IBM Cloud Pak for Security: Comprehensive Protection Wherever Data Resides

By Charles King, Pund-IT®  December 11, 2019

The routes that organizations are taking to cloud computing are pretty well set. Rather than flocking to individual public clouds as evangelists once envisioned, enterprises are instead maintaining data on premises in various systems and private clouds while also engaging with multiple public cloud platforms. A larger question remains in how and how well valuable data and application assets can be protected when they are widely dispersed in these hybrid multi-cloud environments. That issue is especially pointed considering the increasing frequency and sophistication of attacks by cyber-criminal and rogue states.

Fortunately for businesses, security vendors including IBM are pushing forward individually and in partnerships to address these challenges. IBM’s recently announced Cloud Pak for Security incorporates its own formidable assets and also integrates new open source security technologies developed by both the company and its strategic partners. The new platform is part of a family of six IBM Cloud Paks, one being IBM Cloud Pak for Data, a platform that enables customers to comprehensively explore, manage, analyze and govern myriad data assets across their organizations.

I’ll be writing more about IBM Cloud Paks, including the Cloud Pak for Data in the coming months. For now, let’s consider IBM Cloud Pak for Security and what it offers hybrid multi-cloud customers.

Multi-cloud security challenges

What is the primary issue impacting multi-cloud security? Data and application fragmentation have to be at the top of the list. The more that companies work with cloud technologies, the more comfortable they become. Since no single cloud platform provides everything that organizations need, multi-cloud has become the de facto approach for businesses. In fact, IBM’s 2018 Institute for Business Value study found that while 76% of respondents were already using between two and fifteen hybrid clouds, 98% said they will be using multiple hybrid clouds within three years.

Hybrid cloud engagements tend to result in applications and data being spread across private and public clouds, as well as in on premises IT resources. Keeping track of these assets is hard enough but protecting them is even more difficult. Why so? Because of the breathtaking variety of security applications, tools and services utilized by owners and cloud providers. As a result, security teams must devise complex integrations requiring them to switch back and forth between management screens and various point products.

In a recent IBM Security-sponsored SANS Institute survey, over half of security team respondents noted that they struggle to integrate data with disparate security and analytics tools, and to combine data resources spread across hybrid cloud environments in order to spot advanced threats. Don’t be surprised if this situation sounds familiar. A decade ago, many businesses struggled with data that became isolated within departments and work groups.

These so-called information “siloes” were headaches from the perspective of management and governance requirements, and often impacted the core value of data resources and investments. It doesn’t require a leap of imagination to see how, absent proper management, hybrid cloud environments could spawn new generations of data siloes located well-outside and beyond the control of business owners. Considering the ever-increasing number of cyber threats and data-seeking bad actors, preventing such outcomes is a topline business goal.

IBM Cloud Pak for Security

So, what is IBM doing to positively impact these issues? According to the company, its new Cloud Pak for Security can connect with any security tool, any public or private cloud and any on premises IT system, enabling data to be scanned and analyzed for cyber threats and security vulnerabilities without moving it from its original source.

The platform can search and translate security data from a variety of resources, collecting insights across multi-cloud environments. IBM also notes that the platform is extensible, enabling new tools and applications to be added to it over time so that Cloud Pak for Security can evolve to address new security threats.

Initial capabilities include:

  • Since it is comprised of containerized software pre-integrated with the Red Hat OpenShift Kubernetes platform, Cloud Pak for Security installs easily in any on-premises, private cloud or public cloud environment
  • Rather than transferring offsite data for security analysis, a time-consuming and costly process that many conventional solutions require, Cloud Pak for Security smoothly connects to data sources where they reside, detecting hidden threats and helping customers make better-informed risk-based decisions.
  • Rather than manually searching for threat indicators, like malware signatures and malicious IP addresses within each individual environment, a Data Explorer application allows analysts to streamline the hunt for threats across security tools and clouds. According to IBM, Cloud Pak for Security is the first tool that allows this type of search without moving data into the platform for analysis.
  • Cloud Pak for Security allows companies to orchestrate and automate their response to hundreds of common security scenarios, guiding users through the process and providing quick access to security data and tools. IBM’s Security Orchestration, Automation and Response capability also integrates with Red Hat Ansible for additional automation playbooks. This allows security teams to address threats and prioritize their time more effectively, a crucial point, since IBM Security estimates that enterprise security teams manage an average of 200,000 potential security events per day and, during that process, coordinate responses across dozens of tools and applications.

It’s worth noting that IBM collaborated with numerous clients and service providers during the Cloud Pak for Security design process in order to address critical security interoperability challenges. The new platform includes connectors supporting pre-built integrations with security tools from IBM, BigFix, Carbon Black, Elastic, Splunk and Tenable, as well as public cloud providers including IBM Cloud, AWS and Microsoft Azure. Since Cloud Pak for Security is built on open standards, it can connect additional security tools and data from across a customer’s infrastructure.

Final analysis

The IT industry is rife with sometimes intriguing commercial products that have little, if any practical application. These “solutions in search of a problem” are often designed in obverse fashion, betraying developers’ lack of insight into customers’ actual needs and requirements. In sharp contrast, with Cloud Pak for Security IBM has devised and designed a solution to address numerous specific problems that plague enterprise customers, as well as critical issues impinging the adoption and benefits of hybrid multi-cloud computing.

This won’t come as a surprise to anyone who has paid attention to the sizable investments and commitments IBM has made to open source and open standards. The company also keenly understands the value of collaborating with innovative partners, an especially critical point in the rapidly evolving and fundamentally heterogeneous world of hybrid multi-cloud computing.

Overall, the IBM Cloud Pak for Security platform should provide substantial benefits to its existing customers and is an offering that prospective IBM clients would do well to consider.

© 2019 Pund-IT®. All rights reserved.