Security By Design
My last post was about security.
This post is going to be about security.
The last post covered IBM’s recent X-Force Trends report which reported on the lingering and expanding security threats faced by organizations around the globe.
This post will address some of the antidotes IBM announced just yesterday at the RSA Conference in San Francisco.
In San Francisco, IBM detailed a number of new IBM Security Solutions, research initiatives, partnerships and client results aimed at meeting the rising demand by businesses and governments worldwide to secure digital and physical infrastructures.
Security, by Design
In my recent coverage of the IBM Pulse 2010 conference, I covered a session by IBM Chief Privacy Officer Harriet Pearson in which Harriet introduced the idea of “security by design.”
This approach stems from recognition of the fact that new computing paradigms and business models fundamentally require businesses to rethink how they deal with compliance, risk management and data protection. Central to IBM’s approach to addressing clients’ security challenges is a shift in focus from securing assets to securing critical services.
With integrated service management – tools that provide can provide a “command center” view into a client’s operations and potential areas of risk — IBM can help its clients design security into the fabric of the services they deliver, making security intrinsic to their business processes, product development and daily operations.
Yesterday’s announcements, based on IBM’s experience with hundreds of global clients and businesses, are designed to further expand on the vision that security, by design, is an enabler of innovative change.
IBM is introducing new software, systems and services to help global organizations securely adopt new forms of technology like cloud computing and new business models like telework, while addressing emerging compliance constructs.
New IBM Security Solutions include:
- IBM Secure Web Gateway Service 2.0 – IBM X-Force research indicates a dramatic rise in the number and complexity of Web application attacks. This new service enables greater protection against Web-based threats and enforcement of corporate IT policies while lowering overall management costs.
- IBM Managed Firewall Service and IBM Unified Threat Management Service – this new bundled offering allows clients to use select Check Point firewall and unified threat management devices while receiving IBM Managed Security Services for those devices for a monthly fee. This provides clients increased levels of protection without the burden of upfront capital expenditures for the devices.
- IBM Security Information and Event Manager 2.0 – this updated software helps to reduce costs by automating enterprise log management and central management, reduce insider threats and protect integrity by monitoring and auditing privileged user activities, and facilitate compliance efforts and streamline management with compliance management modules.
- IBM Security Content Analysis Software Development Kit (SDK) – rapid growth of the Internet and the constant onslaught of spam requires advanced filtering technology that is expensive to develop and maintain. This new SDK provides developers with up-to-date filter database and accurate analysis — along with an easy-to-implement application programming interface (API).
- IBM AppScan Source Edition – as organizations continue to develop and design products and services that are increasingly interconnected, they are also placing increased emphasis on securing the software that powers these products and services. This new edition of IBM Rational AppScan Source Edition AppScan can scan software source code and identify potential security and compliance vulnerabilities during the earliest stages of software development, when they are less expensive to correct.
- IBM Lotus Protector for Mail Encryption – for secure collaboration and communication, IBM is announcing a new software product called IBM Lotus Protector for Mail Encryption. Available in April, it extends IBM’s flagship messaging software, offering Lotus Notes’ native e-mail encryption feature to include any address accessible on the Internet — irrespective of e-mail system or client used by the recipient. IBM Protector for Mail Encryption addresses the Internet encryption challenge, in a simple and integrated way, unlike third-party “bolt-on” products that have historically been complex and expensive to deploy.
- IBM Security Privileged Identity Management and Compliance Solution – rising trend from attackers to use privileged user identities to gain access to core systems, increasing compliance mandates and high administrative costs all add to the difficulty of managing users and identities and blocking against internal and external threats. This combined solution provides threat prevention, identity management and meeting compliance needs through file integrity monitoring, separation of duties, role hierarchy, and intrusion prevention.
- IBM z/OS V1.12 – With the latest release of z/OS, IBM helps clients promote improved operations, availability, manageability, and security through self-learning, self-managing, and self-optimization capabilities. z/OS security functions, such as data encryption, encryption key management, digital certificates, password synchronization, and centralized authentication and auditing, can be deployed as part of enterprise-wide security solutions and can help mitigate risk and reduce compliance costs.
Institute for Advanced Security
In February 2010, IBM, the Security & Defence Agenda (SDA) and a coalition of international think tanks hosted almost 4,000 global experts from government, industry, academia, non-government organizations (NGOs) in a virtual dialogue on the world’s greatest security challenges.
Cybersecurity was identified as a significant potential threat to international peace and stability, and a number of experts called for the creation of a cybersecurity agency to increase public and private sector collaboration and educate global leaders on cyber issues.
In order to address such concerns, the company is launching the IBM Institute for Advanced Security to help clients, academics, partners and other businesses more easily understand, address and mitigate the issues associated with securing cyberspace.
The Institute will collaborate with public and private sector officials in Washington, D.C., and provide access to a wide range of resources to help the government more efficiently and effectively secure and protect critical information threatened by increasingly malicious and costly cyber threats.
As part of this effort, IBM is bringing to bear expertise from its software, services, systems and research arms to help governments and businesses around the world safeguard themselves from new and existing threats.
For instance, the U.S. Air Force recently selected IBM to design and demonstrate a highly secure cloud computing infrastructure that can support defense and intelligence networks.
The IBM Institute for Advanced Security will provide a collaborative setting for public and private sector officials to tap IBM’s vast security expertise so they can more efficiently and effectively secure and protect critical systems and information threatened by increasingly malicious and costly cyber threats.
IBM’s approach will help public and private organizations avoid the trend of adding security on after the fact by providing them the education, expertise and resources to design security into the foundation of their infrastructures.
IBM Tivoli general manager Al Zollar spoke at yesterday’s RSA conference. His keynote presentation is now available via podcast, in which Zollar addressed “The Decade of Smart Security.”