Cloud computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. Cloud resources can be rapidly deployed and easily scaled, with all processes, applications, and services provisioned "on demand", regardless of user location or device. As a result, cloud computing gives organizations the opportunity to increase their service delivery efficiencies, streamline IT management, and better align IT services with dynamic business requirements. In many ways, cloud computing offers the "best of both worlds", providing solid support for core business functions along with the capacity to develop new and innovative services. In addition to the usual challenges of developing secure IT systems, cloud computing presents an added level of risk, because essential services are often outsourced to a third party. The "externalized" aspect of outsourcing makes it harder to maintain data integrity and privacy, support data and service availability, and demonstrate compliance. The security measures discussed in this IBM Redpapers™ publication represent best practice implementations for cloud security.

In today's dynamic business environments, an organization develops relationships with its customers, contractors, and business partners at a faster pace than ever before. One of the major concerns across all types of organizations is the need to remove access to IT assets as quickly as possible when a relationship with an employee, contractor, or business is ended, especially if the relationship ends on less then congenial terms. In this IBM Redguide™ publication, we discuss processes and procedures for offboarding individuals to help ensure that the access and entitlements are removed in a timely fashion to mitigate risks of data theft and other malicious activity. We also talk about the business risks that drive the need for offboarding processes and the required measurements to prove that the risks are being mitigated. We present several control processes that need to be in place to mitigate the offboarding risks by using the IBM Security Blueprint. These processes are designed for companies who typically divide up offboarding responsibilities between HR, the IT organization, and IT system owners. Since different organizations may accept varying risk levels in regards to offboarding and they may want to investment differently for offboarding control processes, we introduce a maturity model that is designed to accommodate these differences. Finally, we sketch out some of the different products and services that can be applied to each of the maturity levels. This guide is a valuable resource for business an

In this IBM® Redguide™ publication, we first explore some of the concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We then identify a number of business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. We describe how security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. In the past decades, industry groups and standards bodies have developed frameworks that serve as a baseline for some aspects of security. We discuss two common frameworks: CoBiT and ISO27002. Security for information technology can be complex and confounding. Therefore, IBM has created a pair of complementary views to bridge the communication gap between the business and the technical perspectives of security to enable convergence in thought and process. The IBM Security Framework addresses the business view, and the IBM Security Blueprint addresses the technical view. The IBM Security Framework was developed to describe security in terms of the business resources that need to be protected, and looks at the different resource domains from a business point of view. It divides IT security into the following six resource domains: - People and Identity - Data and Information - Application and Process - Network, Server, and Endpoint - Physical Infrastructure - Security Governance, Risk Management, and Comp

You can use IBM® Tivoli® Security products to build open, flexible, and scalable solutions to address business requirements in the areas of: -- Identity and access management -- Security information and event management One of the many strengths of the IBM Tivoli Security offerings is that they are designed and implemented as cross-platform solutions. This design enables broad adoption of the solutions across the range of disparate platforms typically found in an enterprise. IBM Tivoli Security solutions are, therefore, an excellent choice as organizations move further towards service-oriented architecture (SOA) and the security integration challenges present in SOA. In many enterprises, software solutions from Microsoft® are important components of the IT strategy. In this IBM Redpaper publication, we consider the use of IBM Tivoli Security solutions in Microsoft environments from a number of perspectives. In this paper, we discuss: Architectures and standards that are common to IBM Tivoli Security and Microsoft software. IBM Tivoli Security solutions running on Microsoft operating systems utilizing Microsoft middleware. How to secure a Microsoft software environment with IBM Tivoli Security solutions. IBM Tivoli Security solutions providing improved security and security management for Microsoft operating systems, middleware, and applications through integration.

IBM® WebSphere® DataPower® SOA Appliances represent an important element in the holistic approach of IBM to service-oriented architecture (SOA). IBM SOA appliances are purpose-built, easy-to-deploy network devices that simplify, secure, and accelerate your XML and Web services deployments while extending your SOA infrastructure. These appliances offer an innovative, pragmatic approach to harness the power of SOA. By using them, you can simultaneously use the value of your existing application, security, and networking infrastructure investments. This series of IBM Redbooks publications is written for architects and administrators who need to understand the implemented architecture in WebSphere DataPower appliances to successfully deploy it as a secure and efficient enterprise service bus (ESB) product. These papers give a broad understanding of the new architecture and traditional deployment scenarios. They cover details about the implementation to help you identify the circumstances under which you should deploy DataPower appliances. They also provide a sample implementation and architectural best practices for an SOA message-oriented architecture in an existing production ESB environment. Part 2 of the series, this part, provides information about ways to integrate the DataPower appliance with other products such as IBM Tivoli® Access Manager and Tivoli Directory Server. The entire IBM WebSphere DataPower SOA Appliances series includes the following papers: "IBM WebSphere DataPower SOA Appliances Part I:

