IBM Targets Cloud Computing With Security Infrastructure, Services

Seeking to allay widespread fear of data breaches, IBM introduces security assessments, SaaS offerings and hosted vulnerability management.
Slideshow: Cloud Security Pros And Cons
Slideshow: Cloud Security Pros And Cons
(click image for larger view and for full slideshow)
IBM on Wednesday announced initiatives aimed at overcoming many enterprises' current hesitation over adopting cloud computing: security.

According to a study also released on Wednesday by IBM, 77% of businesses think that adopting cloud computing requires privacy trade-offs, 50% worry that clouds lead to data breaches, and 23% fear that cloud computing will weaken corporate security. Those results come from a global survey of 556 IT managers.

To help address those security concerns, IBM outlined these moves: strategy roadmaps and security assessments; actual SaaS offerings, such as hosted security event and log management; and hosted vulnerability management.

In addition, IBM said it has research projects under way aimed at bolstering cloud security. Its Integrated Trusted Virtual Data Center project aims to harden everyday infrastructure by isolating more of its components.

For example, the underlying security mechanisms can "verify the integrity and correct configuration of infrastructure components, such as hypervisors, to help prevent low-level attacks such as spoofing or deceiving computer systems or other computer users by hiding or imitating one's Internet identity." Some of those capabilities have been added to the IBM Smart Business Test and Development cloud, as well as to IBM Systems Director VMControl.

Moreover, IBM has added "introspection monitoring" to its IBM Virtual Protection System. This capability provides a more holistic approach to virtualization security than current introspection systems do, said IBM, because it can look beyond just the inside of any given virtual machine. IBM said the capability "detects potential malware attacks from outside the virtual machine and scans the operating systems inside to confirm they are running properly." Accordingly, it can detect the presence of malicious code or exploits aimed at fooling the virtualized operating systems into granting inappropriate access rights.