With many predicting big things for cloud computing in 2009, it was no surprise to see IBM make a slew of announcements regarding its hosted operations during their Pulse service management conference in Las Vegas, Steve Evans writes.

The Armonk, New York-based company announced partnerships with Juniper and Amazon as well as a new drag and drop interface for its Tivoli systems management engine that is said to enable businesses to manage their cloud infrastructures just as they do their data centre resources.

IBM also announced a new platform, called The Service Management Center for Cloud Computing, which the company says can provide users with a platform from which they can build and deliver cloud services.

This new service is underpinned by Tivoli Provisioning Manager 7.1 and the new Tivoli Service Automation Manager, which aims to automate the deployment and management of computing clouds.

Despite all the hype surrounding cloud computing, the issue of security is one debate that will not go away. It is regularly flagged as one of the potential stumbling blocks to widespread cloud adoption.

Kristof Kloeckner, recently appointed to the role of IBM’s cloud computing CTO, introduced the new cloud strategy at a press conference during Pulse 2009 and attempted to ease worries over security in the cloud.

He said: “We’ve developed some interesting technologies that allow the separation of applications and data on the same infrastructure. We guarantee the security through Tivoli Security and Identity Management and Authentication software, and we also ensure the separation of workloads through the separation of the virtual machines and also the separation of client data in a shared database.”

Speaking to CBR after the press conference, Kloeckner went into more detail about IBM’s cloud security offering.

“Security is not essentially any different from securing any kind of open environment; you have to ensure that you know who accesses it and control their rights. We have security software that allows you to manage identities from an organisational model, from whoever is entitled to use a particular service. We can actually ensure that best practices are followed,” Kloeckner said.

Kloeckner added that most people do not realise just how vulnerable they really are. He said: “Most people, unless forced by regulations, usually treat security as a necessary evil. They say it’s very high on their list, but if you really scratch the service, it’s not obvious to me that best practices are followed.”

This is particularly true for smaller businesses, Kloeckner said, who are less likely to build their own solution. This is where IBM comes in, he believes.

“Why not take a solution from someone who in some sense can guarantee with their name that at least best practices are followed?” Kloeckner asked. “Service providers are much more likely to secure you than you would yourself, assuming they follow best practice.”

IBM has released Rational AppScan 7.8, which it claims can help enable customers to mitigate risk and lower costs of conducting business on the web. The On Demand version of the platform offers continuous monitoring of web services, providing an ongoing analysis of cloud-based applications.

Rational AppScan is also said to offer customers a better understanding of where security vulnerabilities are located, enabling them to put measures in place to eliminate further risk.

“Things can and do go wrong,” said Kloeckner. “But having the right management software in place to detect what can go wrong is very important.”