POWER > Systems Management > Security

Security Simplified: IBM Power Systems Offer Holistic Protection

Satya Sharma
Satya Sharma CTO of IBM Cognitive Systems and an IBM fellow-Photo by Craig Washburn

Keeping business systems secure is a priority. As systems become more open, security must be enhanced to stop hackers, yet not impede the business. Industries with strict compliance rules, such as retail, healthcare and financial services, need systems that comply with the appropriate regulations. As a leader in security, IBM continues to show clients how to implement secure systems in less time with less complexity so clients can free up their resources and reduce costs.

“IBM knows security is very important from the client’s viewpoint,” says Satya Sharma, CTO of IBM Cognitive Systems and an IBM Fellow. “IBM has a strong reputation when it comes to security. The IBM Power Systems* platform has a brand reputation as being secure and robust." Whether you run AIX*, IBM i or Linux* on POWER*, IBM is working to address the security needs of all of its users.

Addressing Top Concerns

Clients are very savvy when it comes to security issues, naming vulnerabilities and security compliance as their most pressing pain points. Most clients know that security vulnerabilities must be addressed immediately, forming a baseline for security, says Sharma.

Encryption is also important for keeping data secure. The IBM Power Systems platform offers a number of hardware encryption and acceleration capabilities. In the past, many clients didn’t implement wide-scale encryption as they were worried about the impact on performance. “Because of the hardware acceleration capabilities on our platforms, it has now become more practical and pragmatic to implement broad-scale encryption,” says Sharma.

IBM helps users set up interfaces, automate file system encryption and other tasks so performance isn’t affected.

Security compliance is a familiar area to clients. Retailers must meet the PCI DSS, healthcare clients need to adhere to HIPAA rules, etc. However, compliance-related tasks are very labor intensive. IBM shows clients how to best automate those tasks. “If those processes aren’t automated, productivity is affected and the system can be prone to error,” notes Sharma.

Securing the Cloud

As cloud environments emerge, they bring new security requirements with them. A cloud user may need some assurance or trust on the state and configuration of the physical platform before installing his services on it.

“IBM has a strong reputation when it comes to security. The IBM Power Systems platform has a brand reputation as being secure and robust.”
—Satya Sharma, CTO of IBM Cognitive Systems and an IBM Fellow

A Trusted Platform Module (TPM) is a standard created by the Trusted Computing Group of which IBM is a member. A physical TPM (pTPM) uses a hardware root of trust, which is considered to be more secure than software. Many clients are looking to see how they can employ TPM to protect their business, Sharma says. The initial TPM proof point IBM conducted was done on POWER8*. When the POWER9* systems are released, pTPM will become mainstream, he notes. See "Security at the Center" on page 12 to learn more about pTPM.

Any enterprise looking to use the cloud will want to look at these up-and-coming technologies. “In the future, pTPM and secure containers are going to play a big role in public cloud implementations,” Sharma points out.

Simplifying Procedures

Whether in the cloud or on premises, IT shops manage the whole spectrum of security. Several IBM solutions bolster systems security. IBM PowerSC* Security and Compliance automates the profile implementations, simplifying the time-consuming process of keeping systems abreast of security standards such as PCI DSS, HIPAA and more.

A number of monitoring and alerting capabilities are provided in PowerSC regarding malware and intrusion prevention in real-time. “PowerSC can send you alerts in case someone who isn’t trusted tries to change or execute a file,” Sharma says. This can even be integrated in a client’s current IT monitoring structure.

Higher-level IBM security tools like QRadar* can accept these PowerSC alerts. The QRadar family of solutions provides security intelligence so clients can spot and prevent real-time network attacks, detect and track malicious activity, and mitigate insider fraud.

Trusted Network Connect (TNC) and patch management are also integral to PowerSC. The software can automatically detect any noncompliance with patch-level policies and ensure the system has the prescribed patch level.

IBM offers libraries on AIX, IBM i and Linux on POWER, which make use of crypto-acceleration capabilities on POWER8. “Users have to do less work when they want to make use of encryption. These libraries do the heavy lifting,” Sharma says. Many of the Linux on POWER libraries employ POWER8 hardware encryption capabilities.

IBM has added the ability to turn encryption on for file systems. “Once clients turn it on, they don’t need to worry how the encryption is implemented,” he says.

When it comes to vulnerability patching, patch automation is essential—particularly when a patch must be rolled out across thousands of virtual machines. Automating a rollout ensures that all virtual machines are patched efficiently.

In addition to IBM’s well-known enterprise-class products such as PowerSC, clients can leverage open-source tools such as Chef not only for Linux on POWER, but also for AIX for patching. And products such as BigFix* provide patching capabilities for all kind of workloads, including AIX and Linux on POWER.

IBM’s Cloud Management Console (CMC) is a true Software as a Service (SaaS) solution that provides centralized cloud-monitoring capabilities in the form of services. For instance, the Patch Planning service provides an aggregated view of a client’s whole system, indicating which components (e.g., AIX, VIOS, HMC, etc.) are at the prescribed level and which ones need to be patched.

Cognitive Security

As cognitive systems become the norm, IBM is designing security to protect those deployments. For example, IBM has taken cognitive security into account with the Coherent Accelerator Processor (CAPI) model and interface that exists on POWER8.

“The cognitive era makes extensive use of accelerators such as CAPI, so the security parameter will need to go beyond CPUs to include accelerators whether they are graphical processing units (GPUs) or field-programmable gate arrays (FPGAs),” Sharma points out. One of the most attractive options involves using network interface controller (NIC) adaptors and FPGAs. It’s possible to implement many advanced security features when FPGAs are installed on network adaptors, he says.

The Emergence of Blockchain

Blockchain is one of the emerging technologies and it’s being widely embraced. Turn to “Blockchain for 21st Century Businesses” on page 9 to learn more about blockchain. Information in the blockchain flows across different systems and different partners while transactions are recorded, linked and secured using cryptography. The transactions (blocks) appear in a unified view and are inherently resistant to improper modifications.

IBM wants to be a blockchain leader and has created a public cloud blockchain service, IBM Blockchain Platform. “It’s a natural play for IBM given our heritage and brand recognition,” Sharma says. IBM can implement services like blockchain without clients worrying about security.

A Holistic View on Security

Across the board, security underlies everything IBM does. “IBM has an amazing security record. If you take a look at our vulnerability track record for PowerVM*, it far exceeds any other hypervisor in the market,” says Sharma.

Simplifying security is an IBM goal. “We want to not only provide security and performance capabilities, but also make it consumable so it’s not difficult or cumbersome for customers to implement,” says Sharma.

Security will remain a critical part of IT as threats will always exist and will continue to evolve. Mitigating and managing those threats is an ongoing task. IBM is striving to make dealing with security less overwhelming, leaving IT more time to help grow the business.

Shirley S. Savage is a Maine-based freelance writer. Shirley can be reached at savage.shirley@comcast.net.

comments powered by Disqus



2018 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.


Analytics Can Be Your Best Defense Against Corporate Fraud

At Your Fingertips

An introduction to biometrics

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
not mf or hp