IBM Tivoli Secures Your Cloud via Continuous Compliance

Cloud security should be as automated and efficient as cloud services

The lure of cloud computing is powerful indeed: lower costs and risks, faster execution of strategies, improved business agility, and thus a more competitive outlook. But realizing these benefits also requires that organizations find a way to address many new issues.

Security issues, for instance, often stand in the way of cloud deployment. A cloud may be a unified architecture in which the underlying resources and hardware are shared, but it's critical to ensure that data, applications, and services are not shared; instead they should continue to be managed in a governed fashion—just as in a conventional IT infrastructure—based on enforced access rights and security policies. And that's especially true given the fact that clouds are accessed by an increasingly diverse range of endpoints, which in many cases use operating systems that weren't originally designed to deliver enterprise-class security in the first place.

Furthermore, for the cloud to work as intended, new virtual servers will have to be continually created, managed, and retired automatically, based on fluctuating business needs. This means each of those servers will also have to be secured as comprehensively as possible, despite the fact that new security vulnerabilities, threats, and patches emerge every week. Correspondingly, regulation compliance—already a headache for many organizations—only becomes more complex and difficult to achieve for cloud services.

The upshot is that unless IT finds a way to orchestrate and secure the cloud's virtual servers in an automated, consistent, and cost-efficient fashion, the cloud could wind up requiring a great deal more manual oversight and operational resources than it should—compromising the total business value it delivers.

IBM Tivoli solutions deliver unified, cradle-to-grave security for all of a cloud's virtual machines

Fortunately, IBM—as a world leader in both cloud architectures and IT security solutions and strategies—is in a unique position to help. In particular, the IBM Tivoli service management portfolio includes a number of interoperable solutions that can combine to help secure cloud servers faster, more completely, and at reduced operational costs.

"SmartCloud Foundation's provisioning capabilities are exceptionally advanced, and fast enough to support the needs of even the largest clouds. Many thousands of new virtual servers per hour can be created, if need be, and subsequently monitored and managed across their full lifecycles."

And because they also work for conventional IT infrastructures, organizations will find that management is simplified in a holistic sense: they'll have one IT management platform that supports all contexts.

To understand how this happens, begin with IBM Endpoint Manager—a truly centralized solution that, using a single server and console, can manage up to a quarter-million different endpoints. This solution's intelligent agent supports an exceptionally wide variety of operating systems—Windows, UNIX, Linux, Mac OS X, AIX, and various mobile device operating systems such as Android. It collects information from them, reporting it back to the server; it also carries out tasks on those endpoints, including software installation and configuration.

This comprehensive, elegant design (one agent, server, and console) means that organizations can use IBM Endpoint Manager to orchestrate a single, integrated security strategy not just for traditional endpoints (laptops, desktops, and smart mobile devices) but also production servers—meaning both traditional servers and virtual servers, such as those running in a cloud. Thus, as a cloud's virtual servers are created, they can be immediately secured in accordance with the organization's security policies.

How? For organizations empowered with a second IBM offering, IBM SmartCloud Foundation, it happens in an exceptionally seamless, rapid way. SmartCloud Foundation's provisioning capabilities are exceptionally advanced, and fast enough to support the needs of even the largest clouds. Many thousands of new virtual servers per hour can be created, if need be, and subsequently monitored and managed across their full lifecycles.

And to help secure those servers, SmartCloud Foundation integrates directly with IBM Endpoint Manager. Each new virtual server that SmartCloud Foundation creates includes the Endpoint Manager agent; thus, each of those servers is immediately discovered by the Endpoint Manager server. Subsequently, any new security task that must be fulfilled on that server—such as reconfiguring a firewall, deploying a new version of an application, or installing a new operating system security patch—can be carried out by Endpoint Manager as well.

Continuous compliance keeps cloud servers constantly secure—despite ever-changing threats, vulnerabilities, and patches

But how does the solution know which such tasks it needs to perform, on which servers?

Historically, this has been a very difficult question for IT teams to answer. This is because as servers and system images are gradually changed over time, their security postures are affected, and it becomes harder in proportion to establish whether and to what extent they conform to security baselines. So, as a result, there is always a lag between the point when a security standard should apply to all servers and the time when it actually does.

All of that changes for the better via IBM Endpoint Manager. Its intelligent agent, deployed in every one of a cloud's virtual servers by IBM SmartCloud Foundation, automatically tracks the security status and configuration of those servers—from cradle to grave. The configuration information it provides to the Endpoint Manager server, in turn, allows IT to establish in real time which servers require which security modifications (such as patches). Then, to address these discovered issues, Endpoint Manager directly communicates with the agent—orchestrating whatever modification is required.

This, in sum, is what IBM means by "continuous compliance"—there is very little lag time in executing any necessary change to the security baseline. The total IBM solution not only tracks and monitors the security posture of the complete cloud infrastructure, but actually enhances it as required in the shortest possible time, using minimal resources, and creating the smallest business impact.

When you add it all up, what kinds of benefits can organizations expect by implementing these IBM capabilities to secure cloud servers? Among others:

• Policy-driven patching continuously happens as fast as you can provision—minimizing the potential window in which a breach or compliance violation can occur
• Endpoint Manager's library of more than 5,000 security best practices is also automatically and continually leveraged to bolster security
• Discovery of assets such as virtual machines is far more comprehensive—typically, 10-30% more complete
• Granular, accurate insight into the complete security posture of the cloud is always available in as much specific detail as you require
• Regulation compliance becomes much simpler and easier to achieve and demonstrate as a result

Finally, it's important to remember that Endpoint Manager's value extends far beyond clouds per se. The same capabilities it delivers to cloud servers, it also delivers to endpoints of all kinds, throughout the infrastructure—including conventional servers, user endpoints, and now, smart mobile devices used to access cloud-based services from anywhere in the world, using any network.

Additional information

• IBM Security
• IBM SmartCloud
• IBM Tivoli Endpoint Manager

Recent Articles

• More Value, Faster: Enhanced Support for IBM Tivoli

  July 24

• Minimize Data Loss Via Transparent, Unified Endpoint Protection

  Jul 17

• Smarter Asset Management: IBM Maximo Heals Healthcare

  Jul 10

• Smarter Endpoint Management: Simplify Baseline Security Auditing and Compliance with IBM Tivoli

  Jun 26

• IBM Maximo Fulfills the Promise of Smarter Cities

  Jun 19

• Managed Services: How IBM Tivoli Optimizes Outsourced IT

  Jun 12

• High-IQ Asset Management: IBM Adds New Intelligence to Transportation

  May 22

• Innovate 2012: Find Out What's Next—Now

  May 15

• IBM Edge2012: Expect More From Your Storage

  May 08

• The IBM Tivoli User Community Site v2.0: Refreshed and Open for Business

  Apr 24

• Browse full Tivoli Beat archive

"Security Essentials for CIOs" article series: Navigating the risks and rewards of social media

Engaging in social media allows companies and their employees to access a global community of experts, innovators and potential clients. It also opens the door to new risks. Review best practices to build a risk-aware culture for the social world.

Read the article (PDF, 829KB)

Featured community

Leverage and contribute to the collective wisdom around Tivoli

Engage the community