CDSA

IBM Security CTO: Collaboration Crucial to Confront Cybersecurity Challenges

From the adoption of SaaS services to the use of hybrid, multi-cloud environments, the technologies of the media and entertainment industry advance quickly. But what’s not keeping pace is the necessary cybersecurity tools to make sure it’s all safe to use.

“The success of all this change is dependent on one universal requirement, and that’s cybersecurity,” said IBM Security CTO of threat management Jason Keirsted, speaking Oct. 20 on the main stage of the Media & Entertainment Day event. “Security needs to address all these challenges, but that can really tend to be challenge, and that’s because of this disconnected world we live in, where you have all of these different clouds, traditional infrastructure, with cybersecurity having to be sprinkled everywhere.

“It makes it very difficult to detect threats, difficult to investigate or mediate, and tools and technologies that are trying to secure these platforms tend to not talk to each other.”

The potential solution? The Open Cybersecurity Alliance Project (OCA), which aims to offer an open-source, standards-based, Interoperable solution for everyone, allowing cybersecurity products to work with each other, without the need for any customized integrations. By simplifying integration across the threat lifecycle — using community-developed standards and practices — the project can provide peace of mind for everyone in the industry, Keirsted said during his presentation “Open Security – From Patchwork to Platform.”

Regarding today’s cybersecurity approach, there’s too much to do, too many vendors to track, too much complexity behind it all, and far too many alerts for any one company to manage, Keirsted said. “How can you expect the skills of your people to grow when the cybersecurity tool chain changes every couple of months?” he said. “This current state of cybersecurity, we believe is simply unsustainable long-term.”

Open-source isn’t a new concept in terms of enterprise innovation: for operating systems, nearly 70% run on Linux, for apps and data, open-source is used in roughly 40% of projects, and in management, approximately 4,000 developers are contributing to Kubernetes, Keirsted shared. Security is a logical place to do the same.

Open security provides for community-led innovation and expertise, shared data and user experiences, and accelerates innovation, Keirsted said. And the pillars behind OCA go a long way toward achieving those benefits: open standards help reduce the head count of individual security teams, open-source code allows for quick fixes in gaps with commercial products, intelligence and analytics collaboration allow for quick response to threats (with two-thirds of security teams currently not sharing their data), and common best practices can reduce the mand hours required to respond to an incident by nearly 95%, according to IBM Security data.

OCA is showing that instead of trying to create an effective security program using fragmented, patchwork solutions and data sources, vendors can come together and communicate over a standard fabric over the entire threat management lifecycle. OCA is already deep into three projects, including open-data, open DXL ontology, and data collection (around Security Content Automation Protocol standards).

To learn more about the OCA click here.

M&E Day was sponsored by IBM Security, Microsoft Azure, SHIFT, Akamai, Cartesian, Chesapeake Systems, ContentArmor, Convergent Risks, Deluxe, Digital Nirvana, edgescan, EIDR, PK, Richey May Technology Solutions, STEGA, Synamedia and Signiant and was produced by MESA, in cooperation with NAB Show New York, and in association with the Content Delivery & Security Association (CDSA) and the Hollywood IT Society (HITS).