IBM and Cloud Raxak Showcase Security Compliance at Cloud Expo


Executive Summary

Prabs Attaluri, IBM CTO for Cloud Service Solutions Management, and Sesh Murthy co-founder and SVP of Sales for Cloud Raxak, informed the Cloud Expo crowd on how to take advantage of the benefits of cloud computing by automating cloud security compliance.  Most enterprises don’t understand their role in the shared responsibility model for cloud security.  Even if enterprises use a secure (IaaS) like IBM SoftLayer, they still need a compliance service like Raxak Protect to secure their VMs, operating systems, and applications.   By combining IBM SoftLayer with Raxak Protect, enterprises can run secure applications across the hybrid cloud, while maintaining audit-ready compliancewith regulatory standards including finance (FFIEC), healthcare (HIPAA), and Retail (PCI), and Government (FISMA).



Enterprises are Embracing the Cloud but Security is a Shared Responsibility

Hybrid Cloud computing is being embraced by a majority of enterprises of all sizes.  A recent survey shows that 74% of enterprises have a hybrid cloud strategy, and 94% of enterprises are using some form of XaaS–software, platform, and infrastructure as a service.  Cloud computing delivers on-demand resources that provide businesses both flexibility and cost-savings. The challenge in moving workloads to the Cloud, has been the cost and complexity of ensuring initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance for virtual machines, operating systems applications and tools.

Slide05In the Sept 2015 research paper titled, “Cloud are Secure- You need to use them Securely”, Gartner predicts that through 2020, 95% of cloud security failures will be the customer’s fault.    Gartner contends that IaaS providers like IBM SoftLayer are secure, but that enterprises are not using them securely.  The enterprise portion of the shared responsibility model for cloud security requires them to secure  their virtual machines, operating systems, tools and applications.  If these areas are not secure, enterprises risk being vulnerable to a security breach.


Challenges with Manual Cloud Security 

In cloud applications, the entire application stack above the hypervisor is software defined.  Standard application packages and tools like databases, web servers, app servers and firewalls also have a long list of security settings. The rest of the virtualized network and storage infrastructure also needs to be correctly configured for security compliance purposes.

There could be over a thousand parameters that must be identified, set and checked for security compliance.  Enterprises have been trying manual security compliance methods, which are slow, prone to human error, and represent over 50% of the cost of managing cloud applications.  To prevent cloud security failures cost effectively, enterprises need to automate cloud security compliance.


Automating Cloud Security Compliance across the Hybrid Cloud

Cloud Raxak is an automated cloud security compliance solution, that emSlide13powers IT and application development teams to be compliant (HIPAA, PCI, FFIEC, FISMA) across their private and public clouds.  Starting with provisioning and continuing through the application lifecycle, Raxak Protect™ enables cloud apps to be deployed securely, quickly, cost-effectively and without human error.

As we mentioned above, manual security compliance methods comprises 50% of the cost of managing applications in the cloud. Raxak Protect automates these processes, providing significant savings. Through intelligent automation, Raxak Protect makes compliance as easy as spinning up a server in the cloud. By integrating security compliance directly into the cloud application development, test, and operational processes, Raxak Protect accelerates deployment, reduces costs, and simplifies auditing.

To learn more about Raxak Protect Automated Security Compliance and the IBM SoftLayer IaaS, please review the following resources


Back to Top