#CounterpunchWithSVG E05: IBM Says It Can Secure The Modern Enterprise But I Had Qs

Catch Matthew Glitzer, Vice President, IBM Security, Asia Pacific in an exclusive conversation with Sanchit Vir Gogia (SVG), Chief Analyst & CEO, Greyhound Research on our executive dialogue series, #CounterpunchWithSVG. This series is about sharp, honest, and unfiltered conversations. The format is simple. SVG pulls punches at his opponent (asks tough questions that most wouldn’t) and gives his opponent an equal opportunity to counterpunch (either clarify ground or be honest about their inability to). In a world full of marketing hype, we at Greyhound Research believe #CounterpunchWithSVG makes an insightful read. We bet you will share our sentiment once you’ve read this exchange!

SVG: We’ve received feedback from a few users about IBM Security Guardium – that while it’s efficient, the feature enhancement cycles are longish and cost-prohibitive – any guidance on these issues can help.

Matthew: We release new features for Guardium Data Protection at least twice per year, with additional patches and minor enhancements every couple of months. Feature and enhancement updates are a part of the subscription pricing, so customers under active maintenance are entitled to new features at no additional cost. For various reasons (e.g., for lack of awareness or expertise), we find that many customers do not end up using the most advanced features or configuration enhancements that could help them reduce TCO.

IBM Security Guardium is the data security leader because we stay on the technological forefront to protect our clients’ sensitive information.

We generally anticipate needs and provide the most comprehensive set of functions and support than any other DCAP vendor. We remain competitive with our pricing structure and opportunities, based on the value the solution provides to customers and are always open to looking for our customers’ right cost frameworks. Using other alternatives for data security would incur in exploding costs or sub-par security and compliance.

SVG: We’ve also received similar feedback for IBM Security Access Manager. Can you offer a perspective on how you plan to make the cost arrangements better and softer for clients? Especially in today’s times when IT budgets are being cut, and organizations are looking at survival more than anything else.

Matthew: We empower our local sales leaders to work with clients individually to develop a compelling price point that delivers a significant ROI. In addition to this localized empowerment, we begin with an overall pricing strategy that provided tiers so that customers gain more value as the quantity increases. We also have special tiers (pre-discounted) designed to best match against the government, education, and not for profit agencies.

Our model also includes multiple charge metrics that can also provide higher value at a lower cost point. This includes Per Appliance models, User Value Units, Processor Value Units. The User Value Units are not only on a tiered scale but also have a 15 to 1 ratio for specific user types. This year, specifically in response to customers who are facing extremely challenging times, we have provided some free access programs from our SaaS solution, and for other, on-premises customers we have granted temporary licenses for customers to be able to modify their deployments to service more and different types of users without making a new purchase.

Hybrid enterprise is a reality today, and as organizations migrate more of their workloads and applications to the cloud, they want to continue to secure their on-premises investments.

IBM Security Verify Access, formerly IBM Security Access Manager or ISAM, helps organizations simplify their users’ access while more securely adopting web, mobile, IoT, and cloud technologies. It can be deployed on-premises, in a virtual or hardware appliance, or containerized with Docker. Verify access helps strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication.

SVG: What do you think about Zero Trust, and how is IBM building value around that?

Matthew: The hybrid multi-cloud environment allows the workforce, customers, and partners to access organizational resources and data wherever they are, whenever they need them. However, to protect users’ privacy, clients require a robust security strategy, governance, and risk planning. As a result, many organizations are looking to apply principles of least privilege or deny-by-default policies like Zero Trust. This method aims to enable only the right users to have suitable access to the correct data under the right conditions.

While the philosophy of zero trust has matured in scope for nearly a decade, the fact remains that it is challenging to implement and integrate across multiple security domains.

Rather than focus on one functional area of Security, Zero Trust forces security and risk leaders to shift into a business outcomes mindset, rooted in a unified strategy that accelerates business and IT objectives. IBM Security helps organizations accelerate their zero trust journey by defining an integrated, multi-disciplinary zero trust strategy and offering a prescriptive set of steps to make it actionable. 

Our in-house security professionals help organizations verify that users, data, and resources are securely connected through a deny-by-default policy and authorization. IBM Security professionals first focus on assessing an organization’s security posture for the chosen use case through the principles of its zero-trust governance model.

