Search results

Cloud computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. Cloud resources can be rapidly deployed and easily scaled, with all processes, applications, and services provisioned "on demand", regardless of user location or device. As a result, cloud computing gives organizations the opportunity to increase their service delivery efficiencies, streamline IT management, and better align IT services with dynamic business requirements. In many ways, cloud computing offers the "best of both worlds", providing solid support for core business functions along with the capacity to develop new and innovative services. In addition to the usual challenges of developing secure IT systems, cloud computing presents an added level of risk, because essential services are often outsourced to a third party. The "externalized" aspect of outsourcing makes it harder to maintain data integrity and privacy, support data and service availability, and demonstrate compliance. The security measures discussed in this IBM Redpapers™ publication represent best practice implementations for cloud security.

In today's dynamic business environments, an organization develops relationships with its customers, contractors, and business partners at a faster pace than ever before. One of the major concerns across all types of organizations is the need to remove access to IT assets as quickly as possible when a relationship with an employee, contractor, or business is ended, especially if the relationship ends on less then congenial terms. In this IBM Redguide™ publication, we discuss processes and procedures for offboarding individuals to help ensure that the access and entitlements are removed in a timely fashion to mitigate risks of data theft and other malicious activity. We also talk about the business risks that drive the need for offboarding processes and the required measurements to prove that the risks are being mitigated. We present several control processes that need to be in place to mitigate the offboarding risks by using the IBM Security Blueprint. These processes are designed for companies who typically divide up offboarding responsibilities between HR, the IT organization, and IT system owners. Since different organizations may accept varying risk levels in regards to offboarding and they may want to investment differently for offboarding control processes, we introduce a maturity model that is designed to accommodate these differences. Finally, we sketch out some of the different products and services that can be applied to each of the maturity levels. This guide is a valuable resource for business an

In this IBM® Redguide™ publication, we first explore some of the concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We then identify a number of business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. We describe how security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. In the past decades, industry groups and standards bodies have developed frameworks that serve as a baseline for some aspects of security. We discuss two common frameworks: CoBiT and ISO27002. Security for information technology can be complex and confounding. Therefore, IBM has created a pair of complementary views to bridge the communication gap between the business and the technical perspectives of security to enable convergence in thought and process. The IBM Security Framework addresses the business view, and the IBM Security Blueprint addresses the technical view. The IBM Security Framework was developed to describe security in terms of the business resources that need to be protected, and looks at the different resource domains from a business point of view. It divides IT security into the following six resource domains: - People and Identity - Data and Information - Application and Process - Network, Server, and Endpoint - Physical Infrastructure - Security Governance, Risk Management, and Comp

IBM® Tivoli® Application Dependency Discovery Manager (TADDM) is a powerful tool for discovering and classifying information about hardware and software assets, along with their relationships and dependencies. In spite of automatic discovery features, you may find yourself having to extract additional data from files, databases, and other sources, reformatting it and writing it out as Identity Markup Language (IDML) files that Tivoli Application Dependency Discovery Manager can import. IDML is the Extensible Markup Language (XML) dialect used to describe Configuration Items (CIs) and their relationships according to the Common Data Model (CDM). Processes that create these IDML import files are called Discovery Library Adapters (DLA) and the fastest way to create a DLA is by using IBM Tivoli Directory Integrator (TDI). IBM Tivoli Directory Integrator is an integration toolkit that lets you visually assemble data flow rules (called AssemblyLines) that control how data moves and is transformed between any number of systems, transports, and data stores. Each AssemblyLine can perform data filtering and re-formatting to fit output schemas. The purpose of this IBM Redpapers publication is to show you how to create an AssemblyLine that produces IDML import files for Tivoli Application Dependency Discovery Manager. Along the way you can gain some skills that help you meet other integration challenges as well.

