Over the last few years, IBM has invested heavily in rebuilding its security products. It has made a lot of point acquisitions to address perceived weaknesses in their product portfolio and aligned many of its internal tools to ensure a coherent product strategy.
IBM makes a play for delivering a unified architecture, platform, security tools strategy and services, raising its stake as the provider of choice
The IBM Security product portfolio in figure 1 below is both multi-layered and multi-columned. Products can be layered on top of each other to create different levels of security based on customer requirements. At the same time, the tools are designed to deal with the threefold challenge of people, process and technology. This means that customers can start with the outline framework and, as they deploy new solutions or adopt new platforms, they can bring in the tools that best fit their security challenge.
Figure 1 IBM Security Portfolio
This security portfolio is designed to be an intelligence-led approach which draws on other parts of IBM’s product portfolio. Using advanced analytics, the security portfolio can provide the detailed information to carry out profiling of users, traffic and services to identify Advanced Persistent Threats and complex cyber- attacks.
Built into this portfolio are the tools that make it possible to integrate security with compliance and other high-level functions. That integration includes rules engines and auditing to ensure that any breach of compliance can be tracked, identified, reported upon and rectified. At the same time, the built-in forensics ensure that any need to escalate a situation to law enforcement, means that the right level of data has been gathered in such a way as to meet prosecutorial standards.
IBM Dynamic Security for Hybrid Cloud
Despite the comprehensive approach that this security portfolio presents, Cloud is still not an endemic part of the security design. To address that gap, IBM announced on 5th November 2014, the latest update to its security tools: IBM Dynamic Security for Hybrid Cloud as shown in figure 2 below.
Figure 2: Updated Cloud Security Portfolio
One of the reasons for creating a separate set of tooling for cloud is to address differences between an in-house environment and the Cloud. One of the biggest differences is agility. Cloud is constantly changing and that means that security processes need to be flexible and highly automated to keep up with the threats and changes. While the tools used for in-house environments have acquired a lot of automation, they are mainly focused on static legacy systems.
Addressing cloud means the ability to not only deploy security policies and solutions as soon as a new Cloud service is instantiated, but also ensuring consistency across Cloud instances. This is where the need for high levels of automation and dynamic deployment are essential to a functional security solution. There is also the need for rules to stay with the Cloud service, application and data as they move around multiple locations to ensure that there is no risk of security breaches. While IBM is moving fast down that route, there is still work to be completed there in order to protect virtual machines and application containers.
For those companies who are building out their hybrid Cloud with a single Cloud provider, it is possible to deploy virtual appliances into the Cloud in order to extend security. Unfortunately, Business Units (BU) are not buying services from one Cloud vendor but from many Cloud vendors. Even IT departments are making decisions on whose Cloud platform to use based on the project, its finances and its importance. This means that any solution must be capable of supporting multiple Cloud platforms and this is where the ability to deliver a federated security solution is essential.
A four staged approach to Cloud security
All of this leads to IBM taking a four stage approach to security in the cloud: manage access, protect data, gain visibility, and optimize security operations. The advantage for IBM is that this is easily aligned with the way it currently protects data inside both customers and its own data centres; what changes is the use of federated solutions and increased automation.
IBM is managing access through the use of Cloud Identity and Access along with a Cloud Privileged Identity Manager for customers running on IBM hosted services. For customers who are planning to write and deploy applications to other platforms, IBM is providing support for OpenID and OAuth 2.0. These are security standards that are used by many other vendors such as Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) provider Salesforce.com. Crucially, this means that customers can quickly build and deploy a multi-vendor federated security solution capable of addressing Cloud services from multiple vendors.
The extension of IBM Guardium technology to the Cloud is already possible by the deployment of a virtual appliance onto IBM SoftLayer and Amazon Web Services (AWS). This means that data deployed into the Cloud can be quickly protected. IBM is looking at extending this to other Cloud providers. For end users deploying data into the Cloud, it is now possible to protect Cloud data repositories as securely as if it they were a local data repository.
Testing applications before deployment is often expensive and time consuming. IBM has released new Cloud-based testing tools for both Web (Dynamic Analyzer) and Mobile Applications (Mobile Analyzer) as part of Bluemix, its easily accessible PaaS offering for the development community. What remains to be seen is how IBM will charge for testing. The existing AppScan security product is expensive but for this to be successful, IBM will need to deliver a much more commoditised testing price.
One of the most important parts of IBM Dynamic Security for Hybrid Cloud is its integration with QRadar. Cloud Security Intelligence is QRadar for hybrid Clouds and SoftLayer. It provides deep insight into what is happening with users, applications and any other assets in both the enterprise and the Cloud.
In addition to supporting SoftLayer, IBM has also ensured that it has a high level of integration with similar services from other cloud vendors such as Amazon CloudTrail, Qualys, Salesforce.com, CloudPassage, Zscaler, OpenStack and IBM Security Trusteer Apex. This breadth of support for both cloud and enterprise makes it a one-stop security analytics solution that will track any attack, user or device irrespective of where it is operating.
Optimize Security Operations
As to be expected, all of this is underpinned by IBM’s own security and professional services teams. For those customers who do not want to do the analytics or monitor risk profiles, IBM is making it easy for them to use its staff to fill in knowledge gaps. Three new services are included in the announcement: Security Intelligence and Operations Consulting Services, Cloud Security Managed Services for SoftLayer, and Intelligent Threat Protection Cloud.The most important advantage of this is that it opens up IBM’s capabilities not just to large enterprise customers but also to mid-sized enterprises.
A masterful stroke for security across multiple Cloud services
IBM has managed to match its enterprise security portfolio with a new set of cloud tools that are both integrated with the existing tools and extend them to deal with the specific demands of Cloud. It has adopted a federated security approach both in gathering information from multiple Cloud services and in the way developers can design their own applications.
At the same time, by ensuring that everything is addressable through a set of comprehensive APIs, customers can integrate products from IBM’s competitors and not feel that they are locked into a single vendor solution.
Our only caution to what is otherwise a strong portfolio addition is one of pricing. Customers are moving to the cloud to get usage based pricing and purchasing security products and tools has to reflect that. At present, IBM has not outlined how it will introduce cloud-friendly pricing for its new security tools. Without this, customers may look elsewhere if competitors address this issue more cost effectively with their cloud security solutions. Ultimately, long-term success and widespread adoption will be dependent on IBM getting the pricing right for a customer audience that is demonstrating greater maturity and higher expectation for the Cloud payment model.