I spoke with Kris Lovejoy, Global Practice Leader for Security and Resiliency at Kyndryl, about why conventional approaches to security are insufficient – and how to remedy this situation.
See the podcast and video below.
Edited highlights from the transcript:
What steps should companies take to protect enterprise security?
Lovejoy: My very simple recipe, given where we are in the marketplace: Shift left, shift right, and level up in the middle.
So let me explain what that means. Shift left: I’m seeing one of the major problems is that we’re moving into cloud, but we’re not moving into one cloud, one hyperscaler. We’ve got multiple hyperscalers, we’ve got SaaS applications, and we’ve got legacy. You need to be able to manage across the seams.
And so where we’re falling apart is, organizations are buying the security capabilities associated with these individual hyperscalers…they’re cobbling together applications. They are using a lot of open-source widgets, etc. What they’re not thinking about is the seams between the hyperscalers and between the widgets in the frames, in the applications that they are building for cloud. So [being aware of that] is shift left.
Shift right is totally the opposite. Shifting right is: get yourself engaged with the disaster recovery / business continuity people, really understand what your business critical services are, run through the playbook. If it’s hit by ransomware, everything’s locked up, where am I gonna get my data?
Now what do you do in the middle? All the other stuff you’ve got. [Use] DevSecOps, prepare to recover by getting in touch with your BCDR folks and then simplify in the middle. It means that security officers, you’ve got to be more business-oriented. Your job isn’t just to protect, it’s to manage risk, business risk.
You can’t do that by yourself. You have to have friends. Go make friends, go talk to people, talk to the application security people, talk to the disaster recovery people, talk to the business people, talk to the finance people, understand what they can tolerate and help build the right level of control to achieve those objectives.
The Kyndryl Advantage
Lovejoy: For those who don’t know us, we are the spinoff from IBM. So IBM spun off their services, managed services and technology services business. We deliver services to the market, and we focus on those companies that are undergoing any form of digital transformation, any kind of digital modernization.
What we do is we help in migrating applications and infrastructure to the cloud. Also, we help in transforming their extended workplace environment. So enabling remote work, work from home, all of that. Additionally, we focus on automating your operations, so automating things like patch management, vulnerability management, automating identity management, automating your key front office, back office operations through intelligent automation, using AI. And then: security and resilience. We help you in operating in this increasingly risky world.
So those are the four things that we do. What’s our advantage? At Kyndryl, we are a startup with 100-year heritage. We’ve got 92,000 people, most of them are technologists, they’re engineers, they know how to put stuff together. They know mainframe, they know AIX, they know the hyperscalers, they know SAP.
If you have technology, we’ve got somebody within the organization that knows how it works and how to manage it. And so what I would say is for anybody who has a problem in the area of: I need to optimize how I’m using cloud, I need to do something about my workplace, I need to make my operations more efficient, or I worry about security and resiliency, that’s what we do.
And if you are looking for somebody who understands technology and how it works in business, that’s what we do. We don’t build software, we use other people’s software – our difference is really our people.
Listen to the podcast:
Also available on Apple Podcast
Watch the video: