IBM offers several hosted security products to enable data integrity, recovery, privacy, and customer isolation in a cloud environment.
IBM unveiled a series of new security products and services
for customers struggling with cloud security planning and management on Oct.
IT managers have a multitude of security and privacy concerns
about moving their data to the cloud, said Jason Hilling, portfolio manager for
the Managed and Cloud Security Service group at IBM Global Technology Services.
These security concerns may deter companies from taking advantage of the
performance benefits of cloud computing
, he said.
In a 2010 Global IT Risk
survey by IBM's Institute for
Business Value, 77 percent of respondents said adopting cloud computing makes
protecting privacy more difficult. About half were concerned about potential
data breaches, and almost a quarter of the surveyed managers were worried about
weak network security, according to the survey.
The study surveyed over 600 IT managers and senior
executives across multiple industries and regions, in North America, Europe,
Asia-Pacific, the Middle East, Latin American and Africa to understand how
enterprises are managing IT risks. While respondents generally were confident
about their risk compliance and management efforts, they identified security in
the cloud as a big problem area.
Hilling described a two-pronged approach emphasizing proper
and putting security tools in the cloud instead of dealing
with each individual endpoint. The security tools include the rather awkwardly-named
IBM Managed Security Services Hosted Security Event and Log Management and the
scanning service IBM Managed Security Services Hosted Vulnerability Management.
Hilling also said IBM's security consulting services help organizations with
security planning by creating a roadmap, performing an assessment, and
identifying application security needs.
Data security doesn't mean the same thing to everyone,
Hilling said. Service providers and users consider security measures that make
sense for their business, such as the kind of work being performed and the processes
that are in place. Organizations with collaboration tools and e-mail in the
cloud should focus on access and policy controls, but healthcare systems should
think about data isolation and encryption, the company said.
The Security incident and event management tool moves to the
cloud via the IBM Managed Security Services Hosted Security Event and Log
Management tool. This enhanced offering consolidates the security event and log
data of all the operating systems, applications and infrastructure equipment
into a single location for IT managers to assess and respond to real-time and
historical traffic. Organizations can also outsource these tasks to IBM's
Security Operation Centers, the company said.
IBM Managed Security Services Hosted
Vulnerability Management is a network-based vulnerability assessment tool. It assesses network infrastructure and servers for potential application and operating system vulnerabilities, and scans for Web and database vulnerabilities.
IBM Security Virtual Server Protection for VMware integrates
"introspection monitoring," said Hilling, where a virtual doorman scans
all traffic outside the virtual machine to detect potential malware attacks,
and the operating system inside to confirm it is running properly. The
protection checks whether any malicious code is running, such as root-kits,
said Hilling. As this is tied to the hypervisor and protects the virtual
machines from the ground up, this is available only for VMware hypervisors
said Hilling. The virtual doorman hooks into the security APIs available with VMware vSphere 4, according to Hilling. IBM is exploring adding other
hypervisor support, he said.
The IBM Watson and Zurich research laboratories are working
on security projects that enable enhanced data integrity, recovery, privacy,
and customer isolation in a public cloud environment. While not available as an
off-the-shelf product, IBM recently deployed these enhanced services within its
own environments, into the IBM Smart Business Test and Development cloud
, Hilling said.
The projects provide "infrastructure hardening,"
or stronger isolation between different workloads, said IBM. Verifying the integrity
and correct configuration of each component prevents low-level attacks such as
spoofing, IBM said.
is committed to showing that "the cloud can be a completely secure environment,
provided the right measures are in place," said Hilling.