Privileged Access Management for Secure Storage Administration: IBM Spectrum Scale with IBM Security Verify Privilege Vault PDF Download
Are you looking for read ebook online? Search for your book and save it on your Kindle device, PC, phones or tablets. Download Privileged Access Management for Secure Storage Administration: IBM Spectrum Scale with IBM Security Verify Privilege Vault PDF full book. Access full book title Privileged Access Management for Secure Storage Administration: IBM Spectrum Scale with IBM Security Verify Privilege Vault by Vincent Hsu. Download full books in PDF and EPUB format.
Author: Vincent Hsu
Publisher: IBM Redbooks
ISBN: 0738459313
Category : Computers
Languages : en
Pages : 32
Get Book Here
Book Description
There is a growing insider security risk to organizations. Human error, privilege misuse, and cyberespionage are considered the top insider threats. One of the most dangerous internal security threats is the privileged user with access to critical data, which is the "crown jewels" of the organization. This data is on storage, so storage administration has critical privilege access that can cause major security breaches and jeopardize the safety of sensitive assets. Organizations must maintain tight control over whom they grant privileged identity status to for storage administration. Extra storage administration access must be shared with support and services teams when required. There also is a need to audit critical resource access that is required by compliance to standards and regulations. IBM® SecurityTM Verify Privilege Vault On-Premises (Verify Privilege Vault), formerly known as IBM SecurityTM Secret Server, is the next-generation privileged account management that integrates with IBM Storage to ensure that access to IBM Storage administration sessions is secure and monitored in real time with required recording for audit and compliance. Privilege access to storage administration sessions is centrally managed, and each session can be timebound with remote monitoring. You also can use remote termination and an approval workflow for the session. In this IBM Redpaper, we demonstrate the integration of IBM Spectrum® Scale and IBM Elastic Storage® Server (IBM ESS) with Verify Privilege Vault, and show how to use privileged access management (PAM) for secure storage administration. This paper is targeted at storage and security administrators, storage and security architects, and chief information security officers.
Author: Vincent Hsu
Publisher: IBM Redbooks
ISBN: 0738459313
Category : Computers
Languages : en
Pages : 32
Get Book Here
Book Description
There is a growing insider security risk to organizations. Human error, privilege misuse, and cyberespionage are considered the top insider threats. One of the most dangerous internal security threats is the privileged user with access to critical data, which is the "crown jewels" of the organization. This data is on storage, so storage administration has critical privilege access that can cause major security breaches and jeopardize the safety of sensitive assets. Organizations must maintain tight control over whom they grant privileged identity status to for storage administration. Extra storage administration access must be shared with support and services teams when required. There also is a need to audit critical resource access that is required by compliance to standards and regulations. IBM® SecurityTM Verify Privilege Vault On-Premises (Verify Privilege Vault), formerly known as IBM SecurityTM Secret Server, is the next-generation privileged account management that integrates with IBM Storage to ensure that access to IBM Storage administration sessions is secure and monitored in real time with required recording for audit and compliance. Privilege access to storage administration sessions is centrally managed, and each session can be timebound with remote monitoring. You also can use remote termination and an approval workflow for the session. In this IBM Redpaper, we demonstrate the integration of IBM Spectrum® Scale and IBM Elastic Storage® Server (IBM ESS) with Verify Privilege Vault, and show how to use privileged access management (PAM) for secure storage administration. This paper is targeted at storage and security administrators, storage and security architects, and chief information security officers.
