Security for Applications on Demand

IBM recognizes the overwhelming security challenges you face in the open network era where perimeter security is no longer sufficient. Our security model addresses these challenges proactively by adopting preventive security strategies and capabilities to secure all layers of the solution and by rigorous focus on continuous improvement of security processes.

5-layer security model - including Data Warehouse for storage and auto-correlation of all threats, vulnerability and intrusions

Best-of-breed applications to prvent unwanted intrusion, virus infiltration and unapproved system changes

Active port and system scanning - provides a consistent health record for all Internet-facing systems

Active security at IP address and port layer

Service level agreement - includes security controls, processes and threat resolutions

Demonstrated SAS 70 Type II Compliance under examination by independent auditors

IBM's model is designed to provide you the advantage of moving away from costly security point solutions that can be difficult to deploy and maintain. It is anticipated that you also benefit from mitigated risk for security research and development, decreased time to benefit, and a heightened level of security readiness.

IBM's security model includes the following components:

• Unified security framework over which the technologies and services are delivered. This preventative and proactive security foundation is designed to integrate key security technologies at various layers of the solution, including:
  • Perimeter Security – firewall and network intrusion detection systems
  • Managed Security Monitoring
  • Intrusion prevention, intrusion detection and data vaulting at the server layer
  • Compliance monitoring and management
  • Vulnerability assessment and management
• Critical security processes are designed to promote quality for security-rich reference builds and provide reporting metrics for continuous measurement. Our security best practices leverage partnerships with security vendors such as Mcafee/Entercept, Qualys, Patchlink, and ArcSight.
• Ongoing security awareness programs to address the "human perimeter" by elevating the importance of security and employee responsibility through education. In addition to education, we also strictly enforce compliance processes and procedures.