Gartner IT Symposium/Xpo 2019: Security and regulatory concerns with public cloud

How IBM works with clients in regulated industries to scale AI across public clouds and protect data.

Gartner IT Symposium/Xpo 2019: IBM is overcoming security and regulatory concerns with public cloud How IBM works with clients in regulated industries to scale AI across public clouds and protect data.

TechRepublic's Associate Managing Editor Teena Maddox talked with Vice President and CEO of IBM Cloud Hillery Hunter at the Gartner IT Symposium/Xpo 2019 in Orlando about the company's public cloud and the types of security concerns businesses have. The following is an edited transcript of the interview.

Hillery Hunter: We're really excited to be here at Gartner today talking about public cloud and AI, and it's really the conversation that all enterprises are having. We see a couple of things happening in that, you know, as people are having a conversation about cloud and about AI, both lead often to a conversation about data, and when you're having a conversation about data, you need to have a conversation about picking a public cloud provider that you trust.

We're excited here at this symposium today and tomorrow to be talking about clients from regulated industries--clients like HomeTrust Bank, BNP Paribas Bank, ExxonMobil and their Rewards+ mobile app that lets you buy gas seamlessly at the gas pump. And all these conversations are about regulated data, they're about sensitive client and customer data, and it's really about who do you trust with that data.

SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (free pdf) (TechRepublic download)

We have core technologies in the IBM public cloud, like our Keep-Your-Own-Key technology. That's the only one in the industry that enables clients to not only keep their data and the data to be theirs, but they can even keep the keys and keep that key on a very, very secure hardware security module. This is the only offering of its type in the industry. The protection of data remains fully in the client's control and that makes the whole conversation about doing public cloud, about doing AI, so much easier.

When people are thinking about the cloud journey, there are so many human factors, but there's also business factors, there's regulatory concerns, security concerns. To kind of start from the side of the human factors, people that are looking at a cloud journey want to be sure they have developers that are ready for that. Conversations about Agile and transformation and DevOps and all those kinds of things. We have a booth here today about the IBM Garage, and that's one of the ways we engage with people to help their developer communities understand what cloud is and how to develop for it. That just overall sort of lowers the transformation process barrier and kind of lowers the fear but also enables transformation and evangelism of a cloud, in kind of a development context, within an enterprise.

When we look at things from the kinds of things that a risk officer, a security officer, an information officer in a major corporation thinks about, what we see is their concerns about public cloud are often related to regulations and privacy. In the IBM public cloud and with things like our Watson AI services, we have had a policy since day one where we said, "Your data is your data. We will never leverage your data that you've given to us to do your business on the public cloud. You have not given that data to us for use for any other purposes other than yours. We won't use that data to train our AI models or to train AI models for other clients."

There's first the question about data policy: "Is the cloud provider going to reuse my data?" And in our case for IBM, the answer is absolutely not. Secondly, there's a question about data architecture: "How do I ensure that I know who has access to the ata in the public cloud environment I'm using and how that data is protected?" When we have these conversations with clients on what we call the journey to cloud, we're often first having an information architecture conversation with them to enable them to set up a consistent policy and governance model across private cloud, across traditional IT and public cloud. And then when we get their data into the public cloud, we very often are using things like Bring-Your-Own-Key and Keep-Your-Own-Key, which are technologies that enable clients to encrypt their data and in the case of KYOK, or Keep-Your-Own-Key, to maintain full control over those keys. So effectively, the data is encrypted, the data is secret when it's in the public cloud, and even the decoder ring—the key for that data—is kept under the client's control.

When we look at this kind of combination of things, it becomes a great opportunity for clients to address the fear factors that they often have. Everything from, "Do my developers know how to do this thing called cloud and work efficiently in this new type of innovation?" To, '"Do I know that my data is going to remain mine, and do I know that I can maintain similar security and compliance posture on my data and my IT operations?"

We're really excited to be making some announcements today and tomorrow about some of our core client base, and IBM historically has had a lot of trust from companies that work in regulated industries, in banking and other parts of finance and healthcare, in companies dealing with sensitive personal information of their consumers. We historically have been the partners of those businesses for doing their IT infrastructure, and we have been investing heavily in our public cloud in order to enable the types of features and functions required for regulated industries. That includes everything from bringing to market new virtual server instance types that provide 80 gigabits per second, that provide supercomputing class, computing capabilities with the Power AC922 servers to the things that are required to protect the data when they bring it to the public cloud.

Taking our overall understanding of regulatory posture, including insights, for example, from IBM Promontory, which is well known as an adviser for regulatory compliance in the financial services industry and bringing together the core technologies like mainframe backed, Keep-Your-Own-Key, the industry's highest level of certification for encryption FIPS 140-2 level 4, bringing together these core technologies with industry understanding for regulated industries is what has brought us to this place where we are announcing a number of key partnerships and key clients like HomeTrust Bank, ExxonMobil for their Rewards+ mobile app, BNP Paribas, eLaw, which deals with legal forms and regulations. And so we're really excited to see this overall strategy investment come together where we're delivering true cloud native capabilities, high-performing compute infrastructure, and the data protection context that enables regulated industry companies to have confidence in using a public cloud with IBM.

Also see