Security

Accelerating continuous security for apps on IBM Cloud

Share this post:

Accelerating continuous securityThe rapid rise of cloud native applications is challenging convention up and down the stack. More importantly, it is forcing enterprises to take a hard look at how security is integrated into application development and delivery at every level.

For example, 37 percent of IT decision makers cite surveyed security as a roadblock they face when using containers to build and run their cloud apps, according to a study by Forrester Research. Security concerns should not be a barrier for enterprises looking to take advantage of cloud native architecture to transform their business and drive new revenue from data using higher-value services including AI, Internet of Things (IoT) and blockchain.

Today, IBM is announcing new cloud services designed to help enterprises achieve continuous security for their apps running on IBM Cloud, whether they are created directly on the cloud or recently been migrated to the cloud from existing systems.

With these new services and capabilities, IBM is simplifying how enterprises bridge to the public cloud by addressing their needs throughout their journey, from accelerating the migration of existing workloads to the cloud to modernizing and extend existing apps to delivering tools to build next-gen cloud native apps. This strategy has enabled IBM Cloud to become a gateway to AI, blockchain, IoT and even extend to next-generation technologies such as quantum computing.

Extending security from the cloud to the network edge

To provide continuous security across the cloud and the network, IBM will launch IBM Cloud Internet Services, a set of network services easily accessed through the IBM Cloud and designed to help protect and secure websites, apps and APIs against denial-of-service attacks, customer data compromise and abusive bots, all while enhancing performance.

By collaborating with Cloudflare, IBM will provide a one-stop shop for security and performance capabilities designed to protect public-facing web content and apps. IBM Cloud Internet Services help manage content and apps being accessed by a variety of device types all around the world, while ensuring users can access that content quickly and easily and protect against malicious visitors. Instead of relying on multiple vendors for each of these services, IBM plans to help reduce complexity and time by providing a single, simple user experience in the IBM Cloud portal to access and set-up these network services in just a few steps.

Learn more about IBM Cloud Internet Services.

Building security-rich, modern applications

IBM has built the first container service which protects data within containers down to the microchip level. The IBM Cloud Container Service with Trusted Compute creates a chain of trust rooted in hardware, securing containers that developers deploy, thus creating a security-rich platform for building container-based apps. In this deployment, each container and subsequent container image created is verified, helping create assurance that they are running on a trusted and verified infrastructure, not something malicious.

IBM announced it is also launching server technology that provides secure enclaves designed to protect data used in application runtimes. Using this technology, data processed by apps can be encrypted and protected against malicious access. This paves the way for a proactive approach to cloud security and allows developers to build apps safely with highly agile tools that can help bring them to market faster.

Working on IBM Cloud, developers can build cloud native apps to process sensitive data and deploy services on trusted servers, which are designed to increase security as part of the continuous integration and delivery processes. These new security capabilities in IBM Cloud use technology from IBM and Intel.

As one of the initial partners of Docker and a long-standing contributor to Kubernetes, IBM has long recognized the potential that containers bring to help companies build cloud-native apps, as well as transport data and apps across multiple systems. Because of this, IBM is continuing to double down on strengthening containers as a key pillar of IBM Cloud. This builds on IBM work with Google and Lyft to launch Istio, a rapidly growing open project which helps developers better manage, secure and orchestrate the moving pieces of container-based apps, as well as the IBM collaboration with Google in the open community to launch Grafeas, a service which helps developers secure their supply chain of code when building with containers across multiple teams.

Increasing security, visibility and insight with experimental capability

IBM is also launching a new capability called IBM Cloud Security Advisor to provide developers and operational teams with a unified, simple dashboard view to help them gain visibility into the ongoing security of their apps.

Available as an experimental feature, IBM Cloud Security Advisor integrates directly into the IBM Cloud Container Service’s Vulnerability Advisor to provide developers with an instant, clear view of where and what vulnerabilities their apps may be at risk for. Cloud Security Advisor will also provide insights into the expiration of web server certificates so that DevOps teams can take timely action to avoid service disruption. It will also provide insights into potential emerging threats based on intelligence from across the globe and a continuous view to help determine whether or not their apps and the data within them remains compliant and in policy.

Managing access to container-based applications

Ensuring each user that accesses an app and its data is authorized to do so is a critical component of a strong cloud security strategy. To bring this level of assurance to apps built with containers and Kubernetes, IBM is expanding the features of its IBM Cloud App ID service, which helps to authenticate every user accessing an app, and integrating it with the IBM Cloud Container Service.

Developers will now be able to enable employees or users to sign in easily in a simple, streamlined way. The expanded functionality of App ID allows it to scale with an organization’s most updated user registry and user base, helping developers build cloud apps that work across platforms and integrate with social identity providers.,Users can sign in with credentials they have already created and know.

Each of the new services announced today can be used together to help provide continuous security and monitoring for cloud apps. For example, an airline building a new mobile reservation app for its passengers could quickly develop and release new features using the IBM Cloud Container Service with Trusted Compute while also using IBM Cloud Internet Services to protect network traffic and optimize performance for mobile users.

With these new services, IBM is ensuring the same speed and flexibility that make cloud apps so powerful in the enterprise are matched with sophisticated security measures which can be easily embedded into every stage of app development and data processing.

Get started with new security services on the IBM Cloud. And Check out previous announcement posts from key executives.

More Security stories

FacePhi biometric solution for mobile banking runs on IBM Cloud

Smartphones put the whole world in the palm of users’ hands. They can manage their personal lives, interact with friends and social networks, and bank and shop online. But how can we know that our interactions and transactions are secure? Social networks, e-commerce companies and banks require user names and passwords, but according to Tech […]

Continue reading

Extending security and performance from the cloud to the network edge with IBM and Cloudflare

The rate and sophistication of cyber security threats are growing daily, but security should not be a barrier to entry for enterprises on their cloud journey. More importantly, enterprises shouldn’t have to sacrifice application performance to enhance security. IBM and Cloudflare are working together to launch IBM Cloud Internet Services, a set of edge network […]

Continue reading