As more enterprises move to hybrid cloud environments, hybrid cloud security has become imperative to business growth. According to a 2021 study by the IBM Institute for Business Value (IBV), 80% of executives expected their organizations to operate more than 10 distinct clouds by 2023, up from eight in 2020. “The scale of most enterprise hybrid cloud deployments is so vast and penetrates so deeply that the need for an all-in security culture is absolute,” says Shue-Jane Thompson, managing partner at IBM Consulting. “And it should emphasize the business case for security.”

Read IBM’s “Cost of a data breach 2022” report

Security is fast becoming a conversation about empowerment versus just protection. The IBV study “Prosper in the cyber economy” found that 66% of business executives view cybersecurity primarily as a revenue enabler. This requires shifting from a defensive strategy, built on detection and response, to a mature security posture that emphasizes operational efficiency, financial performance and competitiveness. Instead of thinking about security as a traditional expenditure for your organization, approach it as something that can become a value proposition for partners and end customers.

“Customers are buying security as a program. They believe security is not just bought as a small portion of the system or the application they are building.”

Thompson points to companies that leverage security as a revenue source by charging a premium for highly secured services or products. “More and more, security is becoming a standalone procurement,” she says. “Customers are buying security as a program. They believe security is not just bought as a small portion of the system or the application they are building. They believe security must be managed and controlled across the total asset.”

Moving from a defensive stance to an offensive strategy starts with understanding trends in the security landscape. A wider adoption of hybrid cloud naturally presents important concerns due to the vast web of interconnectivity between public and private cloud platforms. Many cloud-based environments rely on Linux for their operations, and in 2022, IBM Security X-Force reported dramatic increases in Linux malware. Threat actors are also blending malware with legitimate traffic on cloud-based messaging and storage platforms and targeting Docker containers, which are often used in platform-as-a-service cloud solutions.

“The biggest challenge for security is the complexity, the scale and the velocity at which it needs to operate. Organizations need a heterogeneous security policy that they can also bring down to market level,” Thompson says. International organizations, for example, need security strategies that can satisfy the regulations of every country in which they operate, meet specific customer demands and stay ahead of business-specific threats, whether from broad DoS attacks or sophisticated, targeted phishing. The proliferation of hybrid cloud environments means organizations now have a larger attack surface. Cybercrime will continue to rise, and attacks on these environments are costly and tough to detect. According to IBM’s “Cost of a data breach 2022” report, it takes an average of 252 days for an organization to identify and contain a breach that occurred in a hybrid cloud environment, and the average cost is USD 3.8 million compared to USD 4.24 million for private cloud breaches and USD 5.02 million for breaches in public clouds.

Individual accountability is crucial in hybrid cloud environments, especially as ransomware spikes, with an attack occurring every 11 seconds.

Adding more controls or point solutions is not enough for organizations that want to tap the business benefits of a “security first” mindset. Organizations need orchestration, continuous threat management and resiliency. Two primary enablers: educated employees and sophisticated security solutions. Per data from a 2022 Verizon report, as many as 8 in 10 security breaches are caused by human error. As Thompson says, “How will you be able to help humans make better decisions? That’s where the transformation in culture becomes important.” Here’s what these transformations can look like in organizations that want to embrace a security-first mindset as a business differentiator.

The human factor: from passive participation to personal accountability

Individual accountability and proactive security enhancements at every level are crucial in hybrid cloud environments, especially as ransomware spikes, with an attack occurring every 11 seconds. As organizations integrate cybersecurity strategies into business objectives, Thompson says every individual must see themself as being on the front lines of upholding stronger security practices, whether that means raising community awareness or training colleagues.

“Chasing after compliance regulations and spending all your energy to check off boxes is not the best way to use your cyber talent.”

A more mature security posture also requires a more robust cyber workforce. The threat landscape is more drastic than ever, with cyberattacks targeting everything from customer data to power grids.  According to IBM Security’s X-Force Threat Intelligence Index 2023, there was an 100% increase in hijacking attempts per month in 2022 compared to 2021. Yet, the demand for cybersecurity professionals outpaces what the labor market can fulfill. According to this Cybersecurity Workforce Study, there is a global cybersecurity workforce gap of 3.4 million people. To help prepare more workers for those vital roles, organizations need to invest in cybersecurity upskilling and AI and automation tools.