This IBM Redpaper is a summary of the coverage of our products (Tivoli Security products) on the mainframe, or System z, both in what runs on System z and what management/security of System z resources we can provide. This paper introduces some of the platforms (and their terminology) for the mainframe, or System z. It then looks at the Tivoli Access and Identity Management as well as risk and compliance solutions and their System z footprint. The paper is broken up into the following parts: - What is all this z? - Directory and data integration on z - Identity and access management products - Risk and compliance products - Conclusion This paper assumes that you are familiar with the Tivoli Security suite but not familiar with the mainframe and the security offerings there. The update from January 28, 2008 fixes a broken Web link.

In today's highly connected world, directory servers are the IT cornerstone of many businesses. These components of the corporate infrastructure are the foundation of authentication systems for internal, and more commonly, external user populations. Managing a directory server with several hundred internal users is not all that difficult. However, when managing a directory server with several million external users in all 24 time zones throughout the world is a much more daunting task. IBM Tivoli Directory Server is capable of handling millions of entries given the right architecture, configuration, and performance tuning -- tunings that can differ greatly from that of a smaller server with only a few hundred thousand entries. Managing and tuning a directory server of this size requires a change in mindset: No longer can tuning be done after the fact. Tuning and performance must be a focus before the hardware is even ordered. A proactive role must be taken after installation as well, including pre-tuning steps to better interface with other products to make installations and migrations more successful, and regular maintenance to keep the directory well tuned and running smoothly. This IBM Redpaper is the cumulation of lessons learned in many different real-world environments, including a 24-server fault tolerant configuration with over 300 million entries. The authors have pooled their collective knowledge and resources to provide the most comprehensive performance view possible, from hardware to software, sort

As the practice of IT architecture continues to evolve, so does the specialty of IT security architecture. The general practice of IT architecture has advanced from object-oriented design toward services-oriented approaches that combine object orientation and process orientation within a Component Business Model. Increasingly, it is becoming apparent that IT security architecture is broader than the application of specialized technology. IT security includes a combination of process design and technology deployment that provides for: Modification of business processes to account for integration of business policies and risk management models A set of IT system management services needed to assure the desired level of resilience to the modified IT environment This IBM Redpaper reviews the basic concepts of security component design, following the Method for Architecting Secure Solutions (MASS). It introduces a second critical element of the unified security architecture, the security system management service view.

This IBM Redpaper positions the Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules for IBM eServer BladeCenter and describes how its integrated switch options enable the consolidation of full Layer 2-3 LAN switching and routing capabilities. The Nortel Networks switch modules also provide an upgrade path to full Layer 4-7 services by including 4-7 switch intelligence. This Redpaper serves as a Best Practices guide for implementing, configuring, and managing Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules for several network topologies. Our topology examples include Nortel Networks, Cisco Systems, and Extreme Networks network environments. This Redpaper can help you to understand the Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules architecture. It demonstrates how to use specific tools to manage and administer switch module tasks. It also discusses the differences between Nortel Networks and Cisco Systems terminology. The audience for this Redpaper is experienced systems and network administrators who want to integrate the Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules successfully into new and existing networks.

This IBM Redpaper positions the Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules for IBM eServer BladeCenter and describes how its integrated switch options enable the consolidation of full Layer 2-3 LAN switching and routing capabilities. The Nortel Networks switch modules also provide an upgrade path to full Layer 4-7 services by including 4-7 switch intelligence. This Redpaper serves as a Best Practices guide for implementing, configuring, and managing Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules for several network topologies. Our topology examples include Nortel Networks, Cisco Systems, and Extreme Networks network environments. This Redpaper can help you to understand the Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules architecture. It demonstrates how to use specific tools to manage and administer switch module tasks. It also discusses the differences between Nortel Networks and Cisco Systems terminology. The audience for this Redpaper is experienced systems and network administrators who want to integrate the Nortel Networks Layer 2/3 Fiber and Copper GbE Switch Modules successfully into new and existing networks.