Cloud Workload Protection Services for AWS

IBM Security Services for AWS Cloud provides consulting, systems integration, and managed services to assess, design, implement and manage the security policies for your cloud workloads running on AWS EKS, ROSA and Fargate.
Our services provide a flexible delivery model designed to help you address your AWS Cloud workload security requirements regardless of where you are on your cloud journey.

IBM Security Services for Cloud will provide managed security services with dedicated security expertise that helps monitor and manage the security of your cloud-native environments through build, ship, and run-time phases:

• Application policy management: Automated app behavior analysis, policy assignment to apps; custom app policy optimization; L3 and L7 firewall optimization and configuration. • Vulnerability management: Automated vulnerability ranking to visually identify rogue containers, registries, images or applications for prioritized remediation. • Threat management: End-to-end threat management strategy that helps you identify, protect, and detect advanced threats – and if necessary, respond/recover from disruptions.

With Cloud Workload Protection Services, coverage for cloud workloads is delivered, regardless of where they are running: • Securing the image • Design of the “validate stage” • Detection of configuration defects • Define registry scanning policies Securing orchestration • Implement RBAC policies • Implement proper API controls • Design/implement workload security zones Securing containers • Set up vulnerability management • Monitor/control unbounded network access • Detect and fix insecure runtime configs Securing hosts • Harden and scan host OS and running apps • Segregation of host resources • Ensure the use of configuration management and effective authentication Securing serverless infrastructure • Audit processes • Implement runtime controls • Develop policies for effective authentication

Key value
• Assessment: Assess your current state of existing container environment by analyzing DevSecOps processes, application design, and solution requirement to find gaps and build a roadmap for your future state. • Design: After assessment, our security experts can design solutions based on the future state roadmap – including macro and micro design, process definitions, and workload-centric security policies. • Implementation: We will help implement appropriate security tooling to help deployment planning, container solution implementation, and 3rd party integrations. • Management: Once at steady state, we can provide continuous monitoring and compliance reporting, incident analysis and response, policy governance, and proactive vulnerability management through our X-Force Red services that allow for vulnerability ranking for prioritized remediation.

Key benefits
• With IBM Security experts, limited resource time is optimized by helping identify/analyze vulnerabilities with shift-left expertise • Centralized visibility to minimizes risks with 24x7x365 proactive container event monitoring, alerting, and vulnerability and threat management • Security policies governance which enables security governance for workload-centric security policies, IT policy management and enforcement • Secure application development that transforms people, process, and technology to unify Security and DevOps • Security at cloud speed to innovate securely through infrastructure automation and scalable security

Cloud Workload Protection services can vary both in duration and engagement type. Fee will vary depending upon scope. Each customer’s requirements and maturity are uniquely considered to determine the applicable approach, which may consist of: • Cloud security consulting services to assess and develop your AWS and hybrid cloud strategy. • Assessment services to assess current state of Kubernetes and/or Red Hat OpenShift environment as well as application requirements. Assess cloud workload requirements across multicloud and infrastructure requirements (containers, serverless, VMs, etc). Define a future-state roadmap according to your risk appetite. • Enrich your security insights across infrastructure and workloads by also leveraging IBM Security Services for Cloud Security Posture Management and others services from the IBM Security portfolio.