Hybrid Cloud Security at IBM Edge 2015

I am an IT infrastructure architect, so in that role I tend to think about accomplishing business goals in terms of components such as storage, servers, and network. I’m also a cloud architect, so I tend to think about accomplishing business goals using a combination of different cloud services. And, I’m a security architect, so I tend to think about designs that keep the bad guys out of the systems, whether they are private systems, or public clouds, or both – hybrid cloud is the new normal. I don’t think I’m unusual in this respect; we all use many different tools to accomplish our goals, and we all need to think about security in our solutions.

For many organizations, on-premises infrastructure certainly isn’t going away any time soon, if ever. There is plenty of existing infrastructure that has many years of useful life left. There are some infrastructure requirements that aren’t met by “off the shelf” public cloud offerings. There are occasionally security requirements that are not met in a shared environment, no matter how strong the virtual “walls” are. And, there’s always the pesky speed of light to consider; for example, if you have an on-premises workload, you will often have performance problems if the storage is 20 milliseconds away in an off-premises cloud environment.

The IBM Edge conference is about infrastructure innovation, and that means not only talking about the components, but also how to integrate your internal infrastructure with cloud offerings to solve the biggest problems quickly and securely. It’s amazing how fast this industry moves; technologies such as Virtual Storage Center now make it possible to automate tasks such as “right-tiering” that previously took hundreds of hours of manual, error-prone work. Storage virtualization allows you to swap out storage units without the servers and applications even realizing that you’re upgrading. Servers and networks just keep getting faster. And all of the infrastructure components keep accumulating new features that make management easier, or reduce the amount of time tasks take, or make the system more secure.

Encryption is a feature of particular interest to my security “personality”. Encryption technologies are being built into many different layers of solutions, and as time goes on, I expect to see many different layers of the solution bring their own encryption. Encryption is not simply a check box; each layer that encrypts can guard against different attacks. Disk encryption, such as offered with the DS8870 line, can act as another control against loss due to improper data sanitization, improper data disposal techniques, or theft. Encryption on the wire can protect against eavesdroppers, who can easily use either software or hardware based methods to watch the data going over the network. Encryption at the operating system level can guard against offline attacks against the disks. Encryption at the middleware or application layers can guard against an attacker elsewhere on the system being able to access data. These techniques are important in an on-premises data center, and are even more important in hybrid cloud environments!

In addition to encryption, there are many other controls to make hybrid cloud systems more secure. I’m presenting at IBM Edge on Hybrid Cloud Security – I hope you’ll come see me!