The challenges of maintaining security and regulatory compliance as applications increasingly move to the cloud - whether public, private or hybrid - will come into greater focus in 2012, says Ryan Berg, cloud security strategy lead for IBM.
Berg says he has been talking to many organizations about their plans to move to the cloud, both to enable cost containment as well as for greater agility, and cloud security is front and center. They want to be able to move more and more of their infrastructure to the cloud and, in order to do that, they have to also think about security more, he notes. Some people talk about cloud as being an extension of a traditional IT environment, and when you do think about it in that way, "the security concerns are in many cases no different than a traditional IT environment."
It is important for organizations to be clear on where the demarcation line is between the cloud provider's security responsibility and the application owner's responsibility. In addition, a private cloud can create a false sense of security. "Remember that the boundary of what we thought was external vs. internal is very blurred in today's enterprise," he notes. "We have got mobile workforces, we have got business partners, we have VPNs." So whether it is public, private, or a SaaS environment, it should be remembered that the division between internal vs. external is disappearing, he adds.
Moreover, the need to manage security among an increasingly mobile workforce, with many employees choosing to use their own personal devices, will also be a key concern in 2012, says Berg. "Bring your own device," or BYOD, as it is often called, is causing security concerns, he says. Companies see the cost benefits because they don't have expensive plans that they need to manage since employees are responsible for their own devices, but when they bring them inside the enterprise, it is the enterprise that carries the risk, he notes. "Organizations are worried about data loss," he says. "It is a huge area of concern for a lot of organizations. They are really trying to understand how to manage a device which they no longer technically own."
According to Berg, IBM aims to help customers deal with existing and emerging security issues with its newly-formed Security Systems division which will provide a comprehensive security portfolio. In addition, with the acquisition last year of Q1 Labs, IBM is addressing the need for intelligent and integrated security, he says. The acquisition is intended to accelerate IBM's efforts to help clients apply analytics to correlate information from key security domains and creating security dashboards for their organizations.
The new Security Systems division integrates IBM's Tivoli, Rational and Information Management security software, appliances, lab offerings and services. IBM plans to apply Q1 Labs' analytics to drive greater security intelligence capabilities across its security products and services such as identity and access management, database security, application security, enterprise risk management, intrusion prevention, endpoint management and network security. And, IBM Managed Security Services is making available a cloud-based service of Q1 Labs' security information and event management offering to clients.
IBM has also just introduced new software to help organizations better manage and secure the proliferation of smartphones and tablets in the workplace, while also managing laptops, desktops and servers. And, beyond the new software, IBM also announced the acquisition of Worklight, which provides a mobile application platform and tools software for smartphones and tablets.
According to IBM, with the mobile workforce is expected to reach more than 1.19 billion by next year, there are new pressures to connect personal smartphones and tablets to corporate networks and provide employee access to business data on them. Mobile exploits doubled in 2011 from 2010, according to the IBM X-Force Mid-Year Trend and Risk Report.
IBM Endpoint Manager for Mobile Devices helps organizations support and protect the growing mobile workforce. Through this software, firms can use a single solution to secure and manage smartphones and tablets, as well as laptops, desktop PCs, and servers. It manages Apple iOS, Google Android, Nokia Symbian, and Microsoft Windows Mobile and Windows Phone devices.
The BYOD trend presents both opportunities and challenges, notes Bob Sutor, vice president, IBM Mobile Platform. The new software offering from IBM will help organizations manage personal and enterprise-owned mobile phones and tables across IT networks as well as minimize risk.
With 2011 having ended with a number of high level breaches, Berg says, "Data security is going to be an upfront and ongoing concern in 2012. It seems to be accelerating."
For more information, go to www-03.ibm.com/security.
For more about IBM Endpoint Manager for Mobile Devices, go to www-01.ibm.com/software/tivoli/solutions/endpoint/mdmbeta.
To access the IBM X-Force Mid-Year Trend and Risk Report, go to www-03.ibm.com/press/us/en/pressrelease/35530.wss.