With more clouds, more devices and more applications always changing our working practices, it’s safe to say it’s a radically-changing business world. Security risks coming from this change are high and escalating for businesses in every industry and so protecting applications and data is becoming more critical. This raises the question as to whether traditional security approaches – involving trying to secure the network perimeter and monitoring for known malware – are now fit for purpose.
IT teams need new technologies and solutions that will enable them to secure interactions between users, applications, and data in a much more dynamic, complex, and extended environment than ever before. To bring about that change, channel partners – of all shapes and sizes – need to help enforce it. But what are their perspectives on security models past and present? To that end, VMware asked 4 questions to Helen Kelisky, VP Cloud, IBM UK & Ireland, Francois Loiseau, Private Cloud Technical Director OVH and Colin Williams, Chief Technologist – Networking, Security & Unified Communications Computacenter, to get their thoughts on IT security methods and what needs to change if organisations are to get truly effective protection from breaches and hacks in place.
1. Micro-segmentation, encryption at a data level, appsecurity, enforcing the ‘known good’ rather than trying to detect the ‘unknown bad’:security is being fundamentally redefined. What’s your response to this summary of the current IT security status quo?
IBM: We need to evolve the way we approach security traditionally for a cloud-based future, by looking at achieving the same outcomes for different environments. As data is infused into every facet of the business, a homogenous approach is needed to bake security into all areas. Cloud security is not only achievable, but it is now an opportunity to drive the business, improve defenses and reduce risk.
OVH: Our infrastructure design begins with security and then we keep on looking at how we can make the whole estate more and more secure every day. While building solutions to meet industry regulations, we learnt a lot about creating innovative solutions that are as secure as possible while customers build their on-premise clouds. A few years ago, the benefits of the cloud, (OpEx, time to market, scalability) were key for companies in migrating away from their legacy set-up. Today, we actually sell cloud solutions to customers based on the level of security they will bring to their organization.
2. Are the conversations you are having with customers about their IT security changing? If so, how?
IBM: Our clients are very aware they need to understand the impact of the transition to the Cloudon their security. Mindsets are shifting away from the focus on the perimeter, to look at products which can replace the aspects of the security provided by routers, firewalls and other boundary devices in favor of cloud-based services such as Cloud Access Security Brokers and Cloud Identity Services.
Computacenter: Security conversations are changing. Organizations are realizing they need increased visibility of potential threats or actual breaches, but that this will involve estate simplification and tighter solution integration if they’re to achieve this.
OVH: Whereas a couple of years ago, we’d sell a back-up solution as an option, disaster recovery is today seen as intrinsic to any solution. The security ecosystem is changing as well.
3. Do you agree IT security has to go through a radical rethink?
Computacenter: The radical rethink is already well underway but not radical enough. The endless release of new products from emerging vendors continues to signpost “yet another way”. However, getting the basics right and affecting the right security controls before embarking on another wave of procurement must be a priority for organizations.
OVH: Workload externalization, hybrid design, and the Cloud in general have changed the game. We often talk about “Cloud Native” implementation and security has to change from being, say, an additional brick to the environment to becoming ‘Cloud Native’. But, to be Cloud Native, it means adapted, compliant, evolutive, simple and (very soon) seamless when rolled out under a multi-cloud approach.
4. How does bringing IT security into the network or at an application level help your customers achieve their digital goals?
IBM: It is important to consider the context and value of the security controls that are in place. Organisations will benefit from greater control, network access granularity and built-in security such as encryption.
Computacenter:The network in a digital age ‘sees all’ and, with tight coupling with the application layer, a degree of contextual understanding can be achieved. IT security at the network level alone doesn’t solve all, it must exist in a policy-driven / integrated fashion up and down the architectural stack.
These observations all point towards one thing: the need to establish a common source of truth between today’s security solutions and the evolving business environment that needs protecting. Business models will keep transforming, and people and devices will continue becoming more connected, as organizations straddle both physical and digital worlds. We’re now seeing companies really push boundaries with new technologies, from IoT to machine learning to full-blown artificial intelligence, to remain competitive.