Author: Felipe Knop
Publisher: IBM Redbooks
ISBN: 0738457167
Category : Computers
Languages : en
Pages : 116
Get Book Here
Book Description
Storage systems must provide reliable and convenient data access to all authorized users while simultaneously preventing threats coming from outside or even inside the enterprise. Security threats come in many forms, from unauthorized access to data, data tampering, denial of service, and obtaining privileged access to systems. According to the Storage Network Industry Association (SNIA), data security in the context of storage systems is responsible for safeguarding the data against theft, prevention of unauthorized disclosure of data, prevention of data tampering, and accidental corruption. This process ensures accountability, authenticity, business continuity, and regulatory compliance. Security for storage systems can be classified as follows: Data storage (data at rest, which includes data durability and immutability) Access to data Movement of data (data in flight) Management of data IBM® Spectrum Scale is a software-defined storage system for high performance, large-scale workloads on-premises or in the cloud. IBM SpectrumTM Scale addresses all four aspects of security by securing data at rest (protecting data at rest with snapshots, and backups and immutability features) and securing data in flight (providing secure management of data, and secure access to data by using authentication and authorization across multiple supported access protocols). These protocols include POSIX, NFS, SMB, Hadoop, and Object (REST). For automated data management, it is equipped with powerful information lifecycle management (ILM) tools that can help administer unstructured data by providing the correct security for the correct data. This IBM RedpaperTM publication details the various aspects of security in IBM Spectrum ScaleTM, including the following items: Security of data in transit Security of data at rest Authentication Authorization Hadoop security Immutability Secure administration Audit logging Security for transparent cloud tiering (TCT) Security for OpenStack drivers Unless stated otherwise, the functions that are mentioned in this paper are available in IBM Spectrum Scale V4.2.1 or later releases.
Author: Felipe Knop
Publisher:
ISBN:
Category :
Languages : en
Pages : 118
Get Book Here
Book Description
Storage systems must provide reliable and convenient data access to all authorized users while simultaneously preventing threats coming from outside or even inside the enterprise. Security threats come in many forms, from unauthorized access to data, data tampering, denial of service, and obtaining privileged access to systems. According to the Storage Network Industry Association (SNIA), data security in the context of storage systems is responsible for safeguarding the data against theft, prevention of unauthorized disclosure of data, prevention of data tampering, and accidental corruption. This process ensures accountability, authenticity, business continuity, and regulatory compliance. Security for storage systems can be classified as follows: Data storage (data at rest, which includes data durability and immutability) Access to data Movement of data (data in flight) Management of data IBM® Spectrum Scale is a software-defined storage system for high performance, large-scale workloads on-premises or in the cloud. IBM SpectrumTM Scale addresses all four aspects of security by securing data at rest (protecting data at rest with snapshots, and backups and immutability features) and securing data in flight (providing secure management of data, and secure access to data by using authentication and authorization across multiple supported access protocols). These protocols include POSIX, NFS, SMB, Hadoop, and Object (REST). For automated data management, it is equipped with powerful information lifecycle management (ILM) tools that can help administer unstructured data by providing the correct security for the correct data. This IBM RedpaperTM publication details the various aspects of security in IBM Spectrum ScaleTM, including the following items: Security of data in transit Security of data at rest Authentication Authorization Hadoop security Immutability Secure administration Audit logging Security for transparent cloud tiering (TCT) Security for OpenStack drivers Unless stated otherwise, the functions that are mentioned in this paper are available in IBM Spectrum Scale V4.2.1 or later releases.
Author: Bill Scales
Publisher: IBM Redbooks
ISBN: 0738460435
Category : Computers
Languages : en
Pages : 26
Get Book Here
Book Description
IBM Spectrum® Virtualize based storage systems are secure storage platforms that implement various security-related features, in terms of system-level access controls and data-level security features. This document outlines the available security features and options of IBM Spectrum Virtualize based storage systems. It is not intended as a "how to" or best practice document. Instead, it is a checklist of features that can be reviewed by a user security team to aid in the definition of a policy to be followed when implementing IBM FlashSystem®, IBM SAN Volume Controller, and IBM Spectrum Virtualize for Public Cloud. The topics that are discussed in this paper can be broadly split into two categories: System security This type of security encompasses the first three lines of defense that prevent unauthorized access to the system, protect the logical configuration of the storage system, and restrict what actions users can perform. It also ensures visibility and reporting of system level events that can be used by a Security Information and Event Management (SIEM) solution, such as IBM QRadar®. Data security This type of security encompasses the fourth line of defense. It protects the data that is stored on the system against theft, loss, or attack. These data security features include, but are not limited to, encryption of data at rest (EDAR) or IBM Safeguarded Copy (SGC). This document is correct as of IBM Spectrum Virtualize version 8.5.0.
