IBM Looks to Secure Applications by Design

Big Blue rolls out new application development security offerings to deal with issues at the source.


How to Help Your Business Become an AI Early Adopter


IBM is enhancing its portfolio of application-development security technologies and services this week, offering improved access, source-code analysis and security-assessment services.

The new releases from IBM (NYSE: IBM) include the AppScan Source Code Edition, Tivoli Access Manager and a services capability for source code assessment. With the product rollout, IBM is expanding its efforts to enable enterprises to secure both applications and access.

The AppScan Source Code Edition 7.0 is born from technology that IBM acquired when it bought static-analysis vendor Ounce Labs in 2009. IBM rebranded the Ounce Labs solution as AppScan Source Code Edition earlier this year.

"In this release, we've added further language support for client-side JavaScript, PHP and Perl, so we cover all the major languages now," David Grant, program director of security and compliance solutions at IBM's Rational Software division, told InternetNews.com. "We've also really enhanced the speed and accuracy of the source-code testing and we've embedded the new source results into the AppScan Enterprise console as well."

IBM Rational's AppScan product suite itself was the result of the acquisition of security vendor Watchfire in 2007.

The core AppScan product suite focuses on dynamic application testing, while the new source-code edition is a static-code analysis product. With the AppScan Enterprise product, IBM has a reporting and compliance solution that will now get input from the source-code edition. Using both the standard and the source edition is intended to enable developers to secure code from its earliest stages right through to deployment.

Having the in-house skills to understand a source code assessment isn't always an easy task. That's why IBM is now also offering an Application Source Code Security Assessment service. The new service provides enterprises with IBM consultants who will test applications and provide recommendation to fix issues.

"We've geared up a team that can leverage the technology in a consultative manner to find weaknesses," Marc Van Zadelhoff, director of IBM Security Solutions, told InternetNews.com.

From an access-control perspective, IBM is improving its Tivoli Access Manager product suite to help enterprises tighten the entry points to their systems and ensure compliance with policy. The improvements to Access Management include a user self-care support function, as well as enhancements to federated identity management for cloud deployment use cases.

"So without having to manage partner identities, we're able to connect to business partners and unmanaged applications in the cloud," Ravi Srinivasan, senior product manager of IBM Tivoli Software, told InternetNews.com.

Srinivasan added that IBM has improved the federation capabilities so they now support SAML 2.0 and OpenID type attribute queries. That enables enterprises to integrate a cloud application without the need to push the identities into the cloud, which is important for hybrid private/public cloud deployments.

IBM is also updating Tivoli Security Policy Manager to provide ready-made integration with applications like Sharepoint.

"Tivoli Security Policy Manager provides enterprise with the ability to do fine-grain access control," Srinivasan said.

Rounding out IBM's security updates is a Secure Engineering Framework blueprint for organizations to help build and deploy secure software. The framework is an effort to provide best practices for enterprise application development security

"This is a multidimensional puzzle that our customers are solving, so we're going to continue to innovate across all domains," Van Zadelhoff said.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Tags: IBM, enterprise apps, Tivoli, Rational, AppScan

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.