Cloud security should be as automated and efficient as cloud services
The lure of cloud computing is powerful indeed: lower costs and risks, faster execution of strategies, improved business agility, and thus a more competitive outlook. But realizing these benefits also requires that organizations find a way to address many new issues.
Security issues, for instance, often stand in the way of cloud deployment. A cloud may be a unified architecture in which the underlying resources and hardware are shared, but it's critical to ensure that data, applications, and services are not shared; instead they should continue to be managed in a governed fashion—just as in a conventional IT infrastructure—based on enforced access rights and security policies. And that's especially true given the fact that clouds are accessed by an increasingly diverse range of endpoints, which in many cases use operating systems that weren't originally designed to deliver enterprise-class security in the first place.
Furthermore, for the cloud to work as intended, new virtual servers will have to be continually created, managed, and retired automatically, based on fluctuating business needs. This means each of those servers will also have to be secured as comprehensively as possible, despite the fact that new security vulnerabilities, threats, and patches emerge every week. Correspondingly, regulation compliance—already a headache for many organizations—only becomes more complex and difficult to achieve for cloud services.
The upshot is that unless IT finds a way to orchestrate and secure the cloud's virtual servers in an automated, consistent, and cost-efficient fashion, the cloud could wind up requiring a great deal more manual oversight and operational resources than it should—compromising the total business value it delivers.
IBM Tivoli solutions deliver unified, cradle-to-grave security for all of a cloud's virtual machines
Fortunately, IBM—as a world leader in both cloud architectures and IT security solutions and strategies—is in a unique position to help. In particular, the IBM Tivoli service management portfolio includes a number of interoperable solutions that can combine to help secure cloud servers faster, more completely, and at reduced operational costs.
"SmartCloud Foundation's provisioning capabilities are exceptionally advanced, and fast enough to support the needs of even the largest clouds. Many thousands of new virtual servers per hour can be created, if need be, and subsequently monitored and managed across their full lifecycles."
And because they also work for conventional IT infrastructures, organizations will find that management is simplified in a holistic sense: they'll have one IT management platform that supports all contexts.
To understand how this happens, begin with IBM Endpoint Manager—a truly centralized solution that, using a single server and console, can manage up to a quarter-million different endpoints. This solution's intelligent agent supports an exceptionally wide variety of operating systems—Windows, UNIX, Linux, Mac OS X, AIX, and various mobile device operating systems such as Android. It collects information from them, reporting it back to the server; it also carries out tasks on those endpoints, including software installation and configuration.
This comprehensive, elegant design (one agent, server, and console) means that organizations can use IBM Endpoint Manager to orchestrate a single, integrated security strategy not just for traditional endpoints (laptops, desktops, and smart mobile devices) but also production servers—meaning both traditional servers and virtual servers, such as those running in a cloud. Thus, as a cloud's virtual servers are created, they can be immediately secured in accordance with the organization's security policies.
How? For organizations empowered with a second IBM offering, IBM SmartCloud Foundation, it happens in an exceptionally seamless, rapid way. SmartCloud Foundation's provisioning capabilities are exceptionally advanced, and fast enough to support the needs of even the largest clouds. Many thousands of new virtual servers per hour can be created, if need be, and subsequently monitored and managed across their full lifecycles.
And to help secure those servers, SmartCloud Foundation integrates directly with IBM Endpoint Manager. Each new virtual server that SmartCloud Foundation creates includes the Endpoint Manager agent; thus, each of those servers is immediately discovered by the Endpoint Manager server. Subsequently, any new security task that must be fulfilled on that server—such as reconfiguring a firewall, deploying a new version of an application, or installing a new operating system security patch—can be carried out by Endpoint Manager as well.
Continuous compliance keeps cloud servers constantly secure—despite ever-changing threats, vulnerabilities, and patches
But how does the solution know which such tasks it needs to perform, on which servers?
Historically, this has been a very difficult question for IT teams to answer. This is because as servers and system images are gradually changed over time, their security postures are affected, and it becomes harder in proportion to establish whether and to what extent they conform to security baselines. So, as a result, there is always a lag between the point when a security standard should apply to all servers and the time when it actually does.
All of that changes for the better via IBM Endpoint Manager. Its intelligent agent, deployed in every one of a cloud's virtual servers by IBM SmartCloud Foundation, automatically tracks the security status and configuration of those servers—from cradle to grave. The configuration information it provides to the Endpoint Manager server, in turn, allows IT to establish in real time which servers require which security modifications (such as patches). Then, to address these discovered issues, Endpoint Manager directly communicates with the agent—orchestrating whatever modification is required.
This, in sum, is what IBM means by "continuous compliance"—there is very little lag time in executing any necessary change to the security baseline. The total IBM solution not only tracks and monitors the security posture of the complete cloud infrastructure, but actually enhances it as required in the shortest possible time, using minimal resources, and creating the smallest business impact.
When you add it all up, what kinds of benefits can organizations expect by implementing these IBM capabilities to secure cloud servers? Among others:
Finally, it's important to remember that Endpoint Manager's value extends far beyond clouds per se. The same capabilities it delivers to cloud servers, it also delivers to endpoints of all kinds, throughout the infrastructure—including conventional servers, user endpoints, and now, smart mobile devices used to access cloud-based services from anywhere in the world, using any network.
"Security Essentials for CIOs" article series: Navigating the risks and rewards of social media
Engaging in social media allows companies and their employees to access a global community of experts, innovators and potential clients. It also opens the door to new risks. Review best practices to build a risk-aware culture for the social world.
Read the article (PDF, 829KB)
Leverage and contribute to the collective wisdom around Tivoli