A blog “Big Data in the Cloud - an ideal solution for SMB banks” that we wrote touched a nerve, in a good way. Post blog, in our several discussions with both large and community banks we find that cloud objection is largely based on the size of the bank. In addition, regulatory compliance concerns are huge as most midmarket businesses and banks in particular spend a lot of money being compliant. With the move to cloud they want to make sure that the investment extends to the cloud without being exposed to security breaches and from a regulatory point of view.
What is clear is that migration to cloud is forcing businesses to think differently about security, in very standardized ways because the delivery of cloud service is standardized. It is also pushing them to automate security because utilization of cloud is dynamic, elastic, automated and fluid thus making manual or even semi-automated security processes unmanageable. However, this approach creates multiple vulnerabilities. The bad guys themselves are taking advantage of all the cloud technologies and are becoming a lot faster and more automated than the businesses. Security therefore becomes a moving target and cloud security is a perfect opportunity for businesses to improve defenses and reduce risks.
While most midmarket businesses are reactive, hunting after point solutions when something goes wrong, others are taking a proactive approach to risk and threat so that they have more fluidity in the way they respond when a threat occurs.
IBM security is on a path to help businesses think differently about cloud security. It is moving the businesses along a maturity curve from reactive to proactive to optimized. Optimization refers to the difference between being able to weather an attack and continue with business and how much time could one can shave off and how much cost could be optimized for being able to respond to that event in reducing risk.
As Sharon Hagi, Global Strategist and Senior Offering Manager, IBM Security, said in an interview “the state that IBM is advocating goes beyond reactive or proactive. We call it the optimized state where organizations use automation coupled with predictive security analytics to drive towards a higher level of efficiency. By mixing the elements of proactive approach, automation and security intelligence businesses can actually get to the point where they are a lot more efficient and they actually reduce time and cost to respond to risk.”
IBM is differentiating and trying to distance itself from others in a number of different ways. IBM has a managed security services practice with ten plus security operation centers around the world servicing 133 different countries with 6,000 security professionals and its research lab X-Force provides actionable threat intelligence and insights for business and IT leaders. IBM monitors 10,000 security customers globally, 70 million end-points with 20 billion events per day, has made enormous investments in security intelligence analytics platform that allows it to distill information, identify threats and respond quickly.
But for banks and businesses that come under deep regulatory scrutiny, security goes beyond managed services and is a major psychological barrier to cloud adoption triggering a high level of fear-factor. Recently, we posed a fundamental question of “Why do you want security” to banks and midmarket businesses in general. The responses received could easily be bucketed into five categories:
