I spoke with Chris Lovejoy, head of the global security and sustainability practice at Kindrilwhy conventional approaches to security are insufficient – and how to remedy this situation.
Check out the podcast and video below.
Edited transcript highlights:
What steps should companies take to protect enterprise security?
Pleasure of love: My very simple recipe given where we are in the market: Move left, move right and level up in the middle.
Let me explain what that means. Move left: I see one of the main issues is that we’re moving to the cloud, but we’re not moving to one cloud, one hyperscaler. We have multiple hyperscalers, we have SaaS applications and we have legacy. You should be able to manage the stitches.
So where we break down is that organizations buy the security capabilities associated with these individual hyperscalers… they assemble applications. They use a lot of open source widgets etc. What are they? no I think about the stitches between the hyperscales and between the widgets within the apps they build for the cloud. So [being aware of that] is a shift to the left.
Shift right is the complete opposite. The move to the right is: engage with the Disaster Recovery/Business Continuity people, really understand which are your business critical services, go through the playbook. If hit by ransomware, everything is locked, where will I get my data?
Now what are you doing in the middle? All the other things you have. [Use] DevSecOps, prepare for recovery by contacting your BCDR people and then simplifying in the middle. This means that you security officers need to be more business-oriented. Your job is not just to protect, but to manage risk, business risk.
You can’t do this alone. You must have friends. Go make friends, talk to people, talk to application security people, talk to disaster recovery people, talk to business people, talk to finance people, find out what they can tolerate and help build the right level of control , to achieve these goals.
The advantage of Kyndryl
Pleasure of love: For those who don’t know us, we are the spinoff of IBM. So IBM separated its services, managed services and technology services businesses. We provide services to the market and focus on those companies that are going through any form of digital transformation, any kind of digital modernization.
What we do is help migrate applications and infrastructure to the cloud. Also, we help transform their extended work environment. So it allows telecommuting, working from home and all that. Also, we focus on automating your operations, so we automate things like patch management, vulnerability management, identity management automation, automating your key front office, back office operations through intelligent automation using AI. And then: security and sustainability. We help you operate in this increasingly risky world.
Those are the four things we do. What is our advantage? We at Kyndryl are a startup company with a 100-year heritage. We have 92,000 people, most of them are technologists, engineers, they know how to put things together. They know mainframe, they know AIX, they know hyperscalers, they know SAP.
If you have technology, we have someone in the organization who knows how it works and how to manage it. So what I would say is for anyone who has a problem in the area of: I need to optimize the way I use the cloud, I need to do something for my workplace, I need to make my operations more efficient, or I’m worried about security and sustainability, that’s what we do.
And if you’re looking for someone who understands technology and how it works in business, we do that. We don’t build software, we use other people’s software – our difference is actually our people.
Listen to the podcast:
Also available on Apple Podcasts
Watch the video: