IBM is augmenting its cloud security offerings with three new professional services to help enterprises plan for and implement appropriate security policies, processes and controls in migrating to the cloud. These include Security Strategy Roadmap for organizations planning to purchase or provide cloud services, Security Assessment for existing and/or planned cloud initiatives, and Application Security Services to determine appropriate controls to secure business applications and the sensitive data they access in a cloud environment. In addition to the professional services, IBM is enhancing two of its hosted security services, Security Event and Log Management (SELM) and Vulnerability Management.
"As soon as data center services leave an enterprise's control there is concern because they can't necessarily see it or see what they need to do to uncover or plug up any security issues," said Lynda Stadtmueller, program manager, business communication services for Stratecast, a division of Frost & Sullivan. "How can I select the right applications to put in the cloud that will minimize the risk to my business?"
The Cloud Strategy Roadmap provides guidance for addressing enterprise security and privacy concerns in moving to the cloud. IBM will identify risks and help develop risk mitigation strategies for cloud security. The Cloud Security Assessment evaluates an enterprise's controls and architecture for planned or existing cloud services, compares them against industry best practices and standards and recommends steps to improve its security program.
The Application Security Services for Cloud assesses cloud application environments to determine risks and whether or not the appropriate controls are in place. IBM will show enterprises cloud-specific security vulnerabilities, both internally and on the provider side. Moss said IBM takes a workload-centric approach to help organizations migrate to the cloud securely based on their specific requirements.
The hosted vulnerability management service has extended scanning capabilities to databases and Web applications. The service is now a PCI approved scanning vendor, so it can meet the requirement for quarterly vulnerability assessment scanning. Also, the service now offers detailed remediation advice based on risk scoring, so organizations can prioritize identified vulnerabilities. The service provides detailed steps to help fix them.