IBM PoV: #14 Multicloud Security and Resiliency Services Preliminary -- for Internal Use Only

Multicloud Security and Resiliency Services providing insights, protection, detection, response and recovery services to ensure the resiliency of the
client’s hybrid IT estate and critical business processes
Industry Setting and Problem The New Approach
• By 2024, 90% of Global 1000 organizations will have a multi-cloud management • Multicloud Security and Resiliency Services offer a programmatic approach &
strategy that includes integrated tools across public and private clouds5 framework to tackle cloud security challenges:
• Cloud adds an inherent level of complexity when it comes to security and recovery to the point • Plan: Build Cloud adoption strategy and roadmap
the many clients are losing the ability to test and recover critical business processes; Orgs are • Build: Harden Cloud native security and augment w/ addt’l security controls;
now faced with an entirely new set of challenges to try and address: • Run: Provide threat mgt. with integrated Resiliency
• Centrally manage, secure and protect hybrid Multicloud environments • Manage and protect across the hybrid, physical, virtual and legacy
• Secure access to cloud workloads, securing and protecting critical data on cloud • New NIST based threat management service centralizes and simplifies visibility,
• Security talent is difficult to find + cloud amplifies that problem (By 2022, there will be management & monitoring of security operations for hybrid workloads;
1.8M unfulfilled cybersecurity jobs • Cloud agnostic managed security and recovery services that provide a single pane
• Native security tool configuration + integration into security Ops of glass across multi-cloud + on-premise. (IBM Cloud, AWS, Azure, VMWare SaaS)
• Managing enterprise Security policy and continuity of critical business processes while • Built on an ecosystem of best-of breed security technologies
enabling business innovation at Cloud Speed
• Understanding critical data & enforcing policy for use of data in Cloud (Shadow IT)
• Insufficient protection and inability to rapidly recover from Cyber attacks
Benefits and Proof Points
Helps organizations to:
olutions Insights | Audience Roles and Objectives  Centralize + simplify visibility, mgmt. & monitoring of security operations across a
hybrid environment
 Manage and protect client data and business applications regardless of location
CISO Organization DevOps Organization Enterprise Security
• Secure by Design Innovation • Rapid Business  Integrate security into DevOps practice by automating provisioning + deployment
Operations
• Visibility + Protection against Innovation • Centralized visibility of base security controls as new workloads are being deployed
• Digital Consumption  Reduce potential exposure through continuous device health monitoring & patch
Shadow IT for security + policy
• Compliance • Automation + management mgmt.
 Demonstrate compliance to regulatory obligations
Orchestration
 Design a cloud security strategy & roadmap that aligns w/ business priorities,
budget, + risk appetite
Shortcomings of Current Approaches  Identify and protect critical data across multi-cloud
• Data: Data shifting to public cloud ahead of organizational readiness to secure it1  Orchestrate automated threat response to cyber incidents with data recovery
• Identity: On-premise identity governance + admin infrastructure remains a Critical Success Factors
challenge to maintain, scale, and upgrade2
There are four primary areas that organizations need to think about:
• Incident Response: Companies are facing the constant rising threat of data 1. Strategy + Roadmap: Build a cloud security and resiliency strategy and adoption
breaches each year (2018 annual cost of data breach is $3.86 M USD )3 roadmap
• Security Operations Complexity: Organizations are faced with disparate, point 2. Augment Native Security: Native controls are helpful but not typically sufficient;
security solutions across their hybrid environment, lacking overall centralized security Harden your native security tools, while also augmenting them with additional
mgmt. and visibility; Support for hybrid is among the top 3 claimed points of MSP security controls
differentiation4. 3. Threat Management + Resiliency: Provide threat management with an
• Rapid adoption of multi cloud and hybrid: Exacerbates skills shortage and integrated resiliency plan including recovery
urgency in area of Security and recovery operations for Cloud workloads 4. Automation-driven Continuous Improvement: The cloud landscape continues
to evolve, and requires re-assessment periodically across the above phases.