IBM Security Guardium

 View Only

Hybrid Multicloud Data Protection with IBM Security Guardium

By Benazeer Daruwalla posted Thu May 09, 2019 04:44 PM

  

Hybrid cloud and multicloud deployments have become commonplace, resulting in data becoming more dispersed than ever. As a result, today, organizations must not only consider which services should be run in public cloud, private cloud, on-prem, or in a hybrid mix of all them, they must also determine how data security will be applied in order to protect and secure such dynamic workloads.

According to IDC's 2018 Global CloudView Survey of more than 5,700 firms, 81% of companies currently use or plan to use public cloud, and 86% of companies currently use or plan to use private cloud. This represents an increase of more than 30% from the previous year's results.

By 2020, more than 90% of global organizations will have a multicloud strategy in place. Most organizations using public cloud will also deploy on private cloud platforms and leverage a hybrid cloud strategy.

This trend is also reflected in the way organizations are consuming database management solutions.  Common patterns include:

  1. Deploying database management solutions on-premise or in private data centers (The heritage model). This still continues to be a dominating pattern as organizations progress towards modernizing their workloads based on criticality and business impact;
  2. Deploying traditional databases management solutions on public cloud infrastructure –as-a-service models. For example, deploying Oracle database server on Amazon EC2;
  3. Consuming database-as-a-service that are hosted and fully managed by the cloud provider. For example, subscribing to AWS RDS MySQL, or Azure SQL Database;
  4. Deploying Database management solutions using cloud native architectures. This includes running databases within containerized environments such as running MongoDB within Docker container and finally;
  5. Combination of all of the above.

Security and IT organizations are challenged to keep up with the fast-paced innovation delivered through cloud services while keeping their data secure and in accordance with ever evolving compliance mandates. Thus, taking a hybrid multicloud approach to data security is quickly becoming a critical requirement for organizations of all sizes. And while, at first, it may seem like too daunting of a task, if implemented correctly it can become a source of differentiation for any business.

However, going back to the previous discussion around database management patterns, the fundamental drivers and use cases for data protection remain intact within the context this move to hybrid multicloud architectures. Compliance, privacy & data security analytics remain top most compelling drivers. That said, scaling data security solutions and best practices across a mix of on-prem, private, and cloud deployment models certainly introduces additional layers of complexity.

The most profound cloud data security gaps are around Visibility and Control. While cloud deployment models improve IT speed and business agility and allow organizations to take advantage of cloud's elasticity and scalability, they also invoke new data security challenges due to the lack of fine-grained visibility and control. What I mean by that is cloud architectures work on a shared responsibility model between the cloud provider and the consumer.  For instance, with the Infrastructure-as-a-service (IaaS) model, the cloud consumer has the ability to implement data security measures similar to what they would deploy on premise and can exercise tight controls through actionable policies. On the other hand, with Software-as-a-service (SaaS), cloud consumers often have limited or no visibility and/or control over the management of the data running in that service. Therefore, they must rely on the limited/one size fits all options provided by the cloud provider. This can greatly limit a company’s ability to exercise the granular controls needed to protect and secure their sensitive data.

A hybrid multicloud data protection strategy must acknowledge these constraints by providing means to augment & implement flexible and purpose-built data security measures that are based on industry best practices, and regulatory standards and address requirements for; 

  1. Visibility: Getting the right level of visibility & granularity on data source activities in order to take purposeful actions;
  2. Control: Bringing all the normalized visibility into a single-pane of glass in order to make near-real time, efficient and effective decisions, for both compliance and identifying data security risks.
  3. Flexibility: Being able to pivot and adapt to the changing cloud and IT landscape. To avoid cloud vendor-lock-in, it behooves organizations to select cloud services and data security solutions that have the flexibility to evolve with changing business needs.

IBM Security Guardium Data protection facilitates secure hybrid multicloud data protection with comprehensive, centralized, and dynamic approach to proactively secure data on premise, or/and public, private multicloud environments.

Guardium Data Protection can address top challenges by providing;

  1. the right level of visibility using both agent-based & agentless architectures
  2. the right level of control with centralized policy management, analytics and reporting for purposeful actions
  3. the right level of flexibility to leverage & expand investments in hybrid and multi-cloud services and protect data no matter where it resides.

Watch this space for further discussions on various options Guardium Data Protection platform provides in addressing the aforementioned challenges in order to help organizations protect critical data across their choice of hybrid multicloud services.

0 comments
25 views

Permalink