IT Briefcase Exclusive Interview: Staying Secure in the Cloud with Dr. Nataraj (Raj) Nagaratnam, IBM

In this interview, Dr. Nataraj (Raj) Nagaratnam from IBM Security Systems offers expert advice for organizations looking to securely manage a multitude of mobile devices in the cloud and on corporate networks.

• Q. As Cloud Computing and Mobile continue to evolve, what are you seeing as the biggest IT Security threats emerging today?

A. Cloud and mobile adoption make it possible to provide access to information to anyone, anywhere, anytime.The biggest IT security threats emerging in this landscape are those that exploit application and system vulnerabilities, and in turn gain access to sensitive information, intellectual property, or even target critical infrastructure.

• Q. What advice can you offer to organizations trying to securely manage a multitude of mobile devices on a corporate network?

A. To embrace and securely manage mobile adoption, enterprises should plan and execute a framework around people, processes and technology. They should put policies in place about mobile usage, user responsibility, and privacy, and create awareness of these among their employees. They should put processes in place to understand the value and risks, and phase the deployment of mobile device support. These processes should also support security testing of mobile applications before roll out, not just at the time of initial deployment of the mobile initiative, but for all mobile applications, all of the time. Enterprises should evaluate and adopt technology that helps secure and manage the endpoints, enforce context-aware access controls to their enterprise network, and enable developers to build secure applications. Gaining visibility across mobile endpoints, networks and applications will in turn provide enhanced intelligence about their security and risk posture.

• Q. What do you think is creating the current divide between proprietary and open approaches to enterprise cloud computing, and how can businesses today begin to reconcile this?

A. Enterprises that adopt hetereogenous but proprietary cloud systems face challenges due to complexity in management and security of the systems. Without industry-wide open standards for cloud computing, businesses will not be able to fully take advantage of the opportunities associated with interconnected data, such as mobile computing and business analytics. Just as standards and open source revolutionized the Web and Linux, they will also have a tremendous impact on cloud computing. Enterprises should design their cloud strategy anchored on open cloud architecture, so that they can orchestrate their cloud deployments and applications based on their enterprise policies and risk.

• Q. How is IBM currently working to help organizations overcome the security challenges they face as enterprise data volumes continue to grow by the day?

A. IBM is focused on providing solutions that help clients manage risk and secure their enterprise. IBM’s advanced security intelligence and analytics capabilities collect and analyze in real time the vast amounts of data provided by security appliances and software. Security intelligence provides enterprises the ability to gain accurate and actionable insight about their enterprise security and risk posture. Based on their security posture, enterprises can leverage IBM security products and solutions that provide the ability to control and manage people and their access, protect valuable data and information assets, help build secure applications, and protect enterprise infrastructure against threats. IBM hosts a global security threat research organization that monitors activities across the Internet, detects attack patterns and helps clients stay ahead of the threat. These solutions speak to utilizing the increasing volume of security data. IBM also offers solutions to monitor access to, encrypt and help secure the huge volumes of data found in enterprise data warehouses, including both structured and unstructured data such as found in Hadoop data stores. IBM products also help manage encryption keys, a critical component of security in both traditional data centers and Cloud environments.

• Q. What current IBM products and solutions do you recommend to organizations trying to overcome the security challenges associated with the proliferation of cloud computing and mobile apps today?

A. Cloud adoption models reflect patterns of usage where the provider is looked upon to provide infrastructure, platform- or software-as-a-service. IBM provides cloud security solutions that span protection and visibility around identity, application and data, and threat protection in cloud deployments:

– Identity protection solution helps administer, secure and extend identity and access to and from the cloud.

– Application and data protection helps secure enterprise data, and build, test and maintain secure cloud applications.

– Threat protection and security intelligence capabilities help prevent advanced threats with layered protection, and accurate and actionable insight about cloud infrastructure and applications.

– When it comes to mobile security, it encompasses both secure adoption of BYOD as well as ensuring secure mobile transactions. IBM provides solutions so that enterprises can execute a three-pronged approach to provide security at the endpoint, over the network and for the application.

– Mobile device management solution helps manage mobile devices and protect data, with an integrated approach that is applicable to range of endpoints – from mobile devices, laptops to servers.

– Mobile access management solution helps enforce context-aware access controls, so that enterprise applications and information access can be managed based on associated risk.

– Mobile application security solutions helps scan and validate mobile applications, and prevent application vulnerabilities.

Dr. Nataraj (Raj) Nagaratnam is an IBM Distinguished Engineer and Chief Technology Officer for Security Solutions in IBM Security Systems. In this role, Raj leads cross IBM technical strategy for security solutions including mobile security, and cloud security; drives integration and innovation projects. During his career at IBM, as chief architect, he has lead architectural efforts for security portfolio in identity and access management, and prior to that security architecture for WebSphere Platform. He was also the CTO for India Software Lab focused on building technical leadership and collaborative innovation. He leads and participates in various open standards activities. He has authored and co-authored numerous journal articles, papers, security standards specifications, and books, including the book on “Enterprise Java Security” published by Addison Wesley. Nataraj received his Ph.D. in Computer Science from Syracuse University.