IBM aims at securing Internet-exposed apps
Big Blue unveils tools and services for reducing risks of developing for and working in SOA and cloud computing environments
Follow @tsamson_IW
IBM today announced a host of offerings geared toward bolstering the security of the new generation of applications and services that fit into interconnected, vulnerability-prone SOA and cloud computing environments.
Among Big Blue's announcements at its Innovate 2010 conference are updates to the Tivoli Access Manager family, designed to help organizations provide centralized authentication, policy management, and access control services across cloud computing, SOA, portal, and Web-app environments. The idea here is to extend the type of broad, centralized security control IT admins have over internal applications to Web-based offerings, such as Salesforce.com or Google Apps.
[ Also on InfoWorld.com: In 5 years, will Microsoft be relevant in the cloud? | The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in the Web Browser Security Deep Dive PDF guide. ]
This approach, according to IBM, saves IT admins the headaches of having to manage security policies for users on a service-by-service or app-by-app basis. Rather, admins can create and manage policies for groups or individuals in a granular fashion from a central location while giving users single sign-on simplicity to access all of their services, apps, and data -- whether hosted internally or by a provider.
Additionally, IBM has introduced AppScan Source Edition, which is designed to scan applications for security vulnerabilities and compliance risks during the development process, rather than once the apps have gone live. The traditional "bolt-on" approach of adding security to systems once they're developed or implemented isn't effective, according to IBM, plus fixing apps after the fact is far more costly than making them secure from the start.
