Johannesburg, 03 Jun 2021
Security remains a top priority for organisations harnessing the cloud and multicloud − bringing on board several challenges which businesses need to navigate.
This is according to Martin Borrett, Security CTO at IBM EMEA, who was speaking during this week’s IBM Cloud Forum on how to build a successful hybrid cloud strategy in a secure and simple to manage way.
Borrett said today’s multicloud reality presented several challenges, such as integrating cloud native applications in the overall security operations, understanding the organisation’s security responsibility vs the cloud provider’s, securing critical data in the cloud and developing cloud applications that are secure by design.
“Organisations that embrace security very early on as a principle and bake it in all the way through the business are the most adaptable, robust and resilient,” he said. “Doing security well and doing IT early really gives business the agility to innovate and accelerate the digital transformation journey.”
However, with the average organisation having around 85 security products across 40 different vendors, and 94% of organisations running multiple clouds, this is a complex environment, he said.
“To improve an organisation’s multicloud security posture, they should start with assessing the current environment and strategy; understand where the critical data is; and ensure that throughout the journey, they are achieving the levels of security and compliance they need and augmenting cloud providers’ security with their own,” Borrett said.
Cloud native security controls are helpful, but typically not enough.
Martin Borrett, IBM EMEA.
“It is important to recognise that securing the hybrid cloud requires a comprehensive security programme. You need to think about security holistically across every layer of the cloud, and of course, it starts with the data. You need the right access management tools in place to know who accesses the applications and what data they can access. To achieve this, many organisations are embracing a Zero Trust framework for adaptive and continuous protection of users, data and assets and to manage threats more proactively.”
He noted that while cloud providers offer security, the levels of security across various clouds were inconsistent. “Cloud native security controls are helpful, but typically not enough – especially across hybrid or multi-cloud environments. You need to harmonise and augment that.”
Security also has to be embedded into applications from day one, he said. “DevSecOps is really evolving and modernising rapidly, and security is shifting left earlier and earlier in the development cycle.”
“There is a lot to consider and a lot of complexity, but IBM has the solutions, experience and frameworks to help organisations address their multicloud security challenges,” he said.
“We have a structured and tiered approach to security, so we understand what we need to do at each level of the hybrid infrastructure.”
He highlighted the security capabilities of Red Hat OpenShift, IBM CloudPak for Security and IBM’s set of frameworks and principles to support organisations’ security needs in the hybrid multicloud environment.
Share