Cyber Threats and attacks are each day more sophisticated and coming from everywhere what requires to companies invest lots of money to protect them against external and internal attacks to avoid service disruption, sensitive data exposed and other inconveniences related to this kind of activity. These investments are usually concentrated from Operating System upwards however there are layers bellows that are essential to adhere to the corporate security policies to minimize the risk and ensure the systems are really in compliance.
Today I got access to an excellent paper called “Protect your IT systems with next generation security” that shows some security enhancements that IBM implemented on PureFlex systems to protect against emerging threat profiles that try to exploit layers such as Platform Infrastructure and Firmware-level.
Bellow you can see a graph that shows a compromised layer provides access to every layer above the compromised layer, therefore to ensure your applications are really secured you must ensure that security is appropriated from the platform infrastructure.
It is very impressive how these systems implement TCB – Trusted Computing Base in the lower layers. Over these 10+ years I’ve been working as a Systems Administrator I’ve never seen a manufacturer really able to apply corporate level security in the base platform — I suppose one reason is due to this kind of hardware being generally locked in restricted areas or private networks, however in the “zero downtime” era, IT support staff must have quick and secure access to the management console to reduce their response time.
IBM implementation of TCB secures the system hardware by addressing security vulnerabilities of Systems Management and Boot Firmware. Technologies such as intra and extra chassis links encrypting, centrally managed user repository, individual accountability, security object provisioning, controller integrity and code signing, are applied to provide an overall protection of system base.
Another great feature is the capability of IBM integrated management controller (IMMv2) and Chassis Management Module (CMM ) to detect new threats as soon as they are discovered so that proactive actions can be taken.
Since PureFlex is an integrated system these security features are tightly integrated and automated so you can have a hardened system without increase the administration efforts on it, simply setup and forget.
You can believe that attacks to the platform are not so common that is worth worrying about it at the moment; however, this is the kind of mindset that hackers rely on to take advantage to exploit systems, so don’t waste time and learn more about the new security features from PureFlex and discover how they can help you to deploy and keep a secure by design infrastructure. And be sure to check out the IT Systems Security whitepaper that got me thinking about all this.
