IBM is selling professional services, hosted security event and log management technology and a hosted vulnerability management service.
IBM announced this week new professional and technology security services aimed at organizations’ cloud computing efforts. The announcements follow the results of IBM’s Institute for Business Value Global Risk Survey that indicate the majority of organizations believe moving applications and services to the cloud makes privacy and data protection more difficult.
“This shows that people are thinking about important aspects of cloud computing before jumping on the bus right away,” said Harold Moss, IBM Security Strategy, Emerging Technology and Cloud Computing Technical Architect.
Moss said IBM encourages its customers to build security into applications as they’re being designed and focus on applying security in the context of an application’s workload. In other words, HIPAA-based applications require different security controls than an application development and testing environment.
“By bringing your applications to the cloud, you’re getting tremendous benefits in terms of performance and flexibility, but with that comes security concerns if apps are not dealt with at the base level,” Moss said. “If you try to deal with security after, it won’t work and it’s too expensive.”
In response, IBM announced three new professional services:
- IBM Cloud Security Strategy Roadmap–Aimed at organizations starting a cloud initiative. IBM Professional Services goes onsite and defines the project and goals, identifies security and privacy concerns and determines vulnerability and security mitigation strategies, Moss said.
- IBM Cloud Security Assessment–Based on IBM’s 2009 Cloud Security Guidance, this is aimed at organizations already in the midst of a cloud project, the service includes IBM Professional Services examining current security controls, how they compare to best practices and identify steps to improve the process.
- IBM Application Security Services for the Cloud–The service helps illustrate how data moves in a cloud environment and how controls must move with data. Organizations will get help in preparing applications for the cloud and dealing with geolocation issues and how to build controls into a service-level agreement.
IBM’s two new technology services are:
- Hosted Security Event and Log Management–Security log data from an organization’s operating systems, applications and network infrastructure are aggregated into a centralized platform in order to speed incident response and forensic investigations.
- Hosted Vulnerability Management–A cloud-based vulnerability scanner that looks at network devices, servers, applications and databases.
Pricing varies; the security event and log management, as well as the vulnerability management service, are subscription-based and priced per network or host device for the log management service, and per IP address for the vulnerability management service. The roadmap and assessment services are fixed prices–IBM would not disclose those prices. The application security services are priced based upon a customer’s needs, IBM said.