IBM Security has recently launched IBM Security Zero Trust Acceleration Services. This offering can help organizations accelerate their zero trust journey by delivering an integrated multi-disciplinary strategy and roadmap for implementation. The offering relies on IBM Security’s zero-trust governance model to assess each organization’s current security posture and gaps and provide prescriptive recommendations to adjust and improve the controls that protect the business.

SVG: Also, I would like your thoughts on the availability of partners to help make Zero Trust successful. Who’s helping, and how and what’s the regional success been so far?

Matthew: Zero trust architecture initiatives rely on many software and hardware capabilities from multiple vendors. Adoption and maturity are often accelerated by collaborating with trusted service providers. IBM invests heavily in an open ecosystem of technology and services partners, enabling clients to leverage the security investments they have already made.

SVG: How is IBM solving the Cybersecurity skills shortage?

Matthew: According to the recent findings from the fifth annual IBM Cyber Resilient Organization Report, security workforce skills were the top factor cited as a reason for their ability to respond to attacks. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

While organizations realize the cybersecurity challenges, there is a considerable security talent shortage. The current skills gap across the US and 10 of the major global economies, including APAC, suggests that the global cybersecurity workforce needs to grow by 145% to meet the demand for skilled cybersecurity talent. (Source)

IBM has been working on resolving this skill gap by playing an active role in driving awareness to attract new talent and create partnerships with educators to provide next-gen training tools. Key to this is the mindset to move away from the traditional recruitment model/career paths and engage candidates who have the right skills and aptitude needed in the cybersecurity ecosystem.

To fill these “New Collar” jobs, IBM has been leading multiple initiatives like P-Tech, IBM Apprenticeship Program as well as IBM Cyber Day for girls – a program to help raise cybersecurity awareness amongst middle school girls and aims to help promote awareness of cyber safety and careers for young women in grades 6 through 8 – an age when many girls begin opting out of science and math.

Since IBM launched Cyber Day for Girls program in 2016, it has reached over 5,500 girls at 100 events in 9 countries on 6 continents (Canada, US, UK, Ireland, Australia, South Africa, Nigeria, India, and Argentina).

Since 2015, new collar cybersecurity professionals have accounted for 20% of IBM Security’s hiring in the US.

As much as respondents report technology as key to a stronger security posture, some struggle to access the latest tools or get the most out of them. AI is changing the game for cybersecurity by augmenting the skills of human security analysts. AI brings the cognitive ability to grow, learn, and carry out tasks based on algorithms, not just allowing them to do their jobs faster and more accurately but also alleviates the current skills gap that security teams face by making junior analysts more effective.

AI empowers our client’s SOC by continually becoming more knowledgeable as it gathers information from a near-infinite variety of sources. “Cognitive” security tools that incorporate next-gen, intelligent technologies can help resource-strapped security workers stay ahead of threats. Watson for security has been trained on the language of security and can help security analysts parse thousands of natural (human) language research reports creating a data pool that has never before been accessible to modern security tools. This is the necessary evolution of the cybersecurity industry to keep up with increasingly sophisticated threats and demands on security analysts.

SVG: Matthew, thank you. This has been a wonderful conversation, and I hope to catch-up soon for another, deeper round of conversation on security. Thanks again for your time.


<strong>Analyst: Sanchit Vir Gogia</strong>
Analyst: Sanchit Vir Gogia

Sanchit is the Chief Analyst, Founder & CEO of Greyhound Research, a Global, Award-Winning, Digital & Technology Research & Advisory firm.


Disclaimer. This #CounterpunchWithSVG executive dialogue is brought to you by Greyhound Research. Please note, Greyhound Research holds complete editorial control of this content, and the featured executive (and their employer) has had no influence on the content quality and production process. All content shared herein is the copyright of Greyhound Research and you may share this using the options made available. Please don’t download this content (complete or parts) and distribute it over the web and emails. Email us at connect@greyhoundg.com if you need clarifications.

Copyright © 2020 Greyhound Research. All rights reserved. You may share this research note using the options made available. Please don’t copy this research note (complete or parts) and distribute over the web and emails. Connect with us if you need clarifications.

Legal Note. The contents in this portal do not necessarily reflect the opinions, ideas, thoughts, points of view, and any other potential attribution to any contributor’s, commentator’s, or author’s past or future employers. No NDA’s have been broken. Email our Client Centricity Team to learn more on our NDA policy. Sources may come from both publicly available information and private individual conversations. In case of publicly available information, attributions have been added.

Leave a Reply