The first piece of IBM’s continuous security strategy involves a partnership with Cloudflare called IBM Cloud Internet Services. It uses several of Cloudflare’s cloud-based services, including DDoS and domain name protection, web application firewall, load balancing and transport layer security, and it makes all of these available through IBM Cloud.
“As our customers are building cloud applications in a rapid way, our focus is on helping them do continuous security,” said Nataraj Nagaratnam, CTO for IBM Cloud security. “As they roll out these applications, they want to protect them from network attacks and threats. That’s where Cloudflare comes into play. The integration with IBM Cloud provides an optimized user experience so CloudFlare can protect developers’ applications on the front end, with security built in.”
These services are globally available in early access.
The next two features build on IBM’s earlier work to secure containers running in the cloud.
Cloud Container Service Integrations
One new capability, called IBM Cloud Security Advisor, integrates into the IBM Cloud Container Service’s Vulnerability Advisor to provide visibility into potential vulnerabilities in apps. It also tells users when web server certificates will expire so they can take action and avoid service disruptions. And it compiles insights into compliance issues as well as new threats based on global intelligence.
“We want to give customers a single pane of glass so if they are pushing out an application, they can fix any vulnerabilities before it goes into production,” Nagaratnam said.
This is available as an experimental feature. IBM wants input from developers using Cloud Security Advisor before making it generally available later this year.
The final cloud security feature IBM announced this week extends its identity service to container environments. It integrates the capability to authenticate every user accessing an app into the IBM Cloud Container Service.
“You need to make sure the right authorized users have access to your applications, and you need to authenticate those users,” Nagaratnam said. “But ultimately developers don’t need to understand all the gory details of how to authenticate users, they just need to switch on the service so authentication can happen.”
These new security capabilities also point to IBM’s continued container push. The company also this week began offering native Kubernetes support through a managed service model running on bare metal cloud infrastructure. The move allows organizations to eek out higher performance from their container deployments.