IBM Systems Magazine, Power Systems - November 2017 - 17
"IBM has a strong
reputation when it comes
to security. The IBM
Power Systems platform
has a brand reputation as
being secure and robust."
-Satya Sharma, CTO of IBM Cognitive
Systems and an IBM Fellow
Higher-level IBM security tools
like QRadar* can accept these
PowerSC alerts. The QRadar
family of solutions provides
security intelligence so clients
can spot and prevent real-time
network attacks, detect and track
malicious activity, and mitigate
Trusted Network Connect (TNC)
and patch management are also
integral to PowerSC. The software
can automatically detect any
noncompliance with patch-level
policies and ensure the system
has the prescribed patch level.
IBM offers libraries on AIX,
IBM i and Linux on POWER, which
make use of crypto-acceleration
capabilities on POWER8. "Users
have to do less work when they
want to make use of encryption.
These libraries do the heavy
lifting," Sharma says. Many of the
Linux on POWER libraries employ
POWER8 hardware encryption
IBM has added the ability to
turn encryption on for file systems.
"Once clients turn it on, they don't
need to worry how the encryption
is implemented," he says.
When it comes to vulnerability
patching, patch automation is
essential-particularly when a
A number of
patch must be rolled out across
thousands of virtual machines.
Automating a rollout ensures that
all virtual machines are patched
In addition to IBM's well-known
enterprise-class products such
as PowerSC, clients can leverage
open-source tools such as Chef
not only for Linux on POWER,
but also for AIX for patching. And
products such as BigFix* provide
patching capabilities for all kind
of workloads, including AIX and
Linux on POWER.
IBM's Cloud Management
Console (CMC) is a true Software
as a Service (SaaS) solution
that provides centralized
cloud-monitoring capabilities in
the form of services. For instance,
the Patch Planning service
provides an aggregated view of a
client's whole system, indicating
which components (e.g., AIX,
VIOS, HMC, etc.) are at the
prescribed level and which ones
need to be patched.
Blockchain is one of the
emerging technologies and
it's being widely embraced.
Turn to "Blockchain for 21st
Century Businesses" on page 9
to learn more about blockchain.
Information in the blockchain
flows across different systems
and different partners while
transactions are recorded, linked
and secured using cryptography.
The transactions (blocks)
appear in a unified view and are
inherently resistant to improper
IBM wants to be a blockchain
leader and has created a public
cloud blockchain service,
IBM Blockchain Platform.
"It's a natural play for IBM
given our heritage and brand
recognition," Sharma says.
IBM can implement services
like blockchain without clients
worrying about security.
A Holistic View
As cognitive systems become the
norm, IBM is designing security
to protect those deployments. For
example, IBM has taken cognitive
security into account with the
Coherent Accelerator Processor
(CAPI) model and interface that
exists on POWER8.
"The cognitive era makes
extensive use of accelerators
such as CAPI, so the security
parameter will need to go beyond
CPUs to include accelerators
whether they are graphical
processing units (GPUs) or
field-programmable gate arrays
(FPGAs)," Sharma points out.
One of the most attractive options
involves using network interface
controller (NIC) adaptors and
FPGAs. It's possible to implement
many advanced security features
when FPGAs are installed on
network adaptors, he says.
Across the board, security
underlies everything IBM does.
"IBM has an amazing security
record. If you take a look at our
vulnerability track record for
PowerVM*, it far exceeds any
other hypervisor in the market,"
Simplifying security is an
IBM goal. "We want to not only
provide security and performance
capabilities, but also make it
consumable so it's not difficult
or cumbersome for customers to
implement," says Sharma.
Security will remain a critical
part of IT as threats will always
exist and will continue to evolve.
Mitigating and managing those
threats is an ongoing task. IBM
is striving to make dealing with
security less overwhelming,
leaving IT more time to help
grow the business.
ibmsystemsmag.com NOVEMBER 2017 // 17