IBM Cloud Docs
Integrating Power Virtual Server with IBM Cloud Security and Compliance Center Workload Protection

Integrating Power Virtual Server with IBM Cloud Security and Compliance Center Workload Protection

IBM Power Virtual Server in IBM data center

IBM Cloud® Security and Compliance Center Workload Protection offers a comprehensive suite of security solutions to help your organization secure its cloud environments. Security and Compliance Center Workload Protection centrally manages your organization’s security, risk, and compliance with regulatory standards and industry benchmarks. For more information about Security and Compliance Center Workload Protection, see Getting started with IBM Cloud Security and Compliance Center Workload Protection.

In highly regulated sectors such as financial services, continuous compliance in the cloud environment is crucial to protect customer and application data. Cloud Security Posture Management (CSPM) is one of the key features of the Security and Compliance Center Workload Protection service. When this feature is enabled in your workspace, the CSPM ensures that automatic compliance checks are integrated in your development workflow to mitigate such risks on a daily basis.

IBM Cloud® Security Posture Management (CSPM)

CSPM accelerates hybrid cloud adoption by verifying security and regulatory compliance with automated compliance checks for IBM Cloud Framework for Financial Services, Digital Operational Resilience Act (DORA), CIS IBM Cloud Foundations Benchmark, PCI, and many other industry-related or best practice standards. For more information, see About IBM Cloud Security Posture Management (CSPM). CSPM helps with:

  • Continuous validation of compliance
  • Vulnerability prioritization
  • Detection and response to runtime threats
  • Forensics and incident response

You can enable the CSPM feature in your new and existing Power Virtual Server workspaces. CSPM provides a unified platform to manage security and compliance across hybrid and multicloud environments and services.

Integrating CSPM with Power Virtual Server workspaces

To integrate Power Virtual Server with Cloud Security and Compliance Center, enable Cloud Security Posture Management (CSPM) feature in your existing or new workspaces:

Enabling CSPM in a new workspace

To enable CSPM in a new Power Virtual Server workspace, complete the following steps:

  1. Log in to the IBM Cloud catalog with your credentials.

  2. In the search box, type Power Virtual Server and click the Power Virtual Server tile.

  3. Click Create a workspace.

  4. Select IBM data center as the location type.

  5. Select an IBM data center from the Location drop-down list and click Continue.

  6. In the Details section, provide a name for the workspace and select the resource group from the Resource group drop-down list. You can optionally provide User tags and Access management tags for the workspace.

  7. Click Continue. The selected workspace details are displayed on the Summary page.

  8. In the Integrations (Optional) section, note that the Cloud security posture management toggle switch is enabled by default. To disable CSPM, set Cloud security posture management to off.

  9. Click Finish. The selected workspace details are displayed on the Summary page.

  10. Select the I agree to the Terms and conditions checkbox and click Create.

Integration costs are usage based and vary based on the hourly consumption for nodes and virtual machines. You can review the estimated cost on the Summary page. To review the cost associated with CSPM, see Security and Compliance Center Workload Protection in IBM Cloud catalog.

Enabling CSPM in an existing workspace

To enable CSPM in an existing Power Virtual Server workspace, complete the following steps:

  1. Log in to the IBM Cloud Power Virtual Server user interface.

  2. Click Workspaces in the left navigation menu.

  3. Select the workspace on which you want to enable CSPM. The Workspace details pane is displayed.

  4. To enable CSPM, click Add CSPM in the Integrations section. The Add cloud security posture management pane is displayed with the predefined SCC Workload Protection instance, Trusted profile, and App Configuration instance.

  5. Click Edit to change the name, location, and plan for the CSPM instance, and click Save.

  6. Click Create.

Workload Protection agent in Linux® and AIX® on Power Virtual Server

After you provision an instance of the Security and Compliance Center Workload Protection service in IBM Cloud, you can deploy the Workload Protection agent on your Linux or AIX hosts on IBM® Power® Virtual Server. To provision an instance of Workload Protection, see Provisioning an instance.

Workload Protection provides the following features to protect your stand-alone Linux or AIX hosts on Power Virtual Server.

Workload Protection agent features
Feature On Linux hosts On AIX hosts
Posture management Scans host configuration files for compliance and benchmarks such as CIS Linux Benchmark Scans host configuration files for compliance and benchmarks such as CIS AIX Benchmark
Host scanning Scans host packages, detects associated vulnerabilities, and identifies the resolution priority based on available fixed versions and severity
Threat detection and response Identifies threats and suspicious activity based on application, network, and host activity by processing syscall events and investigates with detailed system captures

For more information about managing and deploying the Workload Protection agent on your Linux hosts, see Managing the Workload Protection agent in Linux on PowerVS.

For more information about managing and deploying the Workload Protection agent on your AIX hosts, see Managing the Workload Protection agent in AIX on PowerVS.