Kartik Shahani, Integrated Security Leader, IBM India/South Asia, in a detailed interaction with Amit Singh revealed the company’s recent initiatives for channels and how it has built its security portfolio in line with changing customer expectations from threat detection to response
What are the significant strides that IBM security has taken over the last 24 months?
There have been a lot of changes in the security landscape over the last few years; various security start-ups have cropped up and many of the organizations have changed strategies. The changing security landscape necessitated us to revisit our security strategy.
IBM had a large security portfolio spread across various divisions. Over the last 24 months, IBM has put all the security products together in the security division. This is our most significant stride as now we have the entire portfolio and has made IBM as the only company offering both security products and the services. Unlike other security vendors, which either manufacture products or offer security services, IBM is offering both product manufacturing and services.
Besides, IBM is also offering cloud versions of the security solutions, which is quite appreciated by the customers.
Further, we have set up a security operations center (SOC) in Bengaluru and have acquired over 60 customers for security services over the last 24 months. Moreover, we are leveraging our Global Technology Services (GTS) division, which offers infrastructure services, to offer security solutions to its existing customers. Earlier IBM was only managing the infrastructure portfolio of these customers but now we are also managing their security. In fact, in all the large contracts we have been able to add security solutions and services by virtue of our focused security division.
In the face of changing architectures and models, how has IBM changed its approach towards security?
Our approach towards security has changed in tune with the changing customer expectations from threat detection to response. Until a year back, customers wanted to detect intrusions very quickly but now they have realized that it’s not only about detection. After quick detection, the system needs to respond fast because if the response is not fast enough, there is a definite loss.
According to a recent report, if we detect an intrusion and respond to it within 30 minutes, we could save up to Rs 8 crore per data breach. This means that IBM needs to have solutions which not only detect but also respond fast enough. Hence, we introduced Resilient Incident Response Platform with intelligent orchestration which dramatically accelerates and sharpens response. What makes Resilient’s platform unique is how well it can be customized to work with varying complexities and operating models within the incident space. It’s really limitless once it understands how an organization works and their methodologies.
In addition, we have QRadar as our fast response security intelligence solution for threat detection.
Further, we realized that regulators are getting quite strict in terms of data protection, especially personal data and privacy. For instance, GDPR is the recent regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. Moreover, India IT act has also got a lot of directives for personal information protection. Hence, we have strengthened our product portfolio on that front with Guardium leading the pack to ensure security, privacy and integrity of your critical data across a full range of environments—from databases to big data, cloud, file systems and more.
The third change that we saw is around AI. We realized that there are threats that one cannot even think of and we are able to react only once we are hit. Hence, there was a demand for a solution that can help us try and predict the kind of future attacks. To address these concerns, we introduced the Watson security which has AI engine and helps customers predict the type of future attacks.
We also comprehended that the number of attacks and threats has gone up manifold and it has become difficult for humans to manage even the most critical ones. Around 5-6 years back, only 1-2 critical incidents used to take place at a point in time. But the rate at which the threats are growing, things will be miserable as the number of attacks will soon run in a couple of thousands. Hence, with AI, machine learning and cognitive, we are predicting and prioritizing threats.
Moreover, customers are now asking what kind of protection they will get when they move to the cloud. They are demanding authentication, encryption, and security on the cloud, and are not ready to move until there is an adequate level of security. We are addressing their concerns with QRoC (QRadar on Cloud). We also have Trusteer, an intelligent authentication solution apart from MaaS360, an MDM solution for mobile security, and Guardium in SaaS version.
Hence, we have built a comprehensive portfolio of security solutions based on the changing customer expectations.
What is your go-to-market security blueprint?
Our GTM is very much through channel partners; in fact, we have recently taken many steps toward growing our business through partners. Our entire SaaS and cloud business is driven by channels, which has become one of the most focused areas for IBM.
Our SaaS model works quite well for regional system integrators and VARs. They can leverage on our SaaS offerings as white-labeled products under the Enterprise Service Agreement (ESA). For instance, a system integrator, who wants to sell services for detection, will be able to wrap its services around our QRoC and sell it as its own product.
In addition, we engage services from the smaller partners to help us in deployment in very large projects. As the cost of implementation from IBM may be higher, a blended pricing makes sense where the program management is done by IBM and the implementation takes place through a partner. In fact, regional partners play an important role for us in terms of coverage and last mile implementation.
What is the real playground for IBM Security as many of the CISOs opt for ‘best of breed’ vendors like Palo Alto Networks for network security or Symantec for their endpoint security as few examples?
IBM has got a very unique model at hand as we can provide services and solutions for any product or brand.
We can take end-to-end projects with requirements from Palo Alto, Symantec to IBM or any product for that matter. In fact, we can deploy solutions from any vendor and the benefit is that the customer needs to deal with only IBM. We not only deploy it for the customer but also manage and maintain it for the customer if they require.
IoT is now moving out from over hype to hype cycle, but it poses enough security challenges. Is Internet of Things (IoT) is turning out to be the Internet of Threats?
We agree that IoT may pose security threats, but the level of threats varies on the segments. For instance, IoT in manufacturing segment is quite critical. In case the sensors on the cutting machine are altered, the whole production cycle may come to halt with severe production losses. A problem with surveillance cameras may lead to information leak from highly sensitive areas. Hence IoT applications around manufacturing, smart cities, and utility companies are highly critical.
Therefore, we have lined up a bunch of solutions under Watson IoT security portfolio to address IoT security challenges.
There is one theory which suggests that endpoint is the most vulnerable; and then, there is the threat to the network; and of course, cloud security is another critical point. What are your views on where the threat intelligence should actually be focusing on?
We believe all of the above are equally important for threat intelligence to focus upon. Working on the same lines we have X-Force, which is a threat intelligence feed which takes input from various sources. For instance, there may be an endpoint security company that is providing threat intelligence, then there might be a networking company like Cisco providing network threat intelligence, X-Force captures feeds from various sources and provides threat intelligence to the central repository of QRadar. With the feeds, QRadar is able to analyze and correlate with the endpoint, network and the cloud services. It is able to predict threat and risk for your network or critical assets.
Hence, if we are able to provide threat intelligence in terms of what is going to be the impact on those critical assets, that’s what most companies appreciate. With X-Force, we are able to bring in information from the network and endpoint and feed it into the analytics engine: QRadar. That way we are able to safeguard all three at the same time.
What are your focus areas for IBM Security over the next 12-18 months?
We are focused on providing data privacy solutions, which is in line with the requirements of most of the regulators. In addition, we have a large focus on IoT security, cognitive solutions and the ability to offer these solutions over the cloud and in SaaS model.
We are enabling channels to play a larger role in our security initiatives. IBM until recently had a large number of direct accounts, however now the company’s focus has further increased on channels. Hence, there are only a few accounts left which IBM handles directly, which has further increased the scope for channels.
In the IBM security fold, we have got 8 global SIs, 10 enterprise SIs, over 40 commercial partners and over 30 partners for Maas 360 as well as 25-30 partners for the balance of the SaaS business.