blueSecure is a cloud extension enabling IBM as a public cloud provider to evaluate the security of hosted applications and protect them against malicious clients.

blueSecure extends the cloud by methodically collecting and considering specific security related data about each hosted application including its structure, processes, interfaces, behavior etc. Using this unique white-box approach, the blueSecure application-aware cloud extension is able to automatically detect when a hosted application does not meet a needed security level or is under attack requiring: deployment of a necessary protection measure, sending of an alert to the DevOps and/or informing the cloud Security Operation Center (SOC).

Current public clouds offer a generic service which is not tailored to any specific hosted application. Generally speaking, public cloud providers consider each hosted application as a black-box – i.e. the provider avoids analyzing and deriving decisions based on the application's specifics. This approach have many important operational benefits, but at the same time limits the ability of cloud providers to add value to users. One area where this limitation is evident is application security and compliance – by default, a public cloud offers little more than a baseline security level (e.g. a limited firewall protection) to hosted applications. As a result of this cloud limitation, application security remains the responsibility of cloud users.

Although cloud users and their respective development and operation teams (DevOps) should design, deploy and run secure cloud applications, In practicality, majority of cloud applications are security-wise ill-designed and ill-operated. The current wide spread adoption of modern DevOps practices which include nearly continuous development and deployment cycles, focus DevOps attention to application functionality and away from non-functional requirements such as security. The above described service limitations of cloud providers and practices of cloud users therefore make up for an innate security weakness. blueSecure compensates for this weakness by enabling cloud providers to offer a better tailored application security.


David Hadas, IBM Research - Haifa