You can use IBM® Tivoli® Security products to build open, flexible, and scalable solutions to address business requirements in the areas of: -- Identity and access management -- Security information and event management One of the many strengths of the IBM Tivoli Security offerings is that they are designed and implemented as cross-platform solutions. This design enables broad adoption of the solutions across the range of disparate platforms typically found in an enterprise. IBM Tivoli Security solutions are, therefore, an excellent choice as organizations move further towards service-oriented architecture (SOA) and the security integration challenges present in SOA. In many enterprises, software solutions from Microsoft® are important components of the IT strategy. In this IBM Redpaper publication, we consider the use of IBM Tivoli Security solutions in Microsoft environments from a number of perspectives. In this paper, we discuss: Architectures and standards that are common to IBM Tivoli Security and Microsoft software. IBM Tivoli Security solutions running on Microsoft operating systems utilizing Microsoft middleware. How to secure a Microsoft software environment with IBM Tivoli Security solutions. IBM Tivoli Security solutions providing improved security and security management for Microsoft operating systems, middleware, and applications through integration.

This IBM Redpaper is a summary of the coverage of our products (Tivoli Security products) on the mainframe, or System z, both in what runs on System z and what management/security of System z resources we can provide. This paper introduces some of the platforms (and their terminology) for the mainframe, or System z. It then looks at the Tivoli Access and Identity Management as well as risk and compliance solutions and their System z footprint. The paper is broken up into the following parts: - What is all this z? - Directory and data integration on z - Identity and access management products - Risk and compliance products - Conclusion This paper assumes that you are familiar with the Tivoli Security suite but not familiar with the mainframe and the security offerings there. The update from January 28, 2008 fixes a broken Web link.

This IBM Redpaper describes a solution developed for IBM Tivoli Directory Integrator integration with the IBM event management offering products, IBM Tivoli Netcool/OMNIbus and IBM Tivoli Enterprise Console. This integration solution illustrates a scenario where Tivoli Directory Integrator can send EIF events to the IBM event management products. Along with examples, we discuss the architecture behind this approach. This document is divided into several sections. For those readers who are not familiar with the IBM products covered in this Redpaper, we provide a brief overview of Tivoli Directory Integrator, Tivoli Netcool/OMNIbus, and Tivoli Enterprise Console. We then cover the integration with Netcool/OMNIbus and describe an architectural overview and the implementation, installation, and configuration for Tivoli Directory Integrator integration with Netcool/OMNIbus. Similarly, we discuss the integration with Tivoli Enterprise Console and describe an architectural overview, and the implementation, installation, and configuration for Tivoli Directory Integrator integration with the Tivoli Enterprise Console. We discuss additional details about the EIF EventSender component, because it represents a key component that was developed as part of this Redpaper integration. Finally, we document the additional files that ship along with this Redpaper and links to various official documentation.

The basic goal of data synchronization is to detect changes in one data source and then propagate these to one or more targets. Discovering and then applying changes is not as easy as you might think. Some systems provide change event notifications, most do not. Many maintain some sort of modifications list, but the level of detail available here varies greatly. A few systems allow you to incrementally modify the values of selected attributes. However, the majority require you to build a full data entry with all updates in place and then write this in a single operation. So how do you deal with the differences in both feature sets and change resolution found in the systems you want to sync? Who will you call? Tivoli Directory Integrator (TDI) gives you a framework for handling this at a comfortably abstract level. To take full advantage of these capabilities a certain amount of understanding is still required. This IBM Redpaper outlines the (updated) features in Tivoli Directory Integrator 6.1 that are designed for building data synchronization solutions. It also provides insight into how to use them.

As the practice of IT architecture continues to evolve, so does the specialty of IT security architecture. The general practice of IT architecture has advanced from object-oriented design toward services-oriented approaches that combine object orientation and process orientation within a Component Business Model. Increasingly, it is becoming apparent that IT security architecture is broader than the application of specialized technology. IT security includes a combination of process design and technology deployment that provides for: Modification of business processes to account for integration of business policies and risk management models A set of IT system management services needed to assure the desired level of resilience to the modified IT environment This IBM Redpaper reviews the basic concepts of security component design, following the Method for Architecting Secure Solutions (MASS). It introduces a second critical element of the unified security architecture, the security system management service view.

This IBM Redpaper is intended to be used by Software IT Architects (SWITAs) and Client IT Architects (CITAs) as a means to better understand some of the security issues introduced in an on demand environment. While there are a wide variety of items that could be considered, this paper focuses only on software-related solutions specifically within the context of securing Web services transactions and managing identities within a dynamic, federated infrastructure.