Security in IT systems today is a two-pronged problem. On one hand, there’s the security itself: a single compromised system can cost a company millions of dollars and untold lost customers, along with the persistent possibility of legal troubles. On the other, even if you are secure, you have to be able to prove it to regulatory bodies or else risk fines or loss of business. IBM seeks to address both of these challenges at once with its IBM PowerSC security solution for their AIX Power7 systems.
Creating Security
The IBM PowerSC system takes an innovative approach to system security with their “Trusted Boot” procedures. Most of these sorts of systems scan for malicious threats, a process which is necessarily always one step behind those creating the threats, and therefore inherently vulnerable. The IBM PowerSC approach is to instead store a signed and encoded version of each secured system and then looks for changes at boot up.
Any environment which has been modified behind the scenes in any way is immediately noticed by the system and flagged as a potential threat. As an administrator, you get a full report on the status of your servers, real and virtual, along with a detailed listing of any potential problems down to the file system level. In this way, you can easily spot any questionable changes quickly and respond to them before they become an issue.
Proving Security
The IBM PowerSC system also has a number of features for demonstrating the security of your computing environments. They include a Security Automation Compliance system that is pre-set with all of the current requirements of several major security standards, including Sarbanes-Oxley and the Department of Defense. It constantly monitors your systems and alerts you if/when a system has fallen out of compliance, as well as giving you details on how to bring it up to speed.
Finally, IBM PowerSC protects against deliberate tampering with the system logs with their Trusted Logging system. Every system log from every server is copied and sent to a secure location within the VIOS which no one, even someone like you with superuser privileges, can change or delete. With this, you can be assured that your system logs are always 100% reliable.
IBM’s PowerSC system is major step forward in systems security, and should be investigated by any large organization that needs to get serious about its security setup.
Photo Credit: David Goehring