Over the past few years, IBM has invested heavily in rebuilding its product portfolios. It has made many point acquisitions to address perceived weaknesses and aligned many of its internal tools to ensure a coherent product strategy.

The IBM Security product portfolio in Figure 1 below is both multilayered and multicolumned. Products can be layered on top of each other to create different levels of security based on customer requirements. At the same time, the tools are designed to deal with the threefold challenge of people, process and technology. This means that customers can start with the outline framework, then, as they deploy new solutions or adopt new platforms, they can bring in the tools that best fit their security challenge.

Figure 1: IBM Security Portfolio

This security portfolio is designed to be an intelligence-led approach that draws on other parts of IBM’s product portfolio. Using advanced analytics, the security portfolio can provide the detailed information to carry out profiling users, traffic and services to identify advanced persistent threats and complex cyberattacks.

Built into this portfolio are the tools that make it possible to integrate security with compliance and other high-level functions. That integration includes rules engines and auditing to ensure any breach of compliance can be tracked, identified, reported and rectified. At the same time, the built-in forensics ensure that if there is a need to escalate a situation to law enforcement, the right level of data will be gathered in such a way that meets prosecutorial standards.

IBM Dynamic Security for Hybrid Cloud

Despite the comprehensive approach that this security portfolio presents, the cloud is still not an endemic part of the security design. To address that gap, IBM announced on Nov. 5, 2014, the latest update to its security tools: IBM Dynamic Security for Hybrid Cloud, as shown in Figure 2 below.

Figure 2: Updated Cloud Security Portfolio

One of the reasons for creating a separate set of tooling for the cloud is to address differences between an in-house environment and the cloud. One of the biggest differences is agility. The cloud is constantly changing, which means security processes need to be flexible and highly automated to keep up with threats and changes. While the tools used for in-house environments are now automated to a large degree, they are mainly focused on static legacy systems.

Addressing the cloud means having the ability to not only deploy security policies and solutions as soon as new cloud services are instantiated, but also ensuring consistency across cloud instances. High levels of automation and dynamic deployment are essential to a functional security solution. Rules are also needed to stay with the cloud service, application and data as they move around multiple locations to ensure there is no risk of security breaches. While IBM is moving fast down that route, there is still work to be completed there in order to protect virtual machines and application containers.

For companies that are building out their hybrid cloud with a single cloud provider, it is possible to deploy virtual appliances into the cloud in order to extend security. Unfortunately, business units are not buying services from one cloud vendor, but rather from many cloud vendors. Even IT departments are making decisions on which cloud platform to use based on a project, its finances and its importance. This means any solution must be capable of supporting multiple cloud platforms. This is where the ability to deliver a federated security solution is essential.

A Four-Staged Approach to Cloud Security

This all leads to IBM taking a four-stage approach to security in the cloud to manage access, protect data, increase visibility and optimize security operations. The advantage for IBM is that this easily aligns with the way it currently protects data inside its own data centers and those of customers. What changes is the use of federated solutions and increased automation.

1. Manage Access

IBM is managing access through the use of cloud identity and access along with a cloud privileged identity manager for customers running on IBM-hosted services. For customers who are planning to write and deploy applications to other platforms, IBM is providing support for OpenID and OAuth 2.0. These are security standards used by many other vendors, such as software-as-a-service (SaaS) and platform-as-a-service (PaaS) provider Salesforce.com. This means customers can quickly build and deploy a multivendor federated security solution capable of addressing cloud services from multiple vendors.

2. Protect Data

The extension of IBM Guardium technology to the cloud is already possible by deploying a virtual appliance into IBM SoftLayer and Amazon Web Services. This means data deployed into the cloud can be quickly protected. IBM is looking to extend this to other cloud providers. For end users deploying data into the cloud, it is now possible to protect cloud data repositories as securely as if they were a local data repository.

Testing applications before they are deployed is often expensive and time-consuming. IBM has released new cloud-based testing tools for both Web (Dynamic Analyzer) and mobile applications (Mobile Analyzer) as part of Bluemix, its easy-to-access PaaS offering for the development community. What remains to be seen is how IBM will charge for testing. The existing AppScan security product is expensive, but for this to be successful, IBM will need to deliver a much more commoditized testing price.

3. Gain Visibility

One of the most important aspects of IBM Dynamic Security for the hybrid cloud is its integration with QRadar. Cloud security intelligence is QRadar for hybrid clouds and SoftLayer. It provides deep insight into what is happening with users, applications and any other assets in both the enterprise and the cloud.

In addition to supporting SoftLayer, IBM has also ensured it has a high level of integration with similar services from other cloud vendors, such as Amazon CloudTrail, Qualys, Salesforce.com, CloudPassage, Zscaler, OpenStack and IBM Security Trusteer Apex. This breadth of support for both the cloud and enterprise makes it a one-stop security analytics solution that will track any attack, user or device regardless of where it is operating.

4. Optimize Security Operations

As was expected, this is all underpinned by IBM’s own security and professional services teams. For those customers who do not want to perform the analytics or monitor risk profiles, IBM is making it easy to use its own internal staff to fill in the knowledge gaps. Three new services are included in the announcement: Security Intelligence and Operations Consulting Services, Cloud Security Managed Services for SoftLayer and Intelligent Threat Protection Cloud. The most important advantage of this is that it opens up IBM’s capabilities not just to large enterprise customers, but also to midsize enterprises.

A Masterful Stroke for Security Across Multiple Cloud Services

IBM has managed to match its enterprise security portfolio with a new set of cloud tools that are integrated with existing tools and extend to deal with the specific demands of the cloud. It has adopted a federated security approach both in gathering information from multiple cloud services and in the way developers can design their own applications.

At the same time, by ensuring everything is addressable through a set of comprehensive application programming interfaces, customers can integrate products from IBM’s competitors and not feel that they are locked into a single vendor solution.

IBM’s only caution to what is otherwise a strong portfolio addition is one of pricing. Customers are moving to the cloud to get usage-based pricing, and purchasing security products and tools has to reflect that. Presently, IBM has not outlined how it will introduce cloud-friendly pricing for its new security tools. Without this, customers may look elsewhere if competitors address this issue more cost-effectively with their cloud security solutions. Ultimately, long-term success and widespread adoption will depend on IBM getting the pricing right for a customer audience that is demonstrating greater maturity and higher expectations for the cloud payment model.

More from Cloud Security

Is Your Critical SaaS Data Secure?

4 min read - Increasingly sophisticated adversaries create a significant challenge as organizations increasingly use Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) to deliver applications and services. This mesh of cloud-based applications and services creates new complexities for security teams. But attackers need only one success, while defenders need to succeed 100% of the time. Organizations are contending with an exponential rise in advanced threats that are not only increasing in volume but also sophistication. The IBM Cost of Data Breach Report 2022 found…

4 min read

Rationalizing Your Hybrid Cloud Security Tools

3 min read - As cyber incidents rise and threat landscapes widen, more security tools have emerged to protect the hybrid cloud ecosystem. As a result, security leaders must rapidly assess their hybrid security tools to move toward a centralized toolset and optimize cost without compromising their security posture. Unfortunately, those same leaders face a variety of challenges. One of these challenges is that many security solutions create confusion and provide a false sense of security. Another is that multiple tools provide duplication coverage…

3 min read

New Generation of Phishing Hides Behind Trusted Services

4 min read - The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible. Phishing tactics have evolved faster than ever, and the variety of attacks continues to grow. Security pros need to be aware. SaaS to SaaS Phishing Instead of building…

4 min read

The Importance of Modern-Day Data Security Platforms

4 min read - Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

4 min read