Building a Smarter Cloud: Automatic Security Assessment and Provisioning

Cloud is hot—but security questions remain

Tivoli Beat. A weekly IBM service management perspective.

The benefits of cloud computing are increasingly clear—and increasingly, they're being achieved. Going forward, the question for organizations is not "should we deploy cloud?" but "when and how should we deploy cloud?"

Really answering that second question, however, means addressing some of the remaining concerns still associated with cloud architectures. And among those, perhaps the most common concern is security.

It's an understandable worry. The sum total of potential security threats escalates every year, with increasingly sophisticated malware, profit-motivated hackers and criminal organizations, and abuse from internal team members with special access privileges topping the list.

Meanwhile, a cloud is, by definition, an incredibly dynamic architecture in which new servers are constantly being created, modified, and retired based on business policies. How is it possible to secure all those virtual servers, when (barring some new form of accurate insight) IT doesn't even know at any given point in time how many virtual servers there are?

It follows that for organizations to create and deploy a secure cloud, they will have to be able to:

Only in this way can the compelling business benefits of cloud truly be realized. And for many organizations, there just hasn't been a straightforward, elegant way to meet all of those challenges... until now.

IBM SmartCloud Patch Management: Enhance cloud security through continuous compliance and fast, accurate patch provisioning

It was with exactly this context in mind that IBM recently rolled out a powerful new security solution specifically for cloud architectures: IBM SmartCloud Patch Management. This full-featured offering delivers on all four of the bullet points above, providing and optimizing the way security patches are delivered to every virtual server in a cloud—and thus locking it down as completely as possible against security threats both known and unknown.

"When the cloud is up and running, the advanced provisioning capabilities that come with the solution will also play a critical role, by provisioning those improved images into dynamically created virtual servers."

Specifically, IBM SmartCloud Patch Management helps organizations secure a private cloud via:

Let's walk through some of the key features as they might commonly apply to a cloud architecture in the enterprise.

Build a new cloud and make it as secure and agile as possible

First, building the cloud will require discovering, analyzing, and consolidating the virtual server images currently in use. Toward that end, IBM SmartCloud Patch Management includes another solution—IBM SmartCloud Provisioning—that provides just those features. Using them, IT can quickly find virtual server image repositories across the IT infrastructure; determine which of the images are duplicates and eliminate those duplicates; pull the remaining images into a single, unified library; and then analyze the logical contents of those images.

In this last category, the security ramifications are very apparent. Suppose that a given server image has older, outdated versions of applications, security patches, or even the entire OS itself. SmartCloud Patch Management will discover that, comparing the contents of the images against a predefined security baseline and looking for ways in which a given image varies compared to that baseline.

This is key insight needed to secure the cloud being developed. Once problematic images are discovered, new and updated images can be created that include the most recent security patches—proactively improving security even before the new cloud has gone into production. The fact that these features apply to all common operating systems—Windows, UNIX, Linux, and Mac OS X—also means that all images can be corrected.

And subsequently, when the cloud is up and running, the advanced provisioning capabilities that come with the solution will also play a critical role, by provisioning those improved images into dynamically created virtual servers. This is real strength because SmartCloud Provisioning has been specifically designed for speed in this department, enabling organizations to create (if need be) thousands of virtual servers per hour, for the highest possible scalability to support fluctuating business workloads.

As new patches are released, they're automatically provisioned where they're needed—fast

The real magic of this solution, however, comes into play when you consider how it works over time.

As IT solution providers such as Microsoft, Red Hat, and others discover security weaknesses, they will of course offer patches to address those weaknesses. And IT will need to deploy those patches to all the appropriate virtual servers in the cloud—however many there may be, even though that number is constantly in a state of flux.

Here, too, IBM SmartCloud Patch Management excels. As new virtual servers are created, each contains an intelligent management agent (all OSs are supported), and each agent reports back to the solution. Furthermore, this same agent is capable of polling each virtual server, to assess the OS it contains (including all deployed patches to date).

This means that SmartCloud Patch Management continually knows both how many virtual servers there are, and what software is driving them—which is exactly what it needs to know, to determine which virtual servers need to be patched.

Because this process is continuous, the interval between discovering a potentially insecure virtual server, and patching that server, is very small. Instead of problematic servers staying up and running in an insecure state for multiple hours, days, or weeks, they are continually assessed, and security shortcomings are continually fixed.

Together, these capabilities of IBM SmartCloud Patch Management help organizations leverage cloud architectures with greater confidence -- achieving not just the usual cloud strengths of higher performance, lower costs, and greater scalability, but also an advanced security strategy as dynamic and scalable as the cloud itself.

Additional information

Recent Articles

Contact IBM

Considering a purchase?

Pulse 2013 Call for Speakers is now open!

Pulse 2013. March 3-6. Las Vegas, Nevada.

Did you know clients who present at Pulse may receive free admission? Submit your proposal today!
Speak at Pulse

Featured community


Leverage and contribute to the collective wisdom around Tivoli

Engage the community