Multi-Cloud Security from Big Blue

Have a look at the cover of Thomas Watson’s 1990 autobiography, and witness the traditional image of corporate judgment, responsibility, and success. With his hands clasped confidently behind his back, and standing between a rich mahogany desk and a sturdy stone wall, Watson exudes everything IBM helped introduce to the international enterprise community across so many decades – dependability, competence, confidence.

And what an amazing run it’s been for this iconic company from Armonk. Originally organized around well-trained salesmen in their starched button-downs selling automatic business machines, my own generation watched in wonder as the company literally exploded the computer industry in the mid-80’s with the introduction of the revolutionary IBM PC. People my age see any picture of Charlie Chaplin today, and we think IBM.

Years later, Lou Gerstner would take over the company and turn the place on its head to create a spectacularly new and successful global services offering. Check out the cover of Gerstner’s own 2003 book, and discover a more modern view of the iconic CEO: Casually leaned against a wooden desk in front of a glass backdrop, looking off confidently into the future in his crisp suit, Gerstner cuts an image that rivals Watson’s.

More recently, IBM has organized itself around analytics, AI, blockchain, cloud, IT infrastructure and management, mobile technology, software development, and of course – security. Serving just about every global business sector one can imagine, for customers of all sizes and shapes, IBM has continued its successful run – and looks to be well-positioned for the future. I will admit to being a longtime fan – in case you haven’t noticed.

Last week, the IBM team took the TAG Cyber team through their new Cloud Pak for Security – which I will summarize for you below. But first one more confession: I’ve been a customer of IBM’s security solutions for over a quarter of a century, and have been intimately involved as a user/advisor for as long as I can remember. If you are expecting an independent, unbiased review of Cloud Pak, then look elsewhere. I’m just being honest.

So let’s dig into this new security platform solution: Its purpose is to provide an open means for securing multi-cloud infrastructure. The platform collects telemetry from whatever hybrid cloud deployments have been made for the enterprise, and orchestrates intelligence derivation and response action in a unified manner. Federated search and case management across multiple cloud environments are typical usage scenarios.

The containerized platform, pre-integrated with Red Hat OpenShift, is centered on three primary functions: Security orchestration and automation, management of universal data insights, and support for development frameworks – each designed to connect data and workflows together across multi-cloud ecosystems. Threat intelligence on the front-end and incident response on the back-end are supported as part of the platform operation.

I asked the IBM team how customers were generally using the platform and the response was all about speed: “Our end users are focused on simplifying and streamlining their investigations, analysis, and response to cyber threats,” explained James Murphy, Senior Offering Manager for IBM. “IBM Cloud Pak for Security helps them prioritize and automate tasks that previously would have taken considerable time to complete.”

As one would expect, the platform integrates seamlessly with the QRadar suite, so users of IBM’s on-premise or cloud-based SIEM will represent a natural early adopter community for IBM Cloud Pak for Security. But the list of additional integrations also looked impressive, including for Splunk, Elasticsearch, Carbon Black, BigFix, Microsoft Defender, and more. The platform also supports STIX-based threat sharing.

From an analyst perspective (and being as unbiased as might be possibly expected), this new solution looks like a slam dunk for enterprise customers using IBM’s suite of security solutions, especially the QRadar SIEM. Most of these enterprise customers will have the usual multi-cloud security needs, so this new platform will offer an effective means for extending and orchestrating protection. IBM will be a great option in this case.

For multi-cloud users not as connected to the IBM solution set, however, this might be a tougher sell. I wouldn’t count IBM out, but they will need a good reason for, say, an AWS-oriented enterprise to use IBM as a means for providing multi-cloud security across Azure and GCP. It’s possible that IBM might emphasize its professional services to drive this story. We spent time on our call talking about this advantage IBM possesses over competitors.

We also spent time discussing IBM’s sizable advantages in artificial intelligence. Watson has been largely synonymous with enterprise use of AI in recent years, so this would seem like a natural differentiator. Combining leadership in AI with competence in consulting might just push IBM Cloud Pak for Security into more iconic territory. This hasn’t happened yet, so we will watch and see how things progress.

I’d recommend that regardless of your positioning with IBM’s solution offerings, perhaps as a heavy user (as I’ve been) or as a non-user, it would be a good idea to familiarize yourself with this platform. Like so many business people have said for decades: “You never get fired for hiring IBM,” and I think the same goes for their security solutions. This one looks pretty well-positioned to me. Have a look and please share what you think.

Stay safe and healthy.