Author: IBM
Publisher: IBM Redbooks
ISBN: 0738460141
Category : Computers
Languages : en
Pages : 54
Get Book Here
Book Description
Cyberattacks are likely to remain a significant risk for the foreseeable future. Attacks on organizations can be external and internal. Investing in technology and processes to prevent these cyberattacks is the highest priority for these organizations. Organizations need well-designed procedures and processes to recover from attacks. The focus of this document is to demonstrate how the IBM® Unified Data Foundation (UDF) infrastructure plays an important role in delivering the persistence storage (PV) to containerized applications, such as IBM Cloud® Pak for Security (CP4S), with IBM Spectrum® Scale Container Native Storage Access (CNSA) that is deployed with IBM Spectrum scale CSI driver and IBM FlashSystem® storage with IBM Block storage driver with CSI driver. Also demonstrated is how this UDF infrastructure can be used as a preferred storage class to create back-end persistent storage for CP4S deployments. We also highlight how the file I/O events are captured in IBM QRadar® and offenses are generated based on predefined rules. After the offenses are generated, we show how the cases are automatically generated in IBM Cloud Pak® for Security by using the IBM QRadar SOAR Plugin, with a manually automated method to log a case in IBM Cloud Pak for Security. This document also describes the processes that are required for the configuration and integration of the components in this solution, such as: Integration of IBM Spectrum Scale with QRadar QRadar integration with IBM Cloud Pak for Security Integration of the IBM QRadar SOAR Plugin to generate automated cases in CP4S. Finally, this document shows the use of IBM Spectrum Scale CNSA and IBM FlashSystem storage that uses IBM block CSI driver to provision persistent volumes for CP4S deployment. All models of IBM FlashSystem family are supported by this document, including: FlashSystem 9100 and 9200 FlashSystem 7200 and FlashSystem 5000 models FlashSystem 5200 IBM SAN Volume Controller All storage that is running IBM Spectrum Virtualize software
Author: Clarence Pouthier
Publisher: IBM Redbooks
ISBN: 0738456365
Category : Computers
Languages : en
Pages : 24
Get Book Here
Book Description
The Payment Card Industry Data Security Standard (PCI-DSS) is the global information security standard for organizations that process, store, or transmit data with any of the major credit card brands. More and more organizations are looking for compliance with this standard. This IBM® RedpaperTM describes how the features and functions of IBM SpectrumTM Virtualize help organizations towards compliance of their IT infrastructure on relevant areas of the PCI-DSS standard. IBM Spectrum VirtualizeTM is the software common to all IBM Storwize® products such as IBM SAN Volume Controller (SVC), IBM Storwize V5000 family, IBM Storwize V7000, IBM FlashSystem® V9000, and IBM Spectrum Virtualize as Software. Therefore, all recommendations in this paper equally apply to these storage products.
Author: Nikhil Khandelwal
Publisher: IBM Redbooks
ISBN: 0738456861
Category : Computers
Languages : en
Pages : 44
Get Book Here
Book Description
This IBM® Redbooks® publication provides information to help you with the sizing, configuration, and monitoring of hybrid cloud solutions using the transparent cloud tiering (TCT) functionality of IBM SpectrumTM Scale. IBM Spectrum ScaleTM is a scalable data, file, and object management solution that provides a global namespace for large data sets and several enterprise features. The IBM Spectrum Scale feature called transparent cloud tiering allows cloud object storage providers, such as IBM CloudTM Object Storage, IBM Cloud, and Amazon S3, to be used as a storage tier for IBM Spectrum Scale. Transparent cloud tiering can help cut storage capital and operating costs by moving data that does not require local performance to an on-premise or off-premise cloud object storage provider. Transparent cloud tiering reduces the complexity of cloud object storage by making data transfers transparent to the user or application. This capability can help you adapt to a hybrid cloud deployment model where active data remains directly accessible to your applications and inactive data is placed in the correct cloud (private or public) automatically through IBM Spectrum Scale policies. This publication is intended for IT architects, IT administrators, storage administrators, and those wanting to learn more about sizing, configuration, and monitoring of hybrid cloud solutions using IBM Spectrum Scale and transparent cloud tiering.
