IBM’s new solutions help companies manage on-premises and diverse cloud environments.
IBM’s new solution for the security management of hybrid, multicloud environments enables companies to utilize IBM data protection across locations, including on-premises and non-IBM cloud environments. The goal is to provide a single solution that companies can use for their increasingly diverse data-hosting environments.
IBM research indicates that the average company now uses about eight different cloud systems, from various vendors, at any one time. As a result, cybercriminals can exploit weaknesses between the connections and access points of the multicloud infrastructure by targeting these complex environments. As companies add more clouds to their IT infrastructure, it becomes increasingly difficult to manage the keys that protect critical data.
IBM has described two solutions as part of its Key Management Services (KMS): Key Protect and Cloud Hyper Protect Crypto Services. Both solutions help enterprises manage encryption keys for diverse environments and even encrypt the keys for added protection.
“Protecting critical data across multiple platforms can be incredibly complex—but all it takes is one weak link to put a company’s entire security strategy at risk. That’s why we’re giving clients one single point of control—allowing them to know who has access to their critical data at all times—even on other clouds,” said Hillery Hunter, general manager, Industry Clouds & Solutions, CTO, IBM Cloud in a press release. “Trust and choice have always been at the heart of our work with clients. Now, as businesses modernize, we’re making it easier for them to manage their encryption keys and protect data across any environment they choose.”
In adding these two security solutions to its offerings, IBM expands its bet on the future of multicloud IT and helps companies to navigate between diverse computing environments.
An All-Time High for Cyber Threats
In 2021, the IBM Institute for Business Value, in partnership with Oxford Economics, conducted a global survey of over 7,000 C-suite executives across diverse industries. The survey found that only 3 percent of respondents currently use a single public or private cloud. This is a drop from 29 percent in 2019 and further establishes hybrid cloud as the leading architecture for all industries.
Howard Boville, head of IBM Cloud Platform, alluded to the need for multicloud security solutions. “In the beginning of their cloud journey, many companies dabbled with several different clouds that created complexity and disconnected piece parts, potentially opening them up to major security threats,” said Boville in a press release. “[The study’s] finding reiterate[s] that security, governance and compliance tools must run across multiple clouds and be embedded throughout hybrid cloud architectures from the onset for digital transformations to be successful.”
Most companies continue to raise concerns about interoperability and security, with increasingly complex IT infrastructure creating weaknesses for cybercriminals to exploit. The survey also found that 80 percent of respondents view data security embedded throughout the hybrid cloud as important or extremely important to their digital strategy.
For example, Siemens, among most other technology companies, currently uses multiple cloud vendors. Tosh Tambe, VP, Cloud Strategy and Transformation at Siemens Digital Industry Software, explained to engineering.com, “Siemens uses multiple vendors for cloud services. Typically, each program uses a single cloud vendor such that we do not require communication across these vendors. Within each cloud vendor’s environment, we do have multiple tenants, and communication between these tenants is controlled through strict roles, policies, and encryption.”
Due to this separation of cloud environments between programs across the enterprise, Tambe explained that the company does not currently need a KMS solution but may in the future. “Although the [IBM KMS] does not fill a current critical need, in the future, we can imagine our cloud products needing to support our customers across multiple cloud vendors, where this tool might be useful,” he added.
Even if Siemens is not actively looking for cybersecurity solutions, Tambe highlighted that security remains a top priority for the company. “Cybersecurity is priority [number one] for Siemens in using cloud services from vendors such as AWS and Azure, as well as in the cloud-based products that we sell.”
As companies continue to expand their multicloud IT infrastructure and require increased interoperability enterprise-wide, solutions like the IBM KMS may become more critical.
A “Bring Your Own Key” Security Module
When using multiple cloud environments, companies need to ensure that critical data is kept secure while juggling the different security options offered by each cloud service provider. Unfortunately, using several fragmented security solutions can expand weaknesses and increase risk.
Although IBM offers multiple security products, its new solution focuses on solving one common issue companies face: managing the large number of keys required to encrypt and decrypt data across storage devices and systems. In a large enterprise, managing these keys can become a cumbersome administrative task and lead to increased security risks. In collaboration with clients and industry leaders, IBM developed its KMS solutions to help companies manage the life cycle of their encryption keys. Taking this a step further, the keys themselves are then encrypted with a user-owned root key to protect both internally and externally managed data systems. To protect the root key, IBM uses highly secure hardware security module (HSM).
To provide enhanced security, the KMS-HSM solution offers two options. In the first option, keys can be operationally separated in a shared HSM managed through the cloud. With the second option, a user can instead enter and control the root key in an isolated KMS-HSM system that is accessible only to the owner. This difference separates IBM’s two new KMS solutions: Key Protect is the multitenant option, and the Hyper Protect Crypto Services use the single-tenant system. There is also a third option for companies to bring their own HSM, where the KMS is operated and managed by IBM, but the HSM is owned and operated by the user (usually as an on-premises system).
The single-tenant system provides customer-controlled HSMs built on FIPS 140-2 Level 4-certified hardware, the highest commercially available security within the definitions of the standard. In addition, IBM’s managed service includes the Unified Key Orchestrator, with a user-friendly interface for key administrators that hides complexity to reduce the error associated with incorrect key usage. With a user-controlled HSM, even IBM cannot access critical keys, ensuring a high level of security across the multicloud environment.
“IBM has chosen a rather unique approach to zero trust security architectures, focusing on addressing real customer driven use cases rather than simply offering yet another product. Similarly, this new service demonstrates IBM’s commitment to solving a critical pain point made increasingly difficult by COVID accelerated digital transformation initiatives, protecting critical data. By making it possible to securely manage encryption keys with a single point of control—including across other public clouds—IBM is proving that what it cares most about is clients and what truly keeps them up at night, not where their data is stored. Unified Key Orchestrator also eases the management burden which is aggravated by the security talent shortage by making it possible for businesses to demonstrate compliance across multiple cloud platforms—which can be incredibly complex—faster and easier,” said Frank Dickson, VP of Security & Trust at IDC, in a press release.
Although this is not a comprehensive security solution, it does offer an option for companies to manage the ever-expanding list of encryption keys necessary to operate a multicloud IT.
IBM Adds Its Solution to the Mix of Multicloud Management Solutions
Other companies are already working on providing management solutions for the multicloud environment. Last year, IBM released its latest version of the Cloud Pak for Multicloud Management, Google acquired CloudSimple in November 2019, and other major tech companies are working on multicloud solutions. The next step in modernizing infrastructure is to help companies manage this diverse approach to IT. With multiple products aimed at providing services for the multicloud, IBM seems to have accepted that customers will no longer commit to a single cloud. Both now, and in the future, new solutions will need to meet the unique demands of the multicloud.