IBM Adds Compliance to Management Framework

IBM has extended its IBM Cloud Pak for Multicloud Management offering for managing legacy IT environments from a Kubernetes cluster to now include compliance controls.

Sai Zeng, a member of the principal staff for IBM Research, says the goal is to make it possible for IT organizations to employ a single control plane to manage both legacy IT environments based on monolithic applications as well as emerging cloud-native applications.

Designed to be deployed on an instance of Red Hat OpenShift, version 2.0 of IBM Cloud Pak for Multicloud Management adds the ability to programmatically enforce policies as code on a platform that leverages artificial intelligence (AI) to automate IT operations, otherwise known as AIOps. By extending AIOps to address compliance issues, each policy is now effectively a microservice that can be updated and managed in isolation as required, notes Zeng.

Compliance states, resources, controls and other critical compliance data elements are captured in the Hybrid Compliance Posture Collector and Datastore that has been added to the IBM Cloud Pak for Multicloud Management, she says.

In addition, a continuous resolution pattern has been added to the platform that increases overall operational efficiency while simultaneously reducing the size of the attack surface. A risk analyzer based on the Common Vulnerability Scoring System (CVSS) surfaces issues, but the platform goes beyond CVSS to analyze whether an attacker is actively weaponizing a specific set of vulnerabilities, says Zeng.

That capability can be applied to legacy applications by creating a data structure representing an instance of a virtual machine that is defined as a Customer Resource Definition (CRD) on a Kubernetes cluster running Red Hat OpenShift. The compliance policy is digitized as a custom resource that can be read by both humans and a machine. That approach allows a policy to be executed in two modes: an inspection involving only a scan and a more rigorous enforcement mode. The policy execution is orchestrated through a VM Operator that IBM created to monitor and act on the VM resources. Under the covers, the VM Operator instruments Ansible to connect to the target VMs and invoke the playbooks.

IBM also plans to extend this model using Operators that would enable IT teams to leverage playbooks created using frameworks other than Ansible.

Ultimately, Zeng says any type of legacy IT environment can be managed in near real-time alongside a Kubernetes environment using a control plane based on a common set of tools, command-line interfaces (CLIs) and application programming interfaces (APIs). That’s critical at a time when many organizations are looking to reduce the total cost of IT by centralizing the management of multiple IT environments as part of a larger transition to hybrid cloud computing. With each additional cloud platform an IT organization adopts the total cost of IT only increases.

It’s been apparent for some time the management of IT, security and compliance is converging. There may never come a day when humans are not required to manage complex IT environments. However, the days when specialists were needed for each function and platform have come to an arguably overdue end.

Mike Vizard

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 962 posts and counting. See all posts by Mike Vizard