IBM, AT&T Offer Secure Passage to the Cloud

After years of chipping away at the cloud computing market, IBM on Wednesday announced that it has teamed up with AT&T to offer secure cloud computing as a service.

The two companies will combine IBM’s SmartCloud Enterprise+ with AT&T’s virtual private networking service to Fortune 1,000 companies worldwide.

The service will be offered early next year.

How the Service Will Work

The combined offering secures data in motion, integrating the security features of both IBM’s cloud computing resources and AT&T’s VPN service. This will let users move data or applications between their own data centers or private clouds, and the service.

“This is going to provide clients with an extra level of security because the data leaves their own data center at the company and travels on a protected network tunnel to be processed, and then goes back to them through the tunnel,” IBM spokesperson Colleen Haikes told The E-Commerce Times.

Corporate data usually travels over VPNs, but the difference is that the AT&T network “is connected at the code level to the IBM cloud and data is protected the whole way through,” Haikes said. “The two companies have worked really closely together over the past 10 years.”

AT&T will dynamically allocate networking resources to computing resources. This will let both scale up or down in tandem rapidly to support changes in demand.

The service will be customized to fit customer demand. It will offer service level agreements aligned to business and usage requirements. It will have more than 70 automated built-in security functions, and will extend security to both wired and wireless devices that have been authenticated to the user’s VPN.

Implications of the Team-Up

The IBM-AT&T joint offering “fundamentally reinforces the notion that cloud providers recognize that they can’t treat security as a ‘nice-to-have’ but, rather, need to deliver it as a service, the same as how core computing services are delivered,” Urvish Vashi, vice president of marketing at Alert Logic, told The E-Commerce Times.

“The idea of looking at the full array of security services and providing credible security solutions across the board is table stakes for targeting F1000 customers to move to the cloud,” Vashi continued.

However, the team-up “won’t materially change the playing field [because] most F1000 companies are taking cloud services from companies other than AT&T and IBM,” Simon Aspinall, chief of vertical markets, strategy and marketing for Virtustream, told The E-Commerce Times. “Other suppliers have differentiated cloud offers that are gaining good market traction using AT&T and other communication services.”

Don’t Quit

It’s likely that IBM’s teaming up with AT&T is a bid to boost both companies’ attempts to gain traction in the cloud computing market.

Big Blue has a worldwide network of at least 13 cloud computing centers. Back in 2007, the company introduced what it called “ready-to-use cloud computing” with its “Blue Cloud” initiative. In 2008, it offered its independent software vendors and partners “Bluehouse,” a Software as a Service version of Lotus Connections.

Last year, IBM teamed up with SugarCRM to play in the social business arena, which Big Blue predicted would grow into a $100 billion market.

“AT&T and IBM have both been making efforts in cloud services, but haven’t yet established a strong marketing position,” Virtustream’s Aspinall commented. “This AT&T/IBM offer mainly addresses basic virtualization and backup services related to IBM server offers.”

Other Cloud Security Developments

Concerns about security in the cloud are driving developments in that arena.

On Monday, the Cloud Security Alliance published implementation guidance documents for security as a service.

On Tuesday, Microsoft released a free cloud security readiness tool.

“Security-related issues topped our list of consumer concerns about cloud maturity” in a recent CSA survey, Jim Reavis, the alliance’s executive director, told The E-Commerce Times. “We have also seen an over 100 percent increase in downloads of our security assessment tools in the last three months. Providers are ramping up security directly due to consumer requests.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-commerce Times Channels

Unprotected Machine Identities Newest Enterprise IT Security Concern

A new report by a privileged access management firm (PAM) warns that IT security is worsening as corporations remain bogged down on deciding what to do and what it will cost.

Delinea, formerly Thycotic and Centrify, on Tuesday released the research based on 2,100 security decision-makers internationally, revealing that 84% of organizations experienced an identity-related security breach in the past 18 months.

This revelation comes as enterprises continue to grapple with expanding entry points and more persistent and advanced attack methods from cybercriminals. It also highlights differences between the perceived and actual effectiveness of security strategies. Despite the high percentage of admitted breaches, 40% of respondents believe they have the right strategy in place.

