IBM Systems Magazine, Mainframe - November/December 2017 - 14
a customer's VMs in a weekend,
Petta points out.
Qualified MSPs are also able
to streamline security through
automated processes. MSPs can
rapidly deploy OSes on servers so
they all have the same security
setting, which makes updating fast
and consistent across all systems.
For many companies,
cloud can play a role in the
standardization of images on a
computer. An image is a single
VM of a given configuration
that's copied, like a template
file, repeatedly on hypervisors
to create many customer VMs
quickly and identically. When
organizations build OSes on
one computer at a time, the
computers aren't consistent.
One computer may be designed
to meet one business need, and
another for something different.
In the cloud, the same system
can be deployed repeatedly so
every environment is identical.
"This allows you to build VMs
so they're all the same and the
security is the same. This is a big
deal for clients when they have a
cloud as a dynamic environment
that can allow for growth,"
"A retailer might need 3,000
VMs to run its business during
the holidays, but only 500
In an MSP
select from a
menu of options,
in the summer. That's where
standardization comes in. You
can scale up with 2,500 new
machines that are all the same.
There are no human errors, and
the images can be regularly
updated and patched before
deployment to always have the
most recent security updates on
them when they are installed."
Integrating security into every
layer of the cloud, from the
data center to the OS with
regular security scans to spot
vulnerabilities, is the best
practice. Although it's possible
to bolt-on security measures
later-which is better than no
security at all-retrofitting is
almost always more expensive
than implementing security
measures that are in place during
"If you build in security at
every layer, it's a much stronger
solution than if you have a cloud
that's partially secure, and then
you come back later and say, 'I
need a security system for my
network or my database or my
application' that gets added on
later," Petta says. "When you try
to use different solutions, they
may not talk to each other very
well and leave gaps."
In addition, if multiple vendors'
technologies are used, they may
not integrate, leaving it difficult
to secure the data. "They may not
coordinate in the way you want
them to. At IBM, we don't roll out
anything without security built in.
We make sure each layer talks to
the other layers," Petta explains.
For example, some security
firms are now leveraging big data
and analytics for data protection.
These companies collect
security-related data from about
100 of their customers, and then
analyze it. The insights inform
their customers about security
threats, such as what types of
attacks are likely, where in the
network they will strike and the
possible impact if successful.
Companies can use that
intelligence to thwart attacks and
safeguard the data environment.
"We now have so much
computing power, IBM Watson*
technology is one example, that
can crunch, analyze, and slice
and dice so much data to see
trends and behaviors, and prepare
for threats more effectively," Petta
said. "Machine learning will also
play a role by recognizing bad
actors. This is technology to get
ahead of the breach to prevent it
instead of react to it."
Questions to Ask Providers
Tony Petta, IBM Cloud Managed Services Compliance and Audit focal,
recommends that businesses ask a managed service provider these
questions to ensure the solution will meet expectations:
* Who is responsible for security?
* How do I know the security is adequate for my needs?
* Does your service include disaster recovery in case something
* How long have you been providing cloud security solutions?
* How often are security checks performed?
14 // NOVEMBER/DECEMBER 2017 ibmsystemsmag.com
Public clouds are secure in
certain areas, but don't provide
security. By contrast, an MSP
can deliver the level of security
the business needs and is then
responsible for that level of health
and protection for the system.
"With public clouds, once they
take the payment and deliver
the resources to stand up the
cloud, everything above the
hypervisor, which is what creates
the virtualization layer that runs
directly on the hardware, is your
responsibility," Petta says.