Authors

1. Janet Van, GTM Product Manager, IBM Cloud Security and Compliance, IBM Cloud
2. Shadi Albouyeh, Program Director, PowerVS Product Manager, IBM Cloud
3. Carlos Tolon, Product Manager, Sysdig Partner

Securing PowerVS Posture with the Security and Compliance Center Workload Protection

IBM Cloud Security and Compliance Center Workload Protection (SCC WP) now includes Cloud Posture Security Management (CSPM) for the IBM Power Virtual Server infrastructure on IBM Cloud, making it easier than ever to secure your IBM Power Systems environments. 

As the cloud-native application protection platform (CNAPP) for IBM, Security and Compliance CenterWorkload Protection helps you address security and regulatory compliance across cloud services, servers and virtual machines, containers or Kubernetes and on-premise environments. You can quickly identify vulnerabilities, check compliance at the cloud and operating system level, block runtime threats and respond to incidents faster.

What’s New: Expanded Posture Management (CSPM) for IBM Power Virtual Servers with Security and Compliance Center Workload Protection​

In highly regulated sectors such as financial services, continuous compliance in the cloud environment is crucial to protect customer and application data. Cloud Security Posture Management (CSPM) is one of the key features of the Security and Compliance Center Workload Protection service. When this feature is enabled in your workspace, the CSPM ensures that automatic compliance checks are integrated in your development workflow to mitigate such risks on a daily basis.

This expansion of IBM Cloud CSPM now enabled by default when configuring Power Virtual Server environment  accelerates hybrid cloud adoption by verifying security and regulatory compliance with automated compliance checks for IBM Cloud Framework for Financial Services, Digital Operational Resilience Act (DORA), CIS IBM Cloud Foundations Benchmark, PCI, and many other industry-related or best practice standards. For more information, see About IBM Cloud Security Posture Management (CSPM). Specifically CSPM helps with:

• Auto-discovery of PowerVS resources in Inventory, granting easy access to critical security findings.

• New and unique out-of-the-box posture controls for PowerVS available as part of the CIS Benchmark for IBM Cloud with detailed remediation guidance Dedicated posture controls for SAP workloads running on PowerVS.

• Customization of policies with parameterized controls or create custom controls for PowerVS resources to meet their unique business, auditory or forensic requirements. 

Inventory view of hybrid multi cloud infrastructure now expanded to include PowerVS resources

Unique controls for PowerVS only available in the CIS Benchmark for IBM Cloud

Enabling CSPM in PowerVS

To enable CSPM in a new Power Virtual Server workspace, complete the following steps:

• Log in to the IBM Cloud catalog with your credentials.

• In the search box, type Power Virtual Server and click the Power Virtual Server tile.

• Click Create a workspace.

• Select IBM data center as the location type.

• Select an IBM data center from the Location drop-down list and click Continue.

• In the Details section, provide a name for the workspace and select the resource group from the Resource group drop-down list. You can optionally provide User tags and Access management tags for the workspace.

• Click Continue. The selected workspace details are displayed on the Summary page.

• In the Integrations (Optional) section, note that the Cloud security posture management toggle switch is enabled by default. To disable CSPM, set Cloud security posture management to off.

• Click Finish. The selected workspace details are displayed on the Summary page.

• Select the I agree to the Terms and conditions checkbox and click Create.

Important: Integration costs are usage based and vary based on the hourly consumption for nodes and virtual machines. You can review the estimated cost on the Summary page. To review the cost associated with CSPM, see Security and Compliance Center Workload Protection in IBM Cloud catalog.

To enable CSPM in an existing Power Virtual Server workspace, complete the following steps:

• Log in to the IBM Cloud Power Virtual Server user interface.

• Click Workspaces in the left navigation menu.

• Select the workspace on which you want to enable CSPM. The Workspace details pane is displayed.

• To enable CSPM, click Add CSPM in the Integrations section. The Add cloud security posture management pane is displayed with the predefined SCC Workload Protection instance, Trusted profile, and App Configuration instance.

• Click Edit to change the name, location, and plan for the CSPM instance, and click Save.

• Click Create.

Learn More

• Gain in depth operating system visibility of your Linux and AIX virtual servers on PowerVS by installing the SCC WP agent:

• Workload Protection agent on AIX on PowerVS

• Workload Protection agent on Linux on PowerVS

• Linux for PowerVS Security with IBM Security and Compliance Center