Numerous studies found credentials are the most common attack vector. Delinea wanted to know what IT security leaders are doing to reduce the risk of an attack. The study focused on learning about organizations’ adoption of privileged access management as a security strategy.

Key findings of the report include:

  • 60% of IT security decision-makers are held back from delivering on IT security strategy due to a host of concerns;
  • Identity security is a priority for security teams, but 63% believe it is not understood by executive leaders;
  • 75% of organizations will fall short of protecting privileged identities because they refuse to get the support they need.

ID Security a Priority, But Board Buy-in Critical

Lagging corporate commitment to actually take action is the growing policy many executives seem to be following regarding IT efforts to provide better breach prevention.

Many organizations are hungry to make a change, but three quarters (75%) of IT and security professionals believe those promises of change will fail to protect privileged identities due to corporate lack of support, according to researchers.

The report notes that 90% of respondents said their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. Almost the same percentage (87%) said it is one of the most important security priorities for the next 12 months.

However, a lack of budget commitment and executive alignment resulted in a continuing stall on improving IT defenses. Some 63% of respondents said that their company’s board still does not fully understand identity security and the role it plays in enabling better business operations.

“While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks,” said Joseph Carson, chief security scientist and advisory CISO at Delinea.

“This means that the majority of organizations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them,” he added.

Lacking Policies Puts Machine IDs at Great Risk

Companies have a long road ahead to protect privileged identities and access, despite corporate leaders’ good intentions. Less than half (44%) of the organizations surveyed have implemented ongoing security policies and processes for privileged access management, according to the report.

These missing security protections include password rotation or approvals, time-based or context-based security, and privileged behavior monitoring such as recording and auditing. Even more worryingly, more than half (52%) of all respondents allow privileged users to access sensitive systems and data without requiring multifactor authentication (MFA).

The research brings to light another dangerous oversight. Privileged identities include humans, such as domain and local administrators. It also includes non-humans, such as service accounts, application accounts, code, and other types of machine identities that connect and share privileged information automatically.

However, only 44% of organizations manage and secure machine identities. The majority leave them exposed and vulnerable to attack.

Graph: Delinea Benchmarking Security Gaps and Privileged Access

Source: Delinea global survey of cybersecurity leaders

Cybercriminals look for the weakest link, noted Carson. Overlooking ‘non-human’ identities — particularly when these are growing at a faster pace than human users — greatly increases the risk of privilege-based identity attacks.

“When attackers target machine and application identities, they can easily hide,” he told TechNewsWorld.

They move around the network to determine the best place to strike and cause the most damage. Organizations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT ‘superuser’ accounts which, if compromised, could bring the entire business to a halt, he advised.

Security Gap Growing Bigger

Perhaps the most important finding from this latest research is that the security gap continues to get larger. Many organizations are on the right path to securing and reducing cyber risks to the business. They face the challenge that large security gaps still exist for attackers to gain an advantage. This includes securing privileged identities.

An attacker only needs to find one privileged account. When businesses still have many privileged identities left unprotected, such as application and machine identities, attackers will continue to exploit and impact businesses’ operations in return for a ransom payment.

The good news is that organizations realize the high priority of protecting privileged identities. The sad news is that many privileged identities are still exposed as it is not enough just to secure human privileged identities, Carson explained.

The security gap is not only increasing between the business and attackers but also the security gap between the IT Leaders and the business executives. While in some industries this is improving, the issue still exists.

“Until we solve the challenge on how to communicate the importance of cybersecurity to the executive board and business, IT leaders will continue to struggle to get the needed resources and budget to close the security gap,” he warned.

Cloud Whack-a-Mole

One of the main challenges for securing identities is that mobility and cloud environment identities are everywhere. This increases the complexity of securing identities, according to Carson.

Businesses still attempt trying to secure them with the existing security technologies they already have today. But this results in many security gaps and limitations. Some businesses even fall short by trying to checkbox security identities with simple password managers, he said.

“However, this still means relying on business users to make good security decisions. To secure identities, you must first have a good strategy and plan in place. This means understanding the types of privileged identities that exist in the business and using security technology that is designed to discover and protect them,” he concluded.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Enterprise Security