Browse Prior Art Database

Control NextGen IT Security Disclosure Number: IPCOM000028746D
Original Publication Date: 2004-May-28
Included in the Prior Art Database: 2004-May-28
Document File: 3 page(s) / 37K

Publishing Venue



"Control ODCS IT Security" is a tactical methodology which provides the appropriate security protection of logical and physical assets that are associated with the delivery of On Demand services. The method defines the security strategies, policies, and procedures for managing the implementation and use by other operational methods used in rendering the services.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 42% of the total text.

Page 1 of 3

Control NextGen IT Security

A method is disclosed that has been designed as a tool to establish, maintain and provide the appropriate security / protection for customer needs within a standardized infrastructure framework that supports multiple customer accounts on shared platforms, disk storage, memory, etc.

On Demand opportunities are expected to grow at a phenomenal rate over the next several years. With growth comes a host of challenges to meet customer processing needs not only as customer's requirements grow, but as demands on the On Demand platform(s) expand to support multiple customers and their growth. Controlling IT security within this environment adds new challenges such as protecting customer data in a shared environment and ensuring appropriate customer access while protecting against intrusions from other customers, hackers, or viruses. The method also defines the process which provides the security protection of logical and physical inventory and assets that are associated with the delivery of IT services. The method also includes the means for communicating security strategies, policies, and procedures within the On Demand support structures, to other IBM / Service Providers and, as required, to the end user of the services.

Through a methods driven approach, best practices for On Demand security can be achieved by establishing policies and procedures that follow a consistent yet tailorable approach in support of this structure. Once the method is enabled, the method continues to provide security protection that meets or exceeds IBM and agreed-to customer requirements. It provides the On Demand customers, on shared devices, with a cost-effective secure environment which rapidly detects and responds to security breaches. Provides for the identification of viruses and the protection of same. Last, provides a method which is designed to stay current with new technology.

Historically, IBM has offered IT Security on mainframe and distributed processing units. This method addresses these concerns. However, this method differs in several ways with the focus on partitioning customers sharing the same physical boxes/connections using Logically Partitioned Processor Mode (LPAR) and Virtual Local area Network (VLAN) technology to separate customers sharing the same server and network connections. The increased security controls required for the On Demand environment has added additional layers of security application testing' and operating system testing to ensure that 'Customer A' can't access or effect 'Customer B' or the hosting environment. It adds an ethical hack testing step and vulnerability scanning to ensure the operating systems or applications can't be readily exploited. This is in addition to network intrusion, hosting intrusion and virus detection controls. It combines a number of separate control approaches in a comprehensive manner to address the changing delivery environment and associated On Demand security...