Over the past few years, IBM has invested heavily in rebuilding its product portfolios. It has made many point acquisitions to address perceived weaknesses and aligned many of its internal tools to ensure a coherent product strategy.

The IBM Security product portfolio in Figure 1 below is both multilayered and multicolumned. Products can be layered on top of each other to create different levels of security based on customer requirements. At the same time, the tools are designed to deal with the threefold challenge of people, process and technology. This means that customers can start with the outline framework, then, as they deploy new solutions or adopt new platforms, they can bring in the tools that best fit their security challenge.

Figure 1: IBM Security Portfolio

This security portfolio is designed to be an intelligence-led approach that draws on other parts of IBM’s product portfolio. Using advanced analytics, the security portfolio can provide the detailed information to carry out profiling users, traffic and services to identify advanced persistent threats and complex cyberattacks.

Built into this portfolio are the tools that make it possible to integrate security with compliance and other high-level functions. That integration includes rules engines and auditing to ensure any breach of compliance can be tracked, identified, reported and rectified. At the same time, the built-in forensics ensure that if there is a need to escalate a situation to law enforcement, the right level of data will be gathered in such a way that meets prosecutorial standards.

IBM Dynamic Security for Hybrid Cloud

Despite the comprehensive approach that this security portfolio presents, the cloud is still not an endemic part of the security design. To address that gap, IBM announced on Nov. 5, 2014, the latest update to its security tools: IBM Dynamic Security for Hybrid Cloud, as shown in Figure 2 below.

Figure 2: Updated Cloud Security Portfolio

One of the reasons for creating a separate set of tooling for the cloud is to address differences between an in-house environment and the cloud. One of the biggest differences is agility. The cloud is constantly changing, which means security processes need to be flexible and highly automated to keep up with threats and changes. While the tools used for in-house environments are now automated to a large degree, they are mainly focused on static legacy systems.

Addressing the cloud means having the ability to not only deploy security policies and solutions as soon as new cloud services are instantiated, but also ensuring consistency across cloud instances. High levels of automation and dynamic deployment are essential to a functional security solution. Rules are also needed to stay with the cloud service, application and data as they move around multiple locations to ensure there is no risk of security breaches. While IBM is moving fast down that route, there is still work to be completed there in order to protect virtual machines and application containers.

For companies that are building out their hybrid cloud with a single cloud provider, it is possible to deploy virtual appliances into the cloud in order to extend security. Unfortunately, business units are not buying services from one cloud vendor, but rather from many cloud vendors. Even IT departments are making decisions on which cloud platform to use based on a project, its finances and its importance. This means any solution must be capable of supporting multiple cloud platforms. This is where the ability to deliver a federated security solution is essential.

A Four-Staged Approach to Cloud Security

This all leads to IBM taking a four-stage approach to security in the cloud to manage access, protect data, increase visibility and optimize security operations. The advantage for IBM is that this easily aligns with the way it currently protects data inside its own data centers and those of customers. What changes is the use of federated solutions and increased automation.

1. Manage Access

IBM is managing access through the use of cloud identity and access along with a cloud privileged identity manager for customers running on IBM-hosted services. For customers who are planning to write and deploy applications to other platforms, IBM is providing support for OpenID and OAuth 2.0. These are security standards used by many other vendors, such as software-as-a-service (SaaS) and platform-as-a-service (PaaS) provider Salesforce.com. This means customers can quickly build and deploy a multivendor federated security solution capable of addressing cloud services from multiple vendors.

2. Protect Data

The extension of IBM Guardium technology to the cloud is already possible by deploying a virtual appliance into IBM SoftLayer and Amazon Web Services. This means data deployed into the cloud can be quickly protected. IBM is looking to extend this to other cloud providers. For end users deploying data into the cloud, it is now possible to protect cloud data repositories as securely as if they were a local data repository.

Testing applications before they are deployed is often expensive and time-consuming. IBM has released new cloud-based testing tools for both Web (Dynamic Analyzer) and mobile applications (Mobile Analyzer) as part of Bluemix, its easy-to-access PaaS offering for the development community. What remains to be seen is how IBM will charge for testing. The existing AppScan security product is expensive, but for this to be successful, IBM will need to deliver a much more commoditized testing price.

3. Gain Visibility

One of the most important aspects of IBM Dynamic Security for the hybrid cloud is its integration with QRadar. Cloud security intelligence is QRadar for hybrid clouds and SoftLayer. It provides deep insight into what is happening with users, applications and any other assets in both the enterprise and the cloud.

In addition to supporting SoftLayer, IBM has also ensured it has a high level of integration with similar services from other cloud vendors, such as Amazon CloudTrail, Qualys, Salesforce.com, CloudPassage, Zscaler, OpenStack and IBM Security Trusteer Apex. This breadth of support for both the cloud and enterprise makes it a one-stop security analytics solution that will track any attack, user or device regardless of where it is operating.

4. Optimize Security Operations

As was expected, this is all underpinned by IBM’s own security and professional services teams. For those customers who do not want to perform the analytics or monitor risk profiles, IBM is making it easy to use its own internal staff to fill in the knowledge gaps. Three new services are included in the announcement: Security Intelligence and Operations Consulting Services, Cloud Security Managed Services for SoftLayer and Intelligent Threat Protection Cloud. The most important advantage of this is that it opens up IBM’s capabilities not just to large enterprise customers, but also to midsize enterprises.

A Masterful Stroke for Security Across Multiple Cloud Services

IBM has managed to match its enterprise security portfolio with a new set of cloud tools that are integrated with existing tools and extend to deal with the specific demands of the cloud. It has adopted a federated security approach both in gathering information from multiple cloud services and in the way developers can design their own applications.

At the same time, by ensuring everything is addressable through a set of comprehensive application programming interfaces, customers can integrate products from IBM’s competitors and not feel that they are locked into a single vendor solution.

IBM’s only caution to what is otherwise a strong portfolio addition is one of pricing. Customers are moving to the cloud to get usage-based pricing, and purchasing security products and tools has to reflect that. Presently, IBM has not outlined how it will introduce cloud-friendly pricing for its new security tools. Without this, customers may look elsewhere if competitors address this issue more cost-effectively with their cloud security solutions. Ultimately, long-term success and widespread adoption will depend on IBM getting the pricing right for a customer audience that is demonstrating greater maturity and higher expectations for the cloud payment model.

More from Cloud Security

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell

IBM Security X-Force Red took a deeper look at the Google Cloud Platform (GCP) and found a potential method an attacker could use to persist in GCP via the Google Cloud Shell. Google Cloud Shell is a service that provides a web-based shell where GCP administrative activities can be performed. A web-based shell is a nice feature because it allows developers and administrators to manage GCP resources without having to install or keep any software locally on their system. From…