IBM Secure Engineering Portal

IBM Secure Engineering Practices

IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated, or can result in misuse of your systems to attack others.

No IT system or product can be made completely secure and no single product or security measure can be completely effective in preventing improper access.

IBM is both a provider and a consumer of Commercial-off-the-Shelf (COTS) Information Technology hardware, software and services in the global marketplace.

As a consumer of Information Technology, IBM is aware of the need for security related development practices for products, solutions and services used in its Enterprise Computing environments. As a developer of Information Technology for the global marketplace, IBM works to understand and address common requirements for functionality, performance, scalability and security of IBM offerings.

Based on our experience, the key to delivering products and services that are designed to meet client's high expectations is to focus product development execution in four critical areas: a Common Development Process; a Secure Engineering Framework; a Continuous Security Improvement model; and a Supply Chain Security process. This combination of process, framework, and model integrate with a broader set of externally facing processes referred to as global supply chain management.

IBM Secure Engineering Framework

The IBM Secure Engineering Framework reflects best practice from across the company and directs our development teams to give proper attention to security during the development lifecycle. These practices are intended to help enhance product security, protect IBM intellectual property and support the terms of warranty of IBM products.

Secure Engineering is an important element of the overall IBM security strategy. It is reflected in our internal initiative that works to address the dynamic nature of security in our development process. It is also reflected in our drive to meet the demand for high quality, high assurance business solutions, services and Information Technologies for our customers and our own operation.

IBM Secure DevOps

DevOps brings development and operations together. It enables businesses to continuously develop and deploy services and offerings on the cloud, incorporating customer feedback and new requirements as they arise. Security must be incorporated into this approach from the first stages of development – ensuring the application runs on a safe platform, the code is free from vulnerabilities, and the operational risks are clearly understood.

This article, Securing workloads on IBM Cloud: Secure DevOps examines the five facets of secure DevOps, shows you how to implement them in your cloud solutions, and describes how IBM implements those standards when developing cloud offerings.

White papers and Analyst Reports

Network World: IBM Demonstrates Secure Product Development Leadership