"This year, more than any other, we’ve had a critical need to come together to accelerate essential recovery and transformation. Whether you are supporting a newly remote workforce or shifting to a different applications and cloud platforms, cybersecurity remains an essential practice to protect your organisation and your clients," said Matthew Glitzer, VP, IBM Security - Asia Pacific in his opening remarks.
 |
| O'Brien used the concept of 'shared fate' to explain how everything is interconnected when it comes to security as cyberattacks impact the entire business, not just the IT or security team. |
Mary O’Brien, GM, IBM Security said that while we are rapidly changing the way we work, we need "security everywhere no matter where and how we are working".
"Often a security incident is thought of as a security team’s problem but in reality, it is the entire business' problem. The damage from a cyberattack isn’t something that affects just the security team. The problems can and often do impact every aspect of the business," she pointed out.
"A cyberattack or security breach can stop production or delivery, it can impact sales, it can cause customers to lose trust, and in some cases put people’s lives in danger."
O'Brien also said security has to underlie everything within a business. "...As organisations accelerate their digital transformation and move to the cloud to meet new growing customer demand, security needs to be woven into their infrastructure, architecture, their business workflows, and the policies, and perhaps more importantly into their culture. And all of these must be done against the backdrop where risks are growing, and threats are accelerating," she noted.
She shared the story of one of the top 10 largest banks in the world, which has hundreds of petabytes of data across 20,000 servers. "As we engaged with them, they shared how various tools and technologies that they had previously used to try and solve problems have all struggled to keep up with their scale. They were eventually overwhelmed," O'Brien said.
The bank also had to overcome inertia and cultural norms, a common challenge in large organisations trying to reinvent themselves.
IBM helped the bank as a whole see security as an enabler. "Beyond the expert and services, we were able to provide the right technologies that are able to keep up with the bank’s scale. Today they are using Guardium and Guardium Data Insight deploys in the cloud together with data intelligence and analytics from across their Teradata environment, their big data repository at all their clouds environment. These all-encompassing views into their data coupled with analytics have unlocked the ability to look at the whole range of attacks and threats opportunities that they could not do before," said O'Brien.
"This is exciting because it allows their security team to look in-depth at the range of data across the entire estates of the bank. As things become clearer for them – who touches the data, when they touch the data, where the data goes and how the data is leaving the system – it makes it possible to comply to privacy regulations, and also things like the 'right to be forgotten'. With those same insights, the bank can understand better how the customer is interacting using the data. By understanding the customer better, the security team helped to drive the business forward to unlock new business opportunities."
While the bank - particularly internal developers - originally felt that security tends to slow operations, the new approach allowed them to monitor their own operations as they restructured them in different ways. "The agility and the ability to keep up with the pace of the business, which is only possible when security is being built up and built in, has helped the developers and the business to move faster and take more risks. I think this is one of the strongest arguments to have security everywhere in business," O'Brien commented.
"To effectively run as a business, security has to be everywhere. It needs to be part of the culture, and tightly integrated in the strategy across the business which includes the right people, process and technology," she concluded.
IBM Security has had to rapidly respond to protect the business, clients and employees while offering the right help at the right moment to thousands of clients this year, O'Brien said, stressing that the IBM team are veterans at responding to crises.
"We know that any business operation or system is only as strong as its weakest link. So IBM has invested millions of dollars and incredible number of hours across many locations to ensure resiliency plans not only meet and exceed the regulatory requirements but also meet our high internal standards. We have tested and practice across all our IBM locations to ensure all our plans worked. That has allowed us to continue to deliver with seamless performance," she said.
Achievements she and co-speaker John Wheeler, Business Information Security Officer and VP at IBM highlighted included:
- The XForce IRIS team helping a European company against a ransomware attack where the attacker had no intention of decrypting the files, even if the ransom was paid. The IRIS team worked around the globe 24x7, and managed to build a custom decryptor to unlock the files.
- A bank in Egypt servicing about 10 million clients with a unified endpoint management solution from IBM, Maas360 with Watson, which securely gives hundreds of employees access to corporate emails on their own smartphones.
- A school district in the US which went into online learning safely using IBM cloud.
- A Dutch client handling pension assets from over 25,000 employers which was overwhelmed by their security operations workload. IBM partially outsourced their security operations centre to the IBM XForce Threat Management service which utilised artificial intelligence (AI), automation, machine learning and IBM expertise to deliver.
"By having our security capabilities strategically positioned around the globe and ready to help our client at any given moment's notice is hugely important at IBM. It is something that we will continue to invest in so when our clients need IBM Security, we are ready for action," she said.
No comments:
Post a Comment