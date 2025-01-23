Easily secure your IBM Cloud PowerVS Workloads with IBM Cloud Security and Compliance Center Workload Protection

23 January 2025

Authors

Ming Christensen

Director of Product Management (Power and SAP)

Vivek Kinra

Director of Product, Security and Compliance

Dimitrios Pendarakis

Chief Security Officer, IBM

IBM Power Virtual Server offers a powerful and flexible Cloud platform with built in security, reliability, availability and performance. This helps customers meet requirements for a variety of complex and highly regulated workloads: in the banking and financial industry for running payment processing solutions, advanced trading or risk management platforms, in transforming enterprise operations to scale with SAP S/4 HANA on IBM Cloud, or to provide advanced data protection and backup services for compliance intensive industries like healthcare with solutions like Cobalt Iron Compass Power.

Following the joint responsibility for security model applicable to Infrastructure as a Service (IaaS) offerings, customers can rely on IBM to ensure the security and reliability of the Power Virtual Server (PowerVS) platform infrastructure. However, the scale and complexity of Cloud based operations necessitates an additional solution that can address the risk of workload misconfiguration resulting in security or compliance exposures.

With the latest update to IBM Cloud Security and Compliance Center (SCC) Workload Protection, Power servers on IBM Cloud and on-premises are now supported for compliance posture management, bringing a new layer of security to your critical workloads running on PowerVS. This new capability ensures that critical enterprise applications and workloads like SAP, Oracle, and DB2, can be protected and monitored more efficiently with a comprehensive security and compliance solution.

What is SCC Workload Protection?

IBM Cloud Security and Compliance Center (SCC) Workload Protection is a cloud-native application protection platform (CNAPP) that allows customers to monitor and secure workloads across hybrid multicloud environments. With SCC Workload Protection, you can leverage advanced features for vulnerability management (VM), cloud security posture management (CSPM) for IBM Cloud (and other clouds), along with threat detection, helping you safeguard your most critical business applications.

SCC Workload Protection has been recognized as an industry-leading solution by Kuppinger-Cole in its 2024 Leadership Compass for CNAPP. The platform provides unified protection across all your hybrid multicloud environments, with real-time monitoring and visibility into security and compliance risks that could affect your workloads.

What does SCC Workload Protection do for PowerVS?

SCC Workload Protection now provides compliance posture management capabilities for critical workloads on PowerVS, including AIX and Enterprise Linux on Power. With compliance posture management, these capabilities are designed to provide unified monitoring of your workloads’ posture to help access and manage compliance against regulatory and industry standards, such as CIS Benchmarks, in addition to advanced workload protection capabilities with vulnerability scanning and real-time threat detection for Linux on Power.

Businesses running mission-critical workloads on PowerVS can continue to accelerate innovation in today’s era of cloud transformation, while continually meeting regulatory compliance and maintaining stringent security for regulated workloads at scale with these key features and benefits:

1. Unified management across hybrid cloud workloads with an inventory view of asset.

  • Unified inventory view of workloads across hybrid multicloud including PowerVS, IBM Power on-premises for both AIX and Linux, as well as IBM Cloud services. Automatically centralize your entire workload landscape with deep platform insights.
  • Seamless configuration automatically integrated with IBM Cloud native services, resources and configurations to ensure minimal disruption and fewer compatibility issues.

2. Comprehensive monitoring of workload configurations through a compliance dashboard

  • Out-of-the-box policies of controls built-in based on regulatory frameworks and industry standards such as NIST 800-53, SOC2, DORA and CIS Benchmarks for IBM Cloud, Linux and AIX.
  • Compliance posture dashboard to easily assess compliance state against applied policies and evaluate control requirements by individual resources, including servers and applications, to identify and fix issues promptly.
  • Policy Evaluations against CIS Benchmarks and other industry and regulatory frameworks, providing a comprehensive compliance score. The tool identifies non-compliant systems and offers actionable remediation guidance to help you resolve any compliance gaps.

3. Ability to identify security risks before production with vulnerability management

  • Automated scanning across all infrastructure deployment pipelines to identify critical vulnerabilities and prioritization of packages most vulnerable and in-use of Linux resources.
  • Real-time threat detection with runtime policies consisting of rules to detect and respond to suspicious activity and violations plus drift control to identify threats of Linux resources in real-time.

4. Additional use cases with SCC Workload Protection

  • Monitoring the end of life (EOL) for AIX 7.1 by monitoring the lifecycle of AIX versions and providing visibility into the risks of running unsupported versions and any potential vulnerabilities that may arise from using outdated software.
  • Driving secure adoption of IBM Cloud and Hybrid Cloud with native support in the IBM Cloud platform and broad support across hybrid multicloud environments including IBM Cloud, other cloud providers and on-premises workloads.

By integrating PowerVS AIX or Linux compliance posture management into the platform, SCC Workload Protection is a critical driver for organizations looking to adopt IBM Cloud and further manage their hybrid cloud infrastructure. With native integration in IBM Cloud’s platform, it offers simplified set up and centralized access management, reducing time to value and the operational costs to secure these critical workloads. To summarize, SCC Workload Protection enhances PowerVS workloads with a unified view of security and compliance, improving risk management and boosting operational confidence.

Get Started with SCC Workload Protection for PowerVS

As a hybrid multicloud CNAPP solution, SCC Workload Protection is available for all clients requiring leading-edge security and compliance management across their full environment including Power, PowerVS, Linux on Power, AIX on Power and IBM Cloud.

SCC Workload Protection available in the IBM Cloud catalog

Getting started with SCC Workload Protection guidance

