IBM launched the industry’s first cloud service to perform key management across hybrid, multicloud environments, helping enterprises mitigate risk to critical data from cyberattacks and insider threats. Built for today’s hybrid cloud world, the new service empowers businesses to take advantage of IBM’s cloud security capabilities – no matter where their data resides – including on other clouds and on-premises.
Securing hybrid cloud environments against data breaches
As enterprises modernize, they’re increasingly adopting a hybrid, multicloud approach to host workloads where they need to be – in the cloud or on-premises – to reduce risk and demonstrate compliance. Considering the average company is using more than 8-9 cloud environments at any given time, they risk greater exposure to threats from malicious actors that can compromise data. Now is the time to mitigate complexity – especially as cloud environments become a growing target for cybercriminals looking to access and capitalize on sensitive data residing across complex multicloud environments. But reducing complexity is no easy task. The more clouds that businesses use, the more diverse skills their IT teams need to secure and manage the keys that protect their critical enterprise data.
“Protecting critical data across multiple platforms can be incredibly complex — but all it takes is one weak link to put a company’s entire security strategy at risk. That’s why we’re giving clients one single point of control – allowing them to know who has access to their critical data at all times – even on other clouds,” said Hillery Hunter, General Manager, Industry Clouds & Solutions, CTO, IBM Cloud. “Trust and choice have always been at the heart of our work with clients. Now as businesses modernize, we’re making it easier for them to manage their encryption keys and protect data across any environment they choose.”
Enabling data governance to help organizations demonstrate their compliance
According to a recent global study conducted by IBM Institute for Business Value (IBV) in cooperation with Oxford Economics, 80% of C-Suite respondents said the ability to have governance and compliance tools run across multiple cloud estates is important or extremely important. Especially with crypto keys that safeguard critical data distributed across many platforms, organizations can suffer from operational complexity, or worse – non-compliance – if they don’t have a holistic view of their data security posture. With a single, secured and cloud-based view of who has access to critical data, businesses can demonstrate their compliance with greater ease and speed in near real-time.
“IBM has chosen a rather unique approach to zero trust security architectures, focusing on addressing real customer driven use cases rather than simply offering yet another product. Similarly, this new service demonstrates IBM’s commitment to solving a critical pain point made increasingly difficult by COVID accelerated digital transformation initiatives, protecting critical data. By making it possible to securely manage encryption keys with a single point of control – including across other public clouds – IBM is proving that what it cares most about is clients and what truly keeps them up at night, not where their data is stored. Unified Key Orchestrator also eases the management burden which is aggravated by the security talent shortage by making it possible for businesses to demonstrate compliance across multiple cloud platforms – which can be incredibly complex – faster and easier,” said Frank Dickson, VP of Security & Trust at IDC.
IBM is the only provider delivering a service in the cloud to help organizations manage encryption keys across multiple cloud environments with a unified view, helping demonstrate their compliance and strengthen security. Available on IBM Cloud, Unified Key Orchestrator leverages IBM’s encryption capabilities, hybrid cloud expertise and automation and is designed to give clients a clear understanding of their data security posture. With the service, organizations maintain full visibility and control over who has access to their critical data, while running workloads across hybrid cloud environments and in the location where it needs to ensure data sovereignty. At the same time, companies no longer need to rely on security experts with specialized knowledge of each individual cloud and can spend more time and resources driving innovation for their clients.