IBM, for example, is training more than 150,000 people in cybersecurity skills over the next three years through a range of programs, such as SkillsBuild. Meanwhile, AI, machine learning and automation can process huge amounts of complex security data to predict or detect threats. “Organizations spend a large number of resources trying to deal with compliance issues,” Thompson says. “Chasing after compliance regulations and spending all your energy to check off boxes is not the best way to use your cyber talent.” AI automation tools can facilitate more efficient evaluation and review procedures, perform sensitive data discoveries and support monitoring. “If organizations invest in smart automation, they can then move resources and assets to invest in more proactive defensive mechanisms,” Thompson says.

Manage risk with IBM cybersecurity solutions
“You need total transparency on how your assets, workflows, data flows and users—plus partners in your ecosystem—are functioning.”

The tech factor: from vertical silos to horizontal integration

On the technology side, the goal is “having a single pane of glass across the hybrid cloud environment,” Thompson says. “You need total transparency on how your assets, workflows, data flows and users—plus partners in your ecosystem—are functioning.”

Smart and networked devices are becoming ubiquitous, yet existing security models are often designed only to protect the endpoint and the data center with technologies like firewalls. That “walled garden” security model must change to one that orchestrates security technology throughout the business (and ideally, through to ecosystem partners) to ensure protection across all devices and touchpoints. Finally, your technology should detect and contain attacks with effective organization-wide incident responses.

This unified approach creates “a fabric of protection” that envelops the organization, Thompson says, and becomes a value proposition. That level of coordination will be even more vital for certain industries. For example, a growing portion of the USD 1 trillion hybrid cloud market opportunity comprises the financial markets industry, which has strict data ownership and handling requirements built around security and regulation compliance.

The emerging security challenges are considerable, and data security is an ongoing battle. But the solutions are attainable, and the company’s bottom line is the first beneficiary. “Security is a team sport,” Thompson says, “and we’re all on that team.”

Follow emerging trends with IBM’s Expert View newsletter

More from Business transformation

Accelerating AI & Innovation: The future of banking depends on core modernization

4 min read - In the rapidly evolving landscape of financial services, embracing AI and digital innovation at scale has become imperative for banks to stay competitive. With the power of AI and machine learning, financial institutions can leverage predictive analytics, anomaly detection and shared learning models to enhance system stability, detect fraud and drive superior customer-centric experiences. As we step into 2023, the focus has shifted to digital financial services, encompassing embedded finance, generative AI and the migration of super apps from China…

4 min read

Keep it simple: How to succeed at business transformation using behavioral economics

3 min read - Business leaders often think it’s impossible to predict the outcome of a transformation effort—whether employees will embrace a new process, for example, or how customers will react to a new service. They’re missing out on a secret of change management, says IBM Global Managing Partner Jesus Mantas: “You really can predict, for the most part, why people do what they do.” The answers, he says, come from ​​behavioral economics. In his role overseeing Business Transformation Services for​​ IBM Consulting, Mantas…

3 min read

How Red Hat OpenShift on AWS (ROSA) accelerates enterprise modernization initiatives on cloud, delivering business application innovation

3 min read - When it comes to driving large technology transformation on Cloud, leveraging existing investments, and optimizing open innovation within the larger ecosystem with a hybrid cloud platform, IBM Consulting™ offers several learnings to help organizations address the architecture and technology challenge.  Consider large financial services organization going through core banking modernization. The core banking application landscape involves multiple applications (both legacy and custom off-the-shelf) that are integrated and surfaced across multiple customer experiences, including mobile. The goal of modernizing such a large…

3 min read

IBM Consulting unveils Center of Excellence for generative AI

4 min read - IBM Consulting has established a Center of Excellence for generative AI. It stands alongside IBM Consulting’s existing global AI and Automation practice, which includes 21,000 data and AI consultants who have conducted over 40,000 enterprise client engagements. The Center of Excellence (CoE) already has more than 1,000 consultants with specialized generative AI expertise that are engaging with a global set of clients to drive productivity in IT operations and core business processes like HR or marketing, elevate their customer experiences…

4 min read