You are on page 1of 6

IBM Software

Solution Brief

Safeguarding the cloud
with IBM Security
Maintain visibility and control with proven security
solutions for public, private and hybrid clouds

Address cloud concerns with enterpriseclass security solutions across all IT
security domains

●● ● ●

Help protect and manage internal and
external users, data, applications and
workloads as they move to and from
the cloud

●● ● ●

●● ● ●

Gain visibility and demonstrate compliance with activity monitoring and security

Cloud computing is transforming IT, resulting in greater operational
efficiencies and lower costs than with many traditional IT deployments.
However, while planning for cloud deployments, IT departments are
concerned with reduced visibility into cloud data centers, less control
over security policies, new threats against shared environments and the
complexity of demonstrating compliance. To meet this need, IBM offers
a cloud security portfolio that spans all security domains—people, data,
applications and infrastructure—based on the IBM® Security framework
and informed by thousands of client engagements.
The capabilities featured in IBM Security solutions help IT departments
to manage and protect against risks associated with cloud computing.
Some key areas include:
●● ●

●● ●

●● ●

Managing user identities with comprehensive administration and
security capabilities
Monitoring and helping protect access to data and helping guard
applications against the latest threats and vulnerabilities
Helping secure endpoints and defend workloads against sophisticated
network attacks within the cloud

Deployed in private and hybrid cloud environments, IBM Security
solutions provide layered protection and deep insight across the infrastructure. Capabilities such as federated single sign-on and privileged

Identity protection: Access control across cloud environments Organizations need to provide access to the data and tools their authorized users need. Database monitoring and web application scanning help reduce data and application vulnerabilities. IBM Tivoli Federated Identity Manager provides authentication to multiple cloud applications with a single ID and password. security and management is helping EXA Corporation protect a hybrid private cloud solution that combines proprietary and external data centers distributed across Japan. IBM solutions also support security compliance with patch management for endpoints and virtualized machines. Risk and Compliance Advanced Security and Threat Research Software and Appliances In addition to database administrators and system administrators. while also blocking unauthorized access. 2 . IBM Security Privileged Identity Manager helps manage and control access to critical cloud resources by the organization’s employees and/or personnel who work for cloud providers and have high-level privileged access. What’s more. database administrators and other privileged users. and improve the flexibility and scalability of its IT environment. offer secure cloud-based services to its customers. Built on a standards-based platform. A solution—including IBM Tivoli® Federated Identity Manager and IBM Security Virtual Server Protection for VMware—has helped the company to reduce costs and improve disaster resiliency. Infrastructure Applications Data People Professional Services Security Intelligence and Analytics Cloud and Managed Services Governance. As relationships extend outward to diverse communities of users. cloud computing introduces a new tier of privileged users: operating personnel working for cloud providers. organizations also need strong provisioning and auditing capabilities for service and application entitlements. A virtual appliance deployment model helps administrators get started quickly and scale to thousands of users. In addition. Identity federation and rapid onboarding capabilities help extend entitlements to applications and environments beyond the corporate firewall. providing self service for identity creation and management. these solutions increase visibility and enhance auditing of cloud activity within multi-tenant environments. IBM Security Framework IBM Security Identity and Access Assurance helps users gain access to cloud resources.IBM Software Solution Brief user management help provide simplified access and control across multiple cloud services for potentially millions of users. controlling and reporting on the identities of the systems. IBM customer case study: EXA Corporation An integrated set of IBM cloud solutions for automation. while also monitoring. when they need them. this single sign-on solution helps simplify logons for both internally hosted applications and the cloud. allowing users to easily and quickly leverage cloud services.

