IBM today unveiled a new cloud-focused enterprise security services portfolio that includes a threat-analytics platform for hybrid cloud environments.
The IBM Dynamic Cloud Security portfolio covers four primary areas: securing users' connection to the cloud; protecting data stored in the cloud; detecting threats to the cloud; and optimizing security operations for both on-premises and cloud environments.
The portfolio includes new cloud security software and service offerings, including the IBM Intelligent Threat Protection Cloud, which is a managed services platform for event monitoring and threat analytics.
In addition to the Intelligent Threat Protection Cloud, which is built on IBM's Hadoop-based InfoSphere BigInsights for data analytics, IBM also redesigned its Managed Security Services platform for the cloud to provide better visibility and control of enterprise security operations.
Kris Lovejoygeneral manager of IBM's security services division
"The approach was to create a technology platform that allows us to control and manage an ecosystem of different security pieces across the seams of the environment," said Kris Lovejoy, general manager of IBM's security services division.
The Dynamic Cloud Security portfolio also brings the IBM QRadar Security Intelligence analytics platform to the cloud for the first time. The QRadar platform offers cloud connector technologies to provide threat intelligence for cloud computing implementations, both those using IBM SoftLayer as well as other public cloud services.
"The biggest part of IBM's security business is monitoring and analytics, and now that's being extended to the cloud," Lovejoy said.
IBM cloud services to aggregate threat data
Lovejoy said the cloud-based threat analytics and threat intelligence platforms will allow Big Blue to aggregate data about a variety of potential threats and anomalies around the world, and make the data available to customers as actionable intelligence. IBM also has an on-premises version of the new threat analytics platform for customers who may be apprehensive about transmitting enterprise data to the public cloud for analysis.
But Lovejoy said the on-premises version doesn't offer customers the wealth of information and actionable intelligence that's collected from other customers around the globe. In addition, she said, IBM doesn't store any of the enterprise data or event information that is used for threat analysis, and any data used is immediately destroyed following its analysis.
"There are customers that have concerns about the cloud," Lovejoy said. "The biggest challenge for this is data privacy. Some customers will want to use the [public] cloud, and some will want us to build it on premise, which is expensive but we can do that. But most are going to want to use the cloud."
Rick Holland, principal analyst at Forrester Research, said that while threat analytics is an important component for cloud security, there are other pressing needs that IBM will have to address with its cloud-centric customers. "For many organizations, they don't even know what applications and infrastructure are running in IaaS, PaaS [or] SaaS," Holland said. "Their most pressing need is an actual inventory so that they can then begin to understand the risks to these cloud assets. I'm consistently surprised by how little organizations, some of them very mature, know about their cloud based assets. If you have to have that visibility first, then you can think about securing it."
Big Blue bolsters other cloud security tools
Along with the threat analytics platform and threat intelligence, Lovejoy said IBM's Dynamic Cloud Security portfolio offers cloud identity and access management tools, cloud endpoint security and cloud network protection. The suite also provides API-based access on IBM's Bluemix developer platform to analytics tools that can scan Web applications and mobile apps for vulnerabilities.
According to a new IBM study of nearly 150 Chief Information Security Information Officers , 85% said their organizations are now moving to cloud, but almost half expect a major cloud provider to suffer a security breach in the near future. Lovejoy said numbers like those were a major reason why IBM shifted its entire security product family to the cloud.
"Taking over an enterprise's entire security services operation has been a core business for us," Lovejoy said. "Now that enterprises are moving more of their business off premise, we want to be able to manage those security services in the cloud too."
Learn more about the basics of the cloud security threat modeling process