blueSecure is a cloud extension that enables IBM as a public cloud provider to evaluate the security of hosted applications and protect them against malicious clients.

blueSecure extends the cloud by methodically collecting and considering specific security related data about each hosted application including its structure, processes, interfaces, behavior, etc. Using this unique white-box approach, the blueSecure application-aware cloud extension can automatically detect when a hosted application does not meet a needed security level, or is under attack requiring deployment of a necessary protection measure, sending an alert to DevOps and/or informing the cloud Security Operation Center (SOC).

Current public clouds offer a generic service, which is not tailored to any specific hosted application. In general, public cloud providers consider each hosted application as a black-box (i.e. the provider avoids analyzing and deriving decisions based on application specifics). This approach has many important operational benefits, but at the same time limits the ability of cloud providers to add value to users. One area where this limitation is evident is application security and compliance – by default, a public cloud offers little more than a baseline security level (e.g., a limited firewall protection) to hosted applications. As a result of this cloud limitation, application security remains the responsibility of cloud users.

Although cloud users and their respective development and operation teams (DevOps) should design, deploy, and run secure cloud applications, most cloud applications are ill-designed and ill-operated security-wise. The current widespread adoption of modern DevOps practices, which include nearly continuous development and deployment cycles, focus DevOps attention to application functionality and away from non-functional requirements such as security. The abovementioned service limitations of cloud providers and practices of cloud users therefore make for innate security weakness. blueSecure compensates for this weakness by enabling cloud providers to offer better tailored application security.


David Hadas, IBM Research - Haifa