IBM announced today that it is expanding and adding new features to its Cloud for Financial Services and launching the IBM Research Cloud Innovation Lab, which is good news for institutions looking for help with cloud-based security and regulatory compliance. IBM Research played a central role in developing the technology underpinnings of IBM’s financial services public cloud, including several new offerings.
New technologies emerging from IBM Research, for example, helped create the new IBM Cloud Security and Compliance Center, an IBM Cloud service, which will allow clients to continuously monitor and enforce their security and compliance postures across their workloads. Our mission is to develop cloud infrastructure that can help our clients to unlock the speed and innovation of the public cloud.
The IBM Cloud Security and Compliance Center will enable a seamless and automated process of cloud security improvement and adaptation for the IBM financial services cloud. That is crucial for financial services institutions in particular because, when such businesses move their highly regulated applications and data to a public cloud they can potentially lose control over the underlying infrastructure and management platform on which their applications run. That means, to maintain trust in the infrastructure, customers cannot rely only on people operating it, but must also get access to data that can validate it can support regulatory standards.
The industry’s compliance transformation journey will not only modify how we design and develop new systems and how we monitor their success. It will also change how regulators develop and publish new regulations, creating a demand for machine readable, standardized formats. As financial services firms increasingly migrate workloads to the cloud, auditors will likewise become more reliant on technology and standards to perform audits. Such transformation of the regulatory compliance process is essential to allow banks to innovate while addressing regulatory obligations.
The Center will build upon IBM’s recent Spanugo acquisition and extend enforcement, monitoring and remediation of policies with tools to automate compliance management processes. In supporting Open Security Controls Assessment Language (OSCAL) compliance standard, the IBM Cloud Security and Compliance Center will offer a standards-based foundation for the automation of compliance processes. The current approach that most businesses follow to ensure they address regulatory standards is process and labor intensive and, as a result, very error prone. To achieve continuous audit readiness, banks should automate the creation of documentation demonstrating they have implemented controls related to regulations and measured the effectiveness of their implementation. Such automation requires standards-based machine-readable artifacts relating to compliance, something the broad use of OSCAL can help ensure.
IBM Research was also an enabler for the new security-focused SecDevOps initiative, and led the development of new analytics that will help development teams more easily build secure and compliant applications on Red Hat OpenShift. OpenShift is a hybrid cloud platform for running cloud-native enterprise applications. We also partnered with NIST and open source communities to help improve the standard and build open technologies around it. This reinforces IBM’s commitment to open standards and open communities on the cloud.
SecDevOps is a practice of performing security controls in the development process so issues can be detected and resolved before applications are deployed to production environments. SecDevOps shifts a significant part of responsibility for workload security to development teams often not sufficiently skilled in cybersecurity. Increasingly, such teams are being called upon to reconcile the need for addressing security problems with the need to develop new application features. SecDevOps is a welcome approach from security perspective and will provide visibility into application security and compliance posture across an application’s entire life-cycle, but it needs to be realized in a way that supports the productivity of application teams.
As part of IBM’s SecDevOps initiative, the company will offer Devops Toolchains on OpenShift as a service that includes a suite of IBM Research-developed automated security and compliance analytics for cloud applications. Our Devops Toolchains can identify vulnerabilities, license violations and configuration problems, and they can do it across entire business applications thanks to the adoption of infrastructure-as-code principles. Thus, security checks cover network configuration, access permission and other security concerns besides vulnerabilities and container security benchmarks. The security analytics built in the toolchain service provides development teams with codified security expertise delivered automatically and transparently and integrated with the developer tools and practices they are used to.
Toolchain capabilities can be configured by security and compliance engineers to ensure each development team is performing the required set of checks according to the security and compliance baseline defined by the organization. Checks performed by the Devops Toolchains are integrated with the IBM Cloud Security and Compliance Center, permitting continuous visibility, evidence collection and compliance assessment of an application through its entire life-cycle.
The new IBM Research Cloud Innovation Lab will leverage our expertise, skills and early access to emerging technologies to help financial services clients and ecosystem partners advance state-of-the-art cloud technologies.
Lab members will have the opportunity to interact with IBM researchers and gain access to demonstrations. They will be given the opportunity to experiment with most recent innovations on the OpenShift hybrid cloud platform that relates to security and compliance, productivity and automation, as well as intelligent customer interactions. The Innovation Lab will also facilitate meaningful exchanges between members and Researchers. One example is through an advisory council, where a subset of lab members are provided an opportunity to help influence the Cloud Research agenda.
The Innovation Lab is intended for a broad audience within top financial institutions —there will be something there for everyone, ranging from business stakeholders to technical personnel. Business stakeholders can gain awareness of the capabilities Research is working on and how they may be used to help solve financial services-related business issues. Reinforcing IBM’s commitment to open standards and open communities on the cloud, developers, data scientists and fellow researchers can benefit from some insights into how our emerging technology actually works.
IBM Research’s latest contributions to IBM’s Cloud for Financial Services are yet another example of how our organization helps deliver innovations from our labs directly to IBM customers. In this instance, we are working alongside members of IBM’s public cloud team to improve the industry-first platform that will enable financial services institutions to leverage OpenShift’s security and flexibility to address their regulatory and security requirements on an ongoing basis.
Our researchers also played a pivotal part in creating IBM Cloud Functions, IBM Kubernetes Service, Multicloud Manager and Key Protect, as well as the development and adoption of Istio as an enterprise service mesh. Our teams were also core contributors to the IBM Cloud Gen 2 control plane and SDN. Each of these achievements builds upon the last to ensure IBM Cloud users have access to the latest breakthroughs in cloud technology.
For more information on the Research Cloud Innovation Lab, please email us.