Cyber defense: resilience and security go hand in glove
The interest in cyber defense as a way to mitigate the risks in today’s environment is understandably high. I recently hosted a session on Quora to answer questions on cyber security, resilience and the infrastructure needed to provide safe enterprise computing. The response was far beyond my expectations, with 25 questions asked and over 20,000 session views.
I answered twelve queries during the session, ranging from “How to build a secure hybrid cloud,” to “What are the emerging threats and security trends in the next ten years?” In this blog post, I’d like to recap and expand on a few of my responses.
Q: How can companies overcome cybersecurity challenges?
A: A company can’t overcome the cybersecurity challenges. You can only mitigate the risks the challenges present. Cybersecurity and cyber resiliency are two complimentary methods for mitigating the risks from determined attacks and events. Security helps you block and avoid disruption, while resiliency enables you to keep functioning when security is breached.
A consistent assessment of risk, using a method like FAIR, Factor Analysis of Information Risk, from the Open Group is valuable to reach consensus with all the stakeholders in your company on the magnitude of the risk. IBM Security uses this approach as part of the assessments it conducts for clients. FAIR looks at the frequency of the threat event and the potential impact on the business to rank risks. The other critical factor in addressing cybersecurity challenges is to identify the signs the provide indications and warnings of active attacks to trigger timely responses. Too often attacks go unnoticed for months before the impact is realized.
Check out this interactive webpage to see if your IT infrastructure is ready for today’s security challenges.
Q: What types of emerging threats do I need to be prepared for?
A: AI is creating new types of security issues, and quantum computing and cryptography present new challenges. At the root of these new emerging threat vectors is the same criminal profit motive that makes cyberattacks so prevalent. The good news is that these new technologies can be used for defense as well. AI can be tied to indications and warning systems as well as keeping up with response tactics. Cryptography can be used not just for data at rest and in transit but in process as well. The in-processor cryptographic engines in IBM z15 systems remove the performance penalty of encryption at scale. Quantum computing has the potential to vastly increase the encryption strength protecting data.
The Internet of Things (IoT) encompasses a wide range of commercial and consumer devices and everyday items that are connected to the Internet, and communication occurs between these objects and other Internet-enabled devices and systems. Our transportation, factories, hospitals, offices, and homes are evolving into a complex networked ecosystem of interconnected data sharing software, services and devices. IoT devices, communications, and data stores need to be safe and secure and IBM believes the responsibility for ensuring security must be shared among device manufacturers, solution developers, and users.
Q: When organizations move data and workloads to the cloud, what are the cybersecurity considerations?
A: Organizations plan on spending notable sums on cloud security. Forrester predicts that the market for cloud security solutions will more than double by 2021 ($3.5 billion from $1.5 billion in 2017). Cloud security solutions must be able to address all security needs on premises, in private clouds and across multiple public clouds. Security for the cloud isn’t something that will be solved by bolting on new security tools. It must involve a holistic strategy and security capabilities to directly address: securing identity and networks, protecting data and workloads and managing threats and compliance.
There were also questions about security for hybrid cloud environments. As a member of IBM Garage, this was a great way to introduce our comprehensive approach to innovation and transformation that brings designers and developers together with business and IT stakeholders to address cyber defense for multiclouds. Take a look at this webinar, “Secrets from the C-Suite: Building a Secure Hybrid Cloud,” to learn more.
My takeaway from doing this session is that there is a keen interest in cyber defense, particularly in the resiliency and security of hybrid clouds.