American technology conglomerate IBM has introduced Unified Key Orchestrator, which seeks to help businesses using multiple cloud servers and platforms simplify their cyber security standards and related compliance requirements. The new tool, according to a company statement, aims to help business manage all of their cloud data through a single point of security – with IBM offering the tool as a managed service.
According to IBM’s internal surveys, an average company today uses about nine cloud environments for their operations, which include Amazon Web Services (AWS), Microsoft Azure and IBM’s own IBM Cloud. However, IBM states that with cyber criminals increasingly targeting cloud platforms to exploit zero-day or other unpatched vulnerabilities, this multiplies the security risk of each company by the number of cloud platforms they use.
This, in turn, requires companies today to have an extensive cyber security team to manage each cloud platform. As a result, the aspect of cloud security today is becoming increasingly resource and manpower intensive, and complex – and also adds to the overall burden of ensuring compliance with global cyber security legislations and standards.
Cloud platforms have been among the most exploited in terms of cyber vulnerabilities globally. A report by cyber security firm Triskele Labs said that in 2020, one-fifth of all cyber attacks in the world targeted cloud platforms. The figure has purportedly increased in 2021, with high profile cloud security gaffes in tow. For instance, in August 2021, Microsoft warned thousands of customers using its Azure platform, which included numerous Fortune 500 companies, about a flaw in one of its databases that left critical company data open for attackers to breach for as long as two years.
Earlier this year, two major flaws were discovered in AWS by security research firm Orca Security – forcing the company to urgently issue patches within six days of reportage of the flaws. IBM itself hasn’t been immune, either – in February this year, the company patched a ‘high severity’ common vulnerabilities and exposures (CVE) entry that logged a flaw in IBM’s cloud object storage systems.
These factors are being targeted by IBM’s Unified Key Orchestrator tool, which will seek to unify all such security loopholes into a single-point managed security service. The tool will be operated by IBM, which in turn will ensure that individual companies do not need to invest in security infrastructure for each cloud platform that they use.
“Unified Key Orchestrator eases the management burden which is aggravated by the security talent shortage, by making it possible for businesses to demonstrate compliance across multiple cloud platforms – which can be incredibly complex – faster and easier,” said Frank Dickson, vice-president of security and trust at market research firm, International Data Corporation (IDC).
IBM has said that its security tool will presently work on AWS, Azure and IBM Cloud, as well as on-premise server infrastructure. The tool includes crypto-key management under its unified platform, hence claiming to make security operations and matching compliance targets easier for companies. IBM also claims that the tool is the first of its kind in the world, and going forward, will also incorporate more cloud environments to increase the scope of roping in more businesses under its umbrella.