and managed security services help clients develop and implement Cloud Security Posture Management Solution (CSPM). This solution helps in dealing with governance and compliance issues across cloud service providers. It offers actionable recommendations and automation to address ongoing monitoring and remediation activities.
• The services suite also includes container security services that will cater specifically to the clients’ container environments. This offers consulting and system integration, vulnerability management to full container lifecycle management. Under container security service, IBM offers:
1. Assessment of the existing container environment, analysis of DevSecOps processes, review application design and help build a roadmap for clients’ future deployment.
2. A single dashboard for centralised visibility, management, and container monitoring across registries, orchestrators, and cloud service providers.
3. Integrating container security service with the IBM Security X-Force Red vulnerability management can help in analysing and ranking vulnerabilities within the client environments. This helps in prioritising remediation.
• Based on the industry frameworks such as CAS Cloud Controls Matrix (CCM), IBM now offers enhanced advisory services for a hybrid, multi-cloud security strategy, called the Cloud Security Strategy. The services can deliver a strategy and security maturity roadmap customised to specific business needs using proprietary technologies.
The new enhancements to IBM Cloud security are majorly based on two of its existing capabilities:
IBM X-Force Threat Management Services: It offers integrated security services for managing the complete threat lifecycle. It helps in protecting critical assets, in the detection of advanced threats, and quick response and recovery from disruptions.
Cloud Access Security Broker (CASB): IBM offers security services for CASB to help organisations protect their cloud environment through an integrated approach.