Advertisment

Security Solution: A game of changing offense and improving defense

author-image
DQC News Bureau
Updated On
New Update

Tom Turner, VP Marketing and Business Partners, IBM Security Systems Division is responsible for WW Security Marketing and WW Business Partner sales of IBM Security Software products. DQ Channels interviewed Tom Turner about the recent release of IBM X- force 2013 mid-year report, emerging trends in cyber security threat and different security challenges faced today.

Advertisment
  • Could you tell us a few major findings from the IBM X- force 2013 mid-year report?

Tom: This is a report that we issue twice a year and we publish the mid year findings. The most interesting finding was that as our technology infrastructure is becoming more complicated, we have actually seen that some of them are old fashioned attacking methods are still being successful. And that is because the offenses have improved, they like to challenges customers for the fact that their enterprises they are trying to protect is very different, they have become much larger in scale, there are more devices that they have to protect.

I have been in the security business since 1998, and what is always been thrilling security is that it's been use as a sporting analogy. It's a game of changing offense and improving defense. So, as new trends come in the market, our observation in the enterprise and IT space, new defenses or methods of protecting against those threats emerge. And then other threat will come along and then our defenses will improve. However, to see that while this continues some of the older methods of targeting an enterprise are still being successful, I wasn't expecting to see that in the report so this was a very interesting find for me. And it underlines a very important thing that security isn't just about security technologies; it's about new technologies that help to reduce the risk for an organization.

Advertisment
  • Are you also leveraging Big Data analytic in your security intelligence program?

Tom: First of all, if you look at the IBM security strategy, one of the very important parts of our strategy is the layer of analytic and intelligence that we deliver to our customers, on top of the infrastructure security solutions, the data security solutions, the application security solutions, there is a need for analytic to collect security information from all of the different products that the customer will have to play them in their network. That's a big data challenge. Even for medium sized customers, there could be millions and billions of pieces of information in a day, so there is collecting that data but more importantly there is making sense of what you really care about out of all those pieces of information. So, that is a big data problem that we solve with our security solution products.

There is another case, and that is the emerging need to collect non security specific information. Things like all of the email in a company or all of the social media challenge, and that's not what we normally collect in a security solution but the reason that it is collected and then you want to have of what we call data scientists, look into that data for patterns that they conspire historically and then if they spot something then they'll be able to develop a protection mechanism for one that occurs again in the future. That is combination between IBM and its security intelligence products and the big data problems that comes out of our big insights. We call this solution as security intelligence with the big data.

Advertisment

 

 

  •  How beneficial do you think is IBM security program for organizations to overcome security challenges they are facing because of the enterprise data volumes increasing every day?
Advertisment

Tom: The reason our security business was built and the framework that we put in place absolutely helps because there is no single product solution that just gives you a secure cloud or gives you a secure mobile business. It's actually the implementation of a bad risk based framework. So, ours is I believe very non technical, it's about respecting the people in an organization, delivering security in the applications they use, delivering protection to the data that they want to access with those applications and then obviously protecting the infrastructure. IBM security framework is a great road map for our customers to think about where should security being implemented.

  • Can you elaborate on the road map for IBM's security division and where exactly India or Asia Pacific fit into that?

Tom: IBM security business is a global business and we have a global presence so we have development centers that are here in India, we have sales marketing persons, channel partner relationships. These are ways for us to be informed of what are unique things in the Indian security markets as well as what is common in the Indian security market with the markets that we sell. Ultimately our road map is going to be driven by five things.

Advertisment

First of all, the problem that we are solving today ultimately increasing assets for the chief security officer, and so if the chief security officer is dedicated person within a company and is charged with solving say forty problems, the problems that he will face is protecting from the threats that evolve, enabling a transformation into things like cloud, mobile, social and big data. So, our road map is driven by feedback around the world, but very focused on the role that we know is important in every country that we do by choosing security decision maker in a company, those business drivers that he/she has to face.

 

 

Advertisment
  • Do you agree that mobile threats have reached a prominent position in the cyber threats landscape?

Tom: Yes, it certainly has a prominent position in thought processes of the companies. That's simply because how much companies are investing in mobile infrastructure. At the end of our X force report 2012, we had a forecast that we actually think that mobile security will become more secure platform than other end point near clients. That's because how many advances companies like us have made and are able to deliver protection to the mobile threats.

 

Advertisment
  • With the inclusion of BYOD, do you think it can put organizations at risk?

Tom: I think providing secure BYOD is a combination of things. Technology as well as business process that it provides guidance to its employees on what they should or shouldn't be doing on the device they bring in to work. The technologies are matured to a point where risks can be managed if good security technologies are put in place on the end point which can ensure that proper guidelines are being met around how a device is patched as well as putting a container around the information that are sensitive from the corporate nature and then also being able to wipe out any corporate sensitive data should the device will be missing.

Our responsibility as a security provider is to enable customers to put security around their data that they own regardless of what they own. That is what we focus on doing. So that way if the company chooses to implement BYOD, we have security products that will help them to do that in more secure fashion.

 

 

  • How important do you think cyber security education is for next generation?

Tom: Yes it is very essential. I have observed that how much it is covered by the media today or how universities are now including it in their computer science courses and how more it been more written about this topic from a business perspective. The emergence of a chief security officer actually proves the point that the chief security officer is becoming a business level person within the organization who is ultimately responsible for getting a company to a better state. Education is important that way, it isn't just technology.

 

  • What final thoughts would you like to share about the future of information sharing & cyber security?

Tom: Information sharing is an interesting topic in security. Its not always easy for a security professional to attain because its not always easy to understand what your competitors or even your pears are doing from a security perspective because it is such a sensitive topic. I believe the role of IBM at the end is to provide a level of global contacts to our customers and the way we do this is we have significant amount of research that comes from all of the customers that we monitor around the world.

We learn things from all of those customers and therefore, we can put into our products to make their products more secure as well as to advice our customers as to what we perceive as a global basis. We have the X force report as a way to educate customers about globally what is occurring so they can make better decisions around their reputation.

 

Advertisment