WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Secure out of the box with Cloud Pak for Applications

By James Mulvey posted Wed December 23, 2020 10:14 AM

  

With Cloud Pak for Applications (CP4Apps), security is a fundamental component, engineered in from the start.  We follow the discipline established with the IBM Security and Privacy by Design initiative for secure engineering.

This includes a deep assessment of our various products and components including a survey, privacy assessment, and  threat model, as well as application static, and dynamic scans and penetration testing. All components are also enrolled in the IBM PSIRT vulnerability management system.

Cloud Pak for applications provides an out of the box devsecops build pipeline for your applications and offers an easy way to hook a container-level vulnerability scan using OpenSCAP and container signing using Skopeo to your application builds.

Cloud Pak for Applications offers a built in Single-Signon  (SSO) server based on Red Hat SSO (Keycloak) that can easily be enabled and used as an Identity Provider or Open ID Connect provider. This is entitled for your use with OpenShift and Cloud Pak for Applications.

With RH-SSO, you can easily connect your new CP4Apps cloud native applications/microservices to an SSO server that produces JSON Web Tokens (JWTs) for propagating and asserting identity. 

There's support for connecting up to the OpenShift Service Serving Certificate Authority and the Cloud Pak Common Services Certificate Manager now included in the Open Liberty operator that ships with Cloud Pak for Applications. 

This provides a simple way to configure for a default TLS-enabled environment for all Liberty-based microservices.  The Open Liberty operator can also be easily configured to connect Liberty servers to the built in Red Hat SSO server in the cluster.

In summary, IBM Cloud Pak for Applications is more than ready to secure your most critical application workloads as you migrate them or re-factor and develop new solutions.

Refer to my attached TechCon2020 session for more details and feel free to drop me an email if you want to discuss this topic more (jmulvey@us.ibm.com).

P03_Security_Fundamentals_in_Cloud_Pak_for_Applications.pdf

0 comments
14 views

Permalink

https://community.ibm.com/community/user/blogs/james-mulvey1/2020/12/23/cp4apps-security-ootb