IBM on weekday launched LinuxOne Emperor II, the second generation of its open supply mainframe system, at the annual Open supply Summit in la.
The new model features a layer of security and privacy not seen in a very Linux-based platform before, the corporate aforesaid.
"We saw in our success stories for Emperor that security was a continual theme attracting new customers to the platform," noted Mark Figley, director of LinuxOne Offerings at IBM.
"Later, our expertise with blockchain -- and specifically being the platform for IBM's premier blockchain giving attributable to our security capabilities -- strengthened that lesson for United States of America," he told LinuxInsider.
LinuxOne Emperor II includes a proprietary Secure Service instrumentality technology that protects knowledge against external threats, moreover as internal threats from users with elevated credentials or from hackers UN agency gain access to associate insider's credentials.
The system is that the most advanced enterprise UNIX platform anyplace, IBM said. It options the quickest micro chip within the business and a singular I/O design with up to sixty four cores dedicated to I/O process.
"LinuxOne may be a extremely built platform with distinctive security, knowledge privacy and restrictive compliance capabilities, combined with a style optimized for knowledge serving and dealing process at extreme scale," aforesaid Ross Mauri, chief of IBM LinuxOne.
Tough Year
More than four billion knowledge records were lost or taken in 2016 -- a 556 % jump from the year before, IBM noted.
Of the nine billion records broken over the past year, solely four % antecedently were encrypted, the corporate aforesaid.
LinuxOne Emperor II's vertically integrated, shared everything style permits it to support a 17-TB MongoDB Enterprise instance in a very single system, with up to ten times higher read/write latency than associate x86 primarily based implementation, in keeping with IBM. that offers applications quicker, safer access to knowledge, whereas permitting bigger scale.
The system additionally provides integrated, pause-less pickup, that permits Java applications to run at the same time. It provides constant dealing process two.6 times that of x86-based systems, which require to prevent workloads to conduct pickup.
Further, the new system provides certified dockhand technology, with integrated management and scale tested with up to two million containers.
"As a service supplier, LinuxOne permits United States of America to line up an entire IT infrastructure capable of supporting lots of users within the blink of a watch for purchasers just like the Plastic Bank," aforesaid Daffo Argent, chief executive officer of the psychological feature manufacturing plant. That cuts the danger of outdoor hacking threats thanks to separate user environments running on the system.
The Open supply issue
"Something being open supply doesn't create it less secure as a result of it's open supply, however it's true that a lot of new-generation open supply comes specialise in capability enablement before they specialise in high-security assurance, particularly within the youth of a project," noted IBM's Figley.
"Security is not the solely factor typically out of focus for associate open supply project in its early stages," he recognized.
"Other enterprise quality of service problems -- like measurability, reliableness associated consistency -- square measure typically targeted on later within the lifetime of an open supply project because it matures," Figley aforesaid.
"We believe that LinuxOne will accelerate the speed of adoption of latest open supply technologies, and permit firms to try to to therefore safely, as a result of the LinuxOne platform will facilitate solve several of the safety, measurability, reliableness and consistency problems at the system level whereas the code layer continues to mature," he explained.
"Certainly with the increase of UNIX and an entire host of different open supply technologies in terribly wide use in enterprises handling terribly essential apps and knowledge, there is not any general concern concerning open supply and security," ascertained urban center bird genus, analysis manager, code outlined cypher, at IDC.
"You extremely need to cross-check vendors and any code project, open or closed, separately," he told LinuxInsider. "Some have excellent security initiatives and rank security, and a few do not. Being open or closed has nothing to try to to thereupon, and you'll notice sensible and dangerous examples in every camp."
Over the Shoulder
The Secure Service instrumentality technology performs one or two of tasks that system directors might do on their own -- however they have a tendency to not on a daily basis, aforesaid Paul Teich, principal analyst at Tirias analysis.
First, it limits access to those licensed in secure service LPAR, (instead of permitting SSH credentials) he told LinuxInsider. Second, it disables direct access to secure containers.
As for IBM's LinuxOne Emperor II security claims, Jeff Williams, chief technology officer at distinction Security, broken a little of cold water on them.
"For application security, the Emperor II has no garments," he told LinuxInsider. "From what I perceive here, Emperor II is instrumentality security. i feel it's increased access management and probably encoding capabilities, however those square measure immaterial at the appliance layer."
The belief that you simply will drop "a vulnerable application into a secure instrumentality and everything are OK," Williams aforesaid, is one in all the foremost "pernicious and dangerous concepts in security."
The correct approach would be to secure the appliance itself, either exploitation IAST to forestall vulnerabilities throughout the event part, or exploitation application runtime protection with RASP to forestall exploits
0 comments:
Post a Comment