Automation is rapidly emerging as one of the key technologies to help organisations navigate through uncertainty, enabling them to improve productivity and redeploy human resources to higher value tasks.
Now it is also helping ensure that organisations operating in regulated industries can remain compliant with local regulations as they move workloads into the public cloud.
Speaking at nextmedia’s webinar Delivering Transformation that Complies – IBM Cloud for VMware Regulated Workloads, IBM’s Chief Technology Officer for IBM IaaS & VMware Solutions Simon Kofkin-Hansen described how IBM’s new VMware-based cloud service used automation to not only ensure workloads were compliant when moved into the cloud, but that they also stayed that way.
“What we found as we built up platforms for banks and insurance industries was when we came down to compliance, it took a lot of time and a lot of individual efforts to make these platforms compliant,” Kofkin-Hansen said. “We have taken all of our experience and bundled it with policy, process and automation to provide a secure platform for financial services partners and clients to meet the needs of their different regulators around the world.”
He said the new platform had been made possible through extensive work undertaken by IBM to map regulated controls to processes within the cloud platform, so that any change made within the cloud could be immediately reflected in terms of its impact on a regulated control. When coupled with automated reporting, this made it possible for regulated entities were instantly aware when they fell out of compliance.
“This can only be achieved through high degrees of automation, both in the installation of the platform, and through high degrees of maintenance and monitoring,” Kofkin-Hansen said.
This also meant that the compliance auditing process, which could often require more than 20 staff and take to four months, could be completed automatically in less than a day.
“So rather than focusing on infrastructure and security concerns, they can focus on developing new products that their clients actually want,” he said.
The IBM Cloud for VMware Regulated Workloads integrates technology from numerous partners to ensure it meets all security requirements, including the HyTrust cloud control platform and Caveonix for compliance auditing and security scanning. Security is also enhanced through implementation of unified security and network policies across both the management stack and workload clusters, accompanied by integrated key control with granular encryption.
According to IBM Australia’s Cloud Chief Information Security Officer, Arnold Simson, the long-term goal was for the cloud platform to be able to dynamically adjust as new standards and controls were introduced, further reducing the burden on administrators.
“So our vision is to be able to automatically reconfigure based on selecting controls from a control library,” Simson said.
He added that in Australia the IBM Cloud for VMware Regulated Workloads supported reporting against the APRA CPS 234 standard, and was hosted in IBM’s multizone region in Sydney, which had undergone IRAP assessment.