IBM bats for 10 essential controls for cloud security

IBM bats for 10 essential controls for cloud security

Khoo Boo Leong  |   August 21, 2012
Asia Cloud Forum
An increasingly mobile workforce demanding anytime, anywhere access from any device to corporate systems and lines of business adopting cloud services increase the vulnerability of an enterprise network drastically.
To make matters worse, "over the past 8 or so years during the recession, there was an 80% decrease in the amount of funding for security technology amongst the venture capitalist community," said Kristin Lovejoy, the vice president of IT Risk and chief security officer at IBM. "There has been less innovation during this period to deal with [emerging threats such as hacktivism and advanced persistent threats (APTs)]. The APTs are what keeps me up at night."
So, as organizations strive to reduce costs and increase efficiencies, the risk of skipping over steps due to inadequate resources increases. "We estimate that between 80% and 90% of all sophisticated attacks could have been prevented through simple controls," said Lovejoy.
Simple answer
Despite worries about hacktivists and APTs, the reality is that "99.9% of the incidents involve the [end user] as the inadvertent actor," added Lovejoy. "The irony is that hardware and software are more secure than ever before. The problem is that the systems are now in the hands of the end users. You've got mobile devices and cloud images that are being made available to more people. These are being used by cybercriminals to get inside the organization."
IBM is certainly a giant target with an attack surface spanning "250,000 applications running on about 800,000 IT assets; 250,000 network assets and more than 2 million laptops and another several hundred thousand mobile devices," said Lovejoy. "We change about 4 million user names and passwords daily and expire about 40,000 patches a day."
Basic controls
To help senior executives at IBM understand what is required to balance security or business transformation risks and business innovation, Lovejoy created a list of 10 basic but essential controls for providing in-depth security.


TelcoStrat 288

May 7-8, Jakarta
Join telco CxOs from around Asia to discuss:
• Changing the way telcos operate
• New service offerings
• Restructuring for innovation
See the conference agenda >>

Ericsson has been in Asia for more than 100 years and will continue to drive technology and services leadership in order to bring the best mobile experiences to end users


Frontpage Content by Category with Image

Activists petition for the withdrawal of the Newborn-to-Toddler Apptivity Seat full website

© 2012 Questex Asia Ltd., a Questex Media Group company. All rights reserved. Reproduction in whole or in part is prohibited. Please send any technical comments or questions to our webmaster.