IBM SmartCloud security intelligence IBM Security QRadar SIEM and IBM Security QRadar VFlow Collector appliances IBM SmartCloud Security Identity protection IBM SmartCloud Security Data and application protection Administer. monitoring and reporting of both cloud-based users and system and database administrators.IBM Software Solution Brief Data and application protection: Reduce vulnerabilities. and the location of stored data in a cloud may change rapidly. In shared infrastructures such as storage clouds. IBM SmartCloud Patch Management IBM Security Network Intrusion Prevention System Virtual Appliance IBM Security Virtual Server Protection for VMware . and extend identity and access to and from the cloud. Secure enterprise databases. and controlling and managing encryption keys can become a major concern in cloud environments. sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. test and maintain secure cloud applications.Business Gateway IBM Security Privileged Identity Manager IBM InfoSphere Guardium IBM Security AppScan suite IBM Security AppScan OnDemand (hosted) IBM Tivoli Key Lifecycle Manager 3 IBM SmartCloud Security Threat protection Prevent advanced threats with layered protection and analytics.and non-cloud-based databases. including a centralized security console across different database platforms. prevent exploits IBM InfoSphere® Guardium® Database Security solutions offer capabilities to help protect cloud-based customer information and intellectual property from both external and internal threats. Database and system administrators may have access to multiple clients’ data. Cloud-based data is often encrypted. These solutions help prevent unauthorized changes to sensitive cloud-based data by privileged users. enables the easy and secure exchange of encryption keys between key managers and encryption providers. They also can help reduce audit costs by providing a consistent approach for cloud. with full Key Management Interoperability Protocol (KMIP) support. IBM Security Identity Manager IBM Security Access Manager IBM Tivoli Federated Identity Manager . Build. and through prevention of access attempts by malicious users. IBM helps improve data governance through database access management. IBM Tivoli Key Lifecycle Manager. secure.

To manage the numerous servers and systems in the cloud.IBM Software Solution Brief hypervisor directly. IBM network protection helps shield applications and network infrastructure from exploitation. supports multiple operating systems and third-party applications with thousands of out-of-the-box policies for assessing and ensuring security policy compliance. combined with the relative ease of finding and exploiting these vulnerabilities. The dynamic analysis platform included in IBM Security AppScan Standard Edition allows continuous testing of production applications deployed to the cloud. virtualization introduces additional security complexities. unnecessary services and poor configurations settings are a high risk to cloud deployments. using significantly fewer resources IBM zSecure Manager for RACF z/VM®—provides combined audit and administration capabilities for RACF in the virtual machine environment . The IBM Security zSecure™ suite provides cost-effective security administration. built on IBM BigFix® technology. Today’s headlines are filled with the news of application security failures. Threat protection: Shield cloud resources from attacks and intrusions Mainframe: Protect private clouds and virtualized environments Cloud workloads are often Internet-facing. such as maintaining the security of offline or suspended images. The following tools. and prevents users from opening up attack vectors such as instant messaging protocols and peer-to-peer file sharing to and from cloud resources. The IBM Security AppScan® suite of products provides one of the industry’s most comprehensive sets of tools to protect today’s enterprise applications. identifies personally identifiable information (PII) and other confidential data. improves service by detecting threats and reduces risk with automated audit and compliance reporting. Backed by the IBM X-Force® research and development team. Poor coding practices and human error. The IBM Security Network Intrusion Prevention System provides advanced network-level protection against emerging threats and vulnerabilities. can enhance security in mainframe cloud environments: ●● ● Unpatched systems. Although mainframes are known for robust security. IBM SmartCloud Patch Management. organizations still need a multi-layered approach to protect the missioncritical transactions that occur on the platform and their most crucial production data. and opens the possibility of new classes of attacks targeting the ●● ● ●● ● 4 IBM Security zSecure Audit—empowers users to automatically analyze and report on security events and detect security exposures IBM Security zSecure Administration—enables more efficient and effective IBM Resource Access Control Facility (RACF®) administration. often makes application security a major point of weakness. Moreover. IBM Security Virtual Server Protection for VMware is designed to provide VMware-based infrastructures with dynamic security capabilities without requiring hostbased agents within each guest. IBM Security AppScan Source Edition provides source codescanning capabilities that help development teams discover and remediate security issues in new and existing applications. IBM SmartCloud® Patch Management can help ensure that correct patches and security configurations are continuously assessed and remediated. in particular. significantly increasing exposure to external threats and requiring an advanced level of protection for cloud workloads and their users.

