Safeguarding the cloud
with IBM Security
solutions
Maintain visibility and control with proven security
solutions for public, private and hybrid clouds
Highlights
Address cloud concerns with enterpriseclass security solutions across all IT
security domains
●● ● ●
Help protect and manage internal and
external users, data, applications and
workloads as they move to and from
the cloud
●● ● ●
●● ● ●
Gain visibility and demonstrate compliance with activity monitoring and security
intelligence
Cloud computing is transforming IT, resulting in greater operational
efficiencies and lower costs than with many traditional IT deployments.
However, while planning for cloud deployments, IT departments are
concerned with reduced visibility into cloud data centers, less control
over security policies, new threats against shared environments and the
complexity of demonstrating compliance. To meet this need, IBM offers
a cloud security portfolio that spans all security domains—people, data,
applications and infrastructure—based on the IBM® Security framework
and informed by thousands of client engagements.
The capabilities featured in IBM Security solutions help IT departments
to manage and protect against risks associated with cloud computing.
Some key areas include:
●● ●
●● ●
●● ●
Managing user identities with comprehensive administration and
security capabilities
Monitoring and helping protect access to data and helping guard
applications against the latest threats and vulnerabilities
Helping secure endpoints and defend workloads against sophisticated
network attacks within the cloud
Deployed in private and hybrid cloud environments, IBM Security
solutions provide layered protection and deep insight across the infrastructure. Capabilities such as federated single sign-on and privileged
IBM Software
Solution Brief
user management help provide simplified access and control
across multiple cloud services for potentially millions of users.
Database monitoring and web application scanning help reduce
data and application vulnerabilities. IBM solutions also support
security compliance with patch management for endpoints and
virtualized machines. What’s more, these solutions increase visibility and enhance auditing of cloud activity within multi-tenant
environments.
IBM customer case study: EXA Corporation
An integrated set of IBM cloud solutions for automation, security and
management is helping EXA Corporation protect a hybrid private
cloud solution that combines proprietary and external data centers
distributed across Japan. A solution—including IBM Tivoli® Federated
Identity Manager and IBM Security Virtual Server Protection for
VMware—has helped the company to reduce costs and improve
disaster resiliency, offer secure cloud-based services to its customers, and improve the flexibility and scalability of its IT environment.
IBM Security Framework
IBM Security Identity and Access Assurance helps users
gain access to cloud resources, while also monitoring, controlling and reporting on the identities of the systems, database
administrators and other privileged users. Identity federation
and rapid onboarding capabilities help extend entitlements to
applications and environments beyond the corporate firewall.
In addition, IBM Tivoli Federated Identity Manager provides authentication to multiple cloud applications with a single
ID and password, providing self service for identity creation
and management. A virtual appliance deployment model helps
administrators get started quickly and scale to thousands of
users. Built on a standards-based platform, this single sign-on
solution helps simplify logons for both internally hosted
applications and the cloud, allowing users to easily and quickly
leverage cloud services.
Infrastructure
Applications
Data
People
Professional Services
Security Intelligence
and Analytics
Cloud and Managed Services
Governance, Risk and Compliance
Advanced Security
and Threat Research
Software and Appliances
In addition to database administrators and system administrators, cloud computing introduces a new tier of privileged
users: operating personnel working for cloud providers.
IBM Security Privileged Identity Manager helps manage
and control access to critical cloud resources by the organization’s employees and/or personnel who work for cloud
providers and have high-level privileged access.
Identity protection: Access control across
cloud environments
Organizations need to provide access to the data and tools
their authorized users need, when they need them, while also
blocking unauthorized access. As relationships extend outward
to diverse communities of users, organizations also need strong
provisioning and auditing capabilities for service and application
entitlements.
2
IBM Software
Solution Brief
Data and application protection: Reduce
vulnerabilities, prevent exploits
IBM InfoSphere® Guardium® Database Security solutions
offer capabilities to help protect cloud-based customer information and intellectual property from both external and internal
threats. These solutions help prevent unauthorized changes
to sensitive cloud-based data by privileged users. They also
can help reduce audit costs by providing a consistent approach
for cloud- and non-cloud-based databases, including a centralized security console across different database platforms.
Cloud-based data is often encrypted, and controlling and managing encryption keys can become a major concern in cloud
environments. IBM Tivoli Key Lifecycle Manager, with
full Key Management Interoperability Protocol (KMIP)
support, enables the easy and secure exchange of encryption
keys between key managers and encryption providers.
In shared infrastructures such as storage clouds, sensitive or
regulated data—including run-time and archived data—must
be properly segregated from unauthorized users. Database and
system administrators may have access to multiple clients’ data,
and the location of stored data in a cloud may change rapidly.
IBM helps improve data governance through database access
management, monitoring and reporting of both cloud-based
users and system and database administrators, and through
prevention of access attempts by malicious users.
IBM SmartCloud security intelligence
IBM Security QRadar SIEM and IBM Security QRadar VFlow Collector appliances
IBM SmartCloud Security
Identity protection
IBM SmartCloud Security
Data and application protection
Administer, secure, and extend
identity and access to and from the
cloud.
Secure enterprise databases.
Build, test and maintain secure
cloud applications.
IBM Security Identity Manager
IBM Security Access Manager
IBM Tivoli Federated Identity
Manager - Business Gateway
IBM Security Privileged Identity
Manager
IBM InfoSphere Guardium
IBM Security AppScan suite
IBM Security AppScan
OnDemand (hosted)
IBM Tivoli Key Lifecycle
Manager
3
IBM SmartCloud Security
Threat protection
Prevent advanced threats with
layered protection and analytics.
