Friday, February 24, 2017

Securing Workloads on IBM Cloud - Some Resources

Security Guides for IBM Cloud
Security Guides for IBM Cloud
Recently, I provided you with an overview of security and compliance resouces for IBM dashDB and Cloudant. Today, I want to take a broader view and point you to some good introductory material on security for cloud-based workloads. It consists of an overview of different cloud deployment models and their components. Then it digs into each of those categories and takes a look at how to secure those components and the data.

The guide "Securing workloads on IBM Cloud: Introduction" is closely aligned with the security-related Architecture Blueprints for Cloud. The guide right now has the following sections:
  • Application Security takes a 360 degree look at applications and what needs to be considered to secure them, ranging from the application container over network to identity management.
  • Data Security digs into different kind of data storage and the technologies to encrypt data and keep the integrity.
  • Identity and Access Management covers approaches and technologies on how to securely keep tabs of different roles like administrators, developers and users. It starts with bringing them into the system environment to auditing their actions.
  • Infrastructure Security gives great insight for a guy like me into lower layers like firewalls, gateways, VPN, DNS managemen and more. It helps to understand what is happening behind the curtain in the IBM Bluemix / SoftLayer data center.
  • Physical Security goes even deeper to buildings and material. Flood protection? Heating and cooling? Perimeter control? All covered.
  • Secure DevOps has an overview of secure engineering practices, security functions and controls including ISO and NIST standards, vulnerability and incident management and operation controls.
  • Security Information and Event Management (SIEM) gives a concise introduction into logging, access trails and event management.
  • Security Policy, Governance, Risk and Compliance concludes the guide with an introduction into how security policies and risks can be managed or governed, and how this ties in with standards (compliance).
The guide alone provides a lot of reading material. The links to further resources on the various topics covered in the guide, make it an even greater place to start looking into the many aspects of security for workloads in the (not just) IBM Cloud.

Good reading and enjoy the weekend!