IBM Tivoli Security Solutions Generate Higher ROI from IT

Tivoli Beat - A weekly IBM service management perspective. As organizations implement new growth initiatives, a new approach to security can often pay for itself and provide a competitive advantage.

Partly, this is because of the growing range of challenges organizations now face. Security threats both within and outside company walls have rapidly escalated in number and sophistication; limiting access solely to the right people, with the right privileges, is both more difficult and more mission-critical than ever. Government regulations also increasingly specify how sensitive customer information should be managed (and what kinds of penalties may apply if compliance isn't achieved). And as the economy has become more turbulent and unpredictable, ensuring that security is not just effective but cost-effective has become more important in proportion.

Security architectures should become a business enabler and help organizations generate a superior return on IT investment. For example, proactive, holistic, centralized security can be applied to new outward-facing, revenue-generating services, thus minimizing the new risks that might come in tandem. Automated security, where appropriate, can drive down the costs of services. As an alternative to the point products of the last millennium, organizations today should also seek security solutions that integrate seamlessly with each other, as well as other deployed assets throughout the infrastructure. An integrated security solution can secure services, data, and applications from end to end and help organizations drive growth in a rapidly changing business environment.

For IT decision-makers today, achieving these many goals is a formidable challenge. Fortunately for them, IBM's deep portfolio of modular security solutions represents a compelling answer to that challenge. Whether they are deployed alone or in combination, IBM security offerings help not only to enhance security per se, but also the ROI of the overall IT infrastructure, by driving down the costs of everyday tasks, more easily addressing compliance and enabling new, revenue-generating initiatives.

System z mainframes: Get superior business value through enhanced RACF control

"Whether they are deployed alone or in combination, IBM security offerings help not only to enhance security per se, but also the ROI of the overall IT infrastructure, by driving down the costs of everyday tasks, more easily addressing compliance and enabling new, revenue-generating initiatives." A great example of how IBM solutions can generate superior ROI is IBM Tivoli Security Management for z/OS. This offering helps organizations who have already made the wise investment in an IBM System z mainframe achieve even more business value from it by simplifying and enhancing its security functions in new ways, as well as automating functions in high-demand areas.

How does this happen? Partly via simplified management of IBM's Resource Access Control Facility (RACF), included with z/OS and used to secure resources such as files and databases and the services that depend on them. IBM Tivoli Security Management for z/OS includes an intuitive, easy-to-use interface for RACF, making it more straightforward than ever to define users and groups and specify their associated access rights, therefore requiring fewer administrators. Also helpful is the solution's command verification, which intercepts RACF commands, analyzes them, and, if they are found to violate security policies, either blocks them or reformulates them before they have a chance to create a negative and potentially costly business impact. This is especially important when monitoring and reporting on privileged users who can make costly mistakes or hide intentional fraud.

IBM Tivoli Security Management for z/OS also includes many features aimed at enhancing security auditing and reporting. For example, it can automatically analyze possible internal and external exposures before they can be exploited, prioritize them based on severity, and summarize them on a real-time dashboard. Should particular events appear suspicious, they can be retrieved for subsequent analysis and response, should any be necessary—effectively reducing the costs of those threats, and the impact on the business bottom line.

In additional IBM Tivoli Security Management for z/OS helps enhance compliance when used with Tivoli Compliance Insight Manager by creating reports designed to document your level of compliance with Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Data Security Standards, Sarbanes-Oxley (SOX), the International Organization for Standardization (ISO), Basell II and other regulations or standards.

For more details on potential return on investment when deploying Tivoli Security Management for z/OS, including customer studies, read “Realizing business value with mainframe security management (link resides outside of ibm.com).”

Data and applications: Empower authorized users and protect sensitive information

Similarly increased ROI and reduced costs are enabled by a second offering: IBM Tivoli Data and Application Security. This solution addresses the growing security issues posed by escalating data volumes and increasingly complex applications via an assortment of powerful features such as:

Fine-grained data and application entitlements. By giving administrators the ability to specify application-level privileges in exceptional detail, the solution delivers the extra granularity needed to limit access to exactly the right users and groups in exactly the right ways – thus generating more business value from each application as a result.
Centralized security policy management. Just as security tools and technologies are ideally centralized to simplify management and extend functions to as many domains as required, so too should security policies be centralized. The outcome when they are: reduced administrative costs, faster event response and more straightforward compliance.
User activity monitoring and reporting. Privileged insiders have extraordinary power. Ensuring that power is not abused requires transparent monitoring and reporting of insider activity, which can also address compliance requirements in some cases and reduce the potential cost of insider threats.
Application-level and privileged user OS controls. Linux and UNIX systems include unique potential vulnerabilities; the IBM solution mitigates those vulnerabilities via a consistent, policy-based control system.
Centralized encryption key and log management. Improved business value from encryption-capable solutions such as tape drives will come from centralized management of the keys they leverage. Similar benefits apply to security log management; through centralized, automated analysis, costs fall, IT agility in addressing threats climbs and compliance becomes both easier to achieve and easier to demonstrate on demand.

For more information on how Tivoli Data and Application Security can improve your return on investment, read “Managing data and application security risks cost-effectively (link resides outside of ibm.com).”

Identity & access management: A scalable solution that provides the capabilities you need

Identity and access management has become an increasingly crucial aspect of the overall IT security architecture. Organizations need to support a dynamic set of users who need access to numerous business services, applications and data. At the same time dynamic IT infrastructures compound the challenge, having transformed the traditional IT landscape through virtualization, service-oriented architecture, cloud computing, software as a service, and other technologies that open the environment to new vulnerabilities.

IBM’s response: IBM Tivoli Identity and Access Assurance, which can help organizations realize business value through a centralized, automated identity and access management infrastructure that addresses the entire user lifecycle and helps improve service, reduce costs, and support compliance efforts. It also facilitates collaboration through role-based portals, enables the quick roll-out of new services, and provides simplified single sign-on capabilities.

This IBM Tivoli solution helps organizations realize business value with identity management, access management and user compliance auditing. Examples of how this solution can positively impact ROI include:

Reduce help desk costs associated with password management.
Integrate new identities from mergers and acquisitions.
Reduce application development costs relating to security coding.
Minimize the complexity of responding to internal and external controls and regulations.
Optimize productivity and costs by automating best practices for repeatable tasks.
Enable IT staff to focus on higher-value activities.
Provide the agility needed to capitalize on new business opportunities by removing barriers to innovation.

IBM Tivoli has continued to demonstrate the technical leadership and depth of expertise to deliver end-to-end identity and access management solutions that can help organizations meet their short-term goals as well as their long-term strategic objectives. For more details on the cost reducing benefits of this solution, read “Realizing business value with identity and access management (link resides outside of ibm.com).”