IBM SmartCloud Patch
Management
IBM Security Network Intrusion
Prevention System Virtual Appliance
IBM Security Virtual Server
Protection for VMware
IBM Software
Solution Brief
hypervisor directly. IBM Security Virtual Server Protection
for VMware is designed to provide VMware-based infrastructures with dynamic security capabilities without requiring hostbased agents within each guest.
Today’s headlines are filled with the news of application security
failures. Poor coding practices and human error, combined with
the relative ease of finding and exploiting these vulnerabilities,
often makes application security a major point of weakness. The
IBM Security AppScan® suite of products provides one of the
industry’s most comprehensive sets of tools to protect today’s
enterprise applications. The dynamic analysis platform included
in IBM Security AppScan Standard Edition allows continuous testing of production applications deployed to the cloud.
IBM Security AppScan Source Edition provides source codescanning capabilities that help development teams discover and
remediate security issues in new and existing applications.
To manage the numerous servers and systems in the cloud,
IBM SmartCloud® Patch Management can help ensure
that correct patches and security configurations are continuously assessed and remediated. IBM SmartCloud Patch
Management, built on IBM BigFix® technology, supports
multiple operating systems and third-party applications with
thousands of out-of-the-box policies for assessing and ensuring
security policy compliance.
Threat protection: Shield cloud resources
from attacks and intrusions
Mainframe: Protect private clouds and
virtualized environments
Cloud workloads are often Internet-facing, significantly increasing exposure to external threats and requiring an advanced
level of protection for cloud workloads and their users. The
IBM Security Network Intrusion Prevention System provides advanced network-level protection against emerging
threats and vulnerabilities. Backed by the IBM X-Force®
research and development team, IBM network protection
helps shield applications and network infrastructure from
exploitation, identifies personally identifiable information (PII)
and other confidential data, and prevents users from opening
up attack vectors such as instant messaging protocols and
peer-to-peer file sharing to and from cloud resources.
Although mainframes are known for robust security, organizations still need a multi-layered approach to protect the missioncritical transactions that occur on the platform and their most
crucial production data. The IBM Security zSecure™ suite
provides cost-effective security administration, improves service
by detecting threats and reduces risk with automated audit and
compliance reporting. The following tools, in particular, can
enhance security in mainframe cloud environments:
●● ●
Unpatched systems, unnecessary services and poor configurations settings are a high risk to cloud deployments. Moreover,
virtualization introduces additional security complexities,
such as maintaining the security of offline or suspended images,
and opens the possibility of new classes of attacks targeting the
●● ●
●● ●
4
IBM Security zSecure Audit—empowers users to automatically analyze and report on security events and detect security
exposures
IBM Security zSecure Administration—enables more
efficient and effective IBM Resource Access Control Facility
(RACF®) administration, using significantly fewer resources
IBM zSecure Manager for RACF z/VM®—provides
combined audit and administration capabilities for RACF in
the virtual machine environment
IBM Software
Solution Brief
Security intelligence: Visibility and
insight into cloud activity and threats
IBM Security QRadar VFlow Collector appliances provide
Layer-7 monitoring for VMware ESX and ESXi virtual environments and out-of-the-box application-profiling support
for more than 1,000 applications. The solution runs as a virtual
host inside the hypervisor and can monitor traffic from the
virtual switch as well as port-mirrored traffic from a physical
switch, providing visibility in both the traditional and virtual
environments that comprise hybrid cloud environments.
By design, clouds hide underlying infrastructure from their
tenants, making regulatory compliance difficult. Visibility and
auditing are clearly critically needed capabilities and cloud
providers must therefore support third-party audits. Customers
are also increasingly asking for forensic capabilities to support
security investigations.
Why IBM?
IBM QRadar® Security Intelligence Platform solutions,
anchored by IBM Security QRadar SIEM, provide auditing
capabilities and visibility into cloud deployments by monitoring
all traffic going into and out of the cloud. By monitoring data
at the application and network levels, QRadar solutions can
aggregate this information with other security technologies,
such as IBM Security Identity and Access Assurance, to correlate not only what data is going to the cloud, but which user
is sending it.
Security is a journey, not a destination. An enterprise cloud
security strategy should align with overall IT security strategy
as an extension of the existing IT infrastructure. IBM offers
a broad portfolio of security products and services to help
build more secure cloud environments with more intelligent
security policies. IBM security solutions are supported by
the world-renowned IBM X-Force team—one of the most
respected commercial security research teams in the industry.
IBM X-Force helps organizations stay ahead of emerging
threats by analyzing and maintaining one of the world’s most
comprehensive vulnerability databases. IBM X-Force researches
and evaluates the latest security threats and trends, and develops
countermeasure technologies for IBM security solutions.
5
For more information
To learn more about IBM Security solutions, please contact
your IBM representative or IBM Business Partner, or visit:
ibm.com/security
For more information about the EXA corporation case study,
please click here.
About IBM Security solutions
IBM Security offers one of the most advanced and integrated
portfolios of enterprise security products and services. The
portfolio, supported by world-renowned IBM X-Force research
and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data
and applications, offering solutions for identity and access
management, database security, application development, risk
management, endpoint management, network security and
more. These solutions enable organizations to effectively
manage risk and implement integrated security for mobile,
cloud, social media and other enterprise business architectures.
IBM operates one of the world’s broadest security research,
development and delivery organizations, monitors 13 billion
security events per day in more than 130 countries, and holds
more than 3,000 security patents.
Additionally, IBM Global Financing can help you acquire
the software capabilities that your business needs in the most
cost-effective and strategic way possible. We’ll partner with
credit-qualified clients to customize a financing solution to
suit your business and development goals, enable effective
cash management, and improve your total cost of ownership.
Fund your critical IT investment and propel your business
forward with IBM Global Financing. For more information,
visit: ibm.com/financing