Cloud security and IBM Bluemix – get started

Share this post:

Recently, I provided you with an overview of security and compliance resouces for IBM dashDB and Cloudant. Today, I want to take a broader view and point you to some good introductory material on security for cloud-based workloads (“cloud security”). It consists of an overview of different cloud deployment models and their components, including using IBM Bluemix. Thereafter, it digs into each of those categories and takes a look at how to secure those components and the data.

Cloud Security with IBM Bluemix

Secure Your Cloud Workloads

Security Topics – An Overview

The guide “Securing workloads on IBM Cloud: Introduction” is closely aligned with the security-related Architecture Blueprints for Cloud. It consists of the following sections:

  • The first, Application Security, takes a 360 degree look at applications and what needs to be considered to secure them. Covered topics range from the application container over the network to identity management.
  • The next section, Data Security, digs into different kind of data storage. It discusses the technologies to encrypt data and keep the data integrity.
  • Identity and Access Management covers approaches and technologies on how to securely keep tabs of different roles like administrators, developers and users. It spans how to bring users into the system environment to auditing their actions.
  • Suprisingly interesting, Infrastructure Security, gives great insight for a guy like me into lower layers like firewalls, gateways, VPN, DNS managemen and more. It helps to understand what is happening behind the curtain in the IBM Bluemix / SoftLayer data center.
  • Physical Security goes even deeper to buildings and material. Flood protection? Heating and cooling? Perimeter control? All covered.
  • An entirely different layer, Secure DevOps has an overview of secure engineering practices, security functions and controls including ISO and NIST standards, vulnerability and incident management and operation controls.
  • Security Information and Event Management (SIEM) gives a concise introduction into logging, access trails and event management.
  • The last section, Security Policy, Governance, Risk and Compliance, concludes the guide with an introduction into how security policies and risks can be managed or governed, and how this ties in with standards (compliance).

The guide alone provides a lot of reading material. It includes links to further resources on the various topics. Thus, it is a great place to start looking into the many aspects of security for workloads in the IBM Cloud, for IBM Bluemix and beyond. And then, there is always the IBM Bluemix Trust Center with (almost) everything on security, trust and compliance topics.

More Storage Stories

Stay secure to the core with FortiGate Security Appliance 10Gbps

We’re pleased to announce that our new FortiGate Security Appliance 10Gbps (FSA 10G) firewall offering is now generally available. The FSA 10G firewall helps you secure your workload with the best of breed firewall without having to compromise on performance.

Continue reading

Dive into the next gen firewall power of FortiGate Security Appliance 10Gbps

Get the details about our latest firewall offering, the FortiGate Security Appliance 10Gbps (FSA 10G).

Continue reading

New in App ID – Let Users Sign-up and Sign-in to your Apps with an Email and Password

We are excited to launch our newest App ID feature, Cloud Directory, that makes it easy for you to add user sign-up and sign-in to your mobile and web apps. Cloud Directory provides you with a user registry for your apps that scales with your user base, and includes simple ways to authenticate users to your apps using email and password. Cloud Directory has pre-built functionality for enhanced security and self service, like email verification, and password reset.

Continue reading