anchored by IBM Security QRadar SIEM. Security is a journey. By monitoring data at the application and network levels. and develops countermeasure technologies for IBM security solutions. Visibility and auditing are clearly critically needed capabilities and cloud providers must therefore support third-party audits. clouds hide underlying infrastructure from their tenants.IBM Software Solution Brief Security intelligence: Visibility and insight into cloud activity and threats IBM Security QRadar VFlow Collector appliances provide Layer-7 monitoring for VMware ESX and ESXi virtual environments and out-of-the-box application-profiling support for more than 1. The solution runs as a virtual host inside the hypervisor and can monitor traffic from the virtual switch as well as port-mirrored traffic from a physical switch. but which user is sending it. 5 . IBM offers a broad portfolio of security products and services to help build more secure cloud environments with more intelligent security policies.000 applications. IBM security solutions are supported by the world-renowned IBM X-Force team—one of the most respected commercial security research teams in the industry. to correlate not only what data is going to the cloud. By design. QRadar solutions can aggregate this information with other security technologies. An enterprise cloud security strategy should align with overall IT security strategy as an extension of the existing IT infrastructure. IBM X-Force helps organizations stay ahead of emerging threats by analyzing and maintaining one of the world’s most comprehensive vulnerability databases. such as IBM Security Identity and Access Assurance. Why IBM? IBM QRadar® Security Intelligence Platform solutions. IBM X-Force researches and evaluates the latest security threats and trends. provide auditing capabilities and visibility into cloud deployments by monitoring all traffic going into and out of the cloud. making regulatory compliance difficult. not a destination. providing visibility in both the traditional and virtual environments that comprise hybrid cloud environments. Customers are also increasingly asking for forensic capabilities to support security investigations.

IBM SmartCloud. The enable effective cash management. For more information. EXPRESS OR IMPLIED. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY and represent goals and objectives only. an IBM Company. provides security intelligence to help organizations holistically protect their people. Other product and service names might be trademarks of IBM or other companies. IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. offering solutions for identity and access management. application development. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals. Not all offerings are available in every country in which IBM operates.000 security patents. For more information about the EXA corporation case study. or visit: ibm.shtml BigFix is a registered trademark of BigFix. Improper access can result in information being altered. NY 10589 Produced in the United States of America April 2013 IBM. About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. please contact your IBM representative or IBM Business Partner. WebSphere. This document is current as of the initial date of publication and may be changed by IBM at any time. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY. endpoint management. please click here. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention. These solutions enable organizations to effectively manage risk and implement integrated security for mobile. cloud. including to attack others. and may require other systems. monitors 13 billion security events per day in more than 130 countries. social media and other enterprise business architectures. supported by world-renowned IBM X-Force research and development. and holds more than 3. QRadar is a registered trademark of Q1 Labs. an IBM Company.. Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice. Inc. risk management. IBM systems and products are designed to be part of a comprehensive security approach. IBM operates one of the world’s broadest security research. Additionally. infrastructures. the IBM logo. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party.For more information To learn more about IBM Security solutions. and improve your total cost of ownership. FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm. database security. and X-Force are trademarks of International Business Machines Corp. which will necessarily involve additional operational procedures. detection and response to improper access from within and outside your enterprise. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. registered in many jurisdictions worldwide. Fund your critical IT investment and propel your business forward with IBM Global Financing. The client is responsible for ensuring compliance with laws and regulations applicable to it. network security and more. AppScan. © Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers. products or services to be most effective. destroyed or misappropriated or can result in damage to or misuse of your systems. development and delivery organizations. data and applications. Please Recycle WGS03012-USEN-00 . visit: ibm.