IBM Says Cloud, Virtualized Tech Need Lockdown

Are businesses adopting new technologies too quickly for their own good?

When it comes to locking down their systems, they might be, according to IBM, which today at the RSA Conference unveiled a slew of new products that secure cloud computing, Web applications, virtual environments and data.

There is a need for these products to be deployed quickly, Brian Truskowski, general manager of IBM Internet Security Systems (ISS), said in a statement.

“The industry has taken a ‘deploy now, secure later’ approach which is creating today’s oppressive cost and complexity problems in security. IBM is driving innovation with platforms that embed security in the infrastructure to transform security into a business enabler, rather than a costly inhibitor.”

For cloud and virtual environments, the company is announcing the Proventia Virtualized Network Security Platform, which allows datacenter managers to take the security software that ran on a purpose-built appliance and run it as a virtual app, further improving consolidation.

“It provides all the benefits of an appliance, and can be deployed at the perimeter or within the datacenter,” Marc Van Zadelhoff, director of IBM Security Systems, told InternetNews.com.

Web applications need attention too, Van Zadelhoff added, pointing to IBM’s 2008 X-Force Trend & Risk Report, which found that about 50 percent of all application-layer vulnerabilities remain unpatched.

He explained that many automated patch engines work at the OS level or even the hardware level, but can fail to patch applications for a variety of reasons, including application customization.

To address these issues, IBM is releasing the IBM Rational AppScan to monitor applications, detect actual patch levels and implement virtual patching. It’s also launching the Proventia Web application firewall, which is embedded in several IBM products and protects against entire categories of attacks.

IBM’s certainly not alone in aiming to better secure virtualized and cloud-based environments, with several other companies this week announcing similar initiatives.

VMware today announced vSphere 4.0, software designed to connect virtualization and cloud computing in a secure and reliable manner. Yesterday, database security specialist Third Brigade announced what it called “the first security server designed to defend servers in physical, virtual, and cloud computing environments.”

Tivoli identity management

Cloud and virtualized environments aren’t the only areas IBM is working to strengthen in its portfolio.

Increasingly, businesses are looking to up their security — and better attend to compliance concerns — with greater investments in identity management. That’s one reason why IBM today unveiled updates to its Tivoli service management product line.

The IBM Tivoli Identity and Access Assurance product centralizes identity management. That’s not as simple as it might seem, because a solution must incorporate users accessing data from internal, external, and cloud locations, said Venkat Raghavan, director of security and compliance for IBM’s Tivoli Software division.

In IBM’s case, its product combines identity and access management software with SIM technology. For reporting, customers can purchase a Tivoli product or a managed service provided by IBM’s ISS, Raghavan said.

IBM’s aiming to address further holes in enterprises’ data-safeguarding efforts with its release of IBM Tivoli Data and Application Security. The application tracks usage and ensures encryption of data from its live use on the Web down to where it rests on hard drives or tape.

“It’s not enough to apply security to the URL or to the Web layer,” Raghavan said. “You need to get down to data.”

Since IBM’s largest customers use its Series z mainframes — and those mainframes are likely to be valuable targets, holding a significant amount of data and a large number of applications — IBM also debuted its Tivoli Security Management for z/OS.

The release features an upgrade to the Resource Access Control Facility (RACF). “That’s where the data is, and where the applications are — we want to bulletproof these environments and enable our customers to build new applications with [software-oriented architectures] and Web 2.0,” Raghavan said.

Today’s announcements are just a few of the announcements that IBM will be making this week as it seeks to help businesses better lock down the deluge of new technologies and requirements facing businesses.

“We have 13 products that we’re announcing or that we’re talking about to customers at this show,” Van Zadelhoff said.