Author: IBM Storage
Publisher: IBM Redbooks
ISBN: 0738460346
Category : Computers
Languages : en
Pages : 48
Get Book Here
Book Description
The document describes the configuration and end-to-end architecture for configuring the logical air-gap solution for cyber resiliency using IBM® Spectrum Virtualize for Public Cloud (SV4PC) on Azure, IBM Spectrum® Virtualize Safeguarded Copy, and IBM FlashSystem®. This blueprint guide provides the following information: • A solutions architecture and related solution configuration workflows, with the following essential software and hardware components: – IBM FlashSystem – IBM Spectrum Virtualize for Public Cloud on Azure – IBM Copy Services Manager • Detailed technical configuration steps for building the cyber resiliency solutions This technical report does not provide performance analysis from a user perspective or replace any official IBM manuals or documents. This technical paper assumes that the reader is familiar with the following areas: • Basic kowledge of IBM FlashSystem • Azure Cloud fundamentals • Hybrid Cloud network connectivity • IBM Copy Services Manager
Author: Larry Coyne
Publisher: IBM Redbooks
ISBN: 073845513X
Category : Computers
Languages : en
Pages : 82
Get Book Here
Book Description
Enterprises are struggling to provide the right storage infrastructure to keep up with the explosion of unstructured data in addition to facing increased pressure to retain this data for an extended period of time. Object storage is rapidly emerging as a viable method for building scalable big data archiving solutions to address these unstructured data growth challenges. OpenStack Swift is an emerging open source object storage platform that is widely used for cloud storage. IBM® Spectrum Scale V4.2 delivers a fast, highly available, highly scalable shared file system that enables transparent access to files and objects spanning different storage tiers such as flash, disk, and tape. IBM SpectrumTM Archive Enterprise Edition is designed to enable the use of IBM Linear Tape File SystemTM (LTFS) for the policy management of tape as a storage tier in IBM Spectrum ScaleTM to significantly reduce cost. This IBM RedpaperTM publication describes how to create an Enterprise class, low-cost, highly scalable object storage infrastructure with IBM Spectrum Scale 4.2, leveraging OpenStack Swift and IBM Spectrum ArchiveTM. It describes benefits of the solution and provides reference architectures, preferred practices, and runtime considerations. It is suitable for IBM clients, IBM Business Partners, IBM specialist sales representatives, and technical specialists.
Author: Karen Orlando
Publisher: IBM Redbooks
ISBN: 0738441481
Category : Computers
Languages : en
Pages : 286
Get Book Here
Book Description
IBM® Spectrum Control (Spectrum Control), a member of the IBM SpectrumTM Family of products, is the next-generation data management solution for software-defined environments (SDEs). With support for block, file, object workloads, and software-defined storage and predictive analytics, and automated and advanced monitoring to identify proactively storage performance problems, Spectrum Control enables administrators to provide efficient management for heterogeneous storage environments. IBM Spectrum ControlTM (formerly IBM Tivoli® Storage Productivity Center) delivers a complete set of functions to manage IBM Spectrum VirtualizeTM, IBM Spectrum AccelerateTM, and IBM Spectrum ScaleTM storage infrastructures, and traditional IBM and select third-party storage hardware systems. This IBM Redbooks® publication provides practical examples and use cases that can be deployed with IBM Spectrum Control Standard Edition, with an overview of IBM Spectrum Control Advanced Edition. This book complements the Spectrum Control IBM Knowledge Center, which is referenced for product details, and for installation and implementation details throughout this book. You can find this resource at the following website: IBM Spectrum Control Knowledge Center Also provided are descriptions and an architectural overview of the IBM Spectrum Family, highlighting Spectrum Control, as integrated into software-defined storage environments. This publication is intended for storage administrators, clients who are responsible for maintaining IT and business infrastructures, and anyone who wants to learn more about employing Spectrum Control and Spectrum Control Standard Edition.
