IBM has signed an agreement to acquire Spanugo, a specialist in Cybersecurity Posture Assurance. The price and other details of the acquisition have not been revealed. IBM is to integrate the Spanugo software into its public cloud. Spanugo’s ASAP product will help customers deliver coherent security policies that are compliance aware and fully auditable.
Howard Boville, SVP, Cloud, IBM said: “IBM is committed to building the industry’s most secure and open public cloud for business. With the acquisition of Spanugo, we have taken another major step in advancing IBM’s differentiated capabilities in security and compliance for our enterprise clients, including those in highly regulated industries.
“Bringing Spanugo’s technology into our financial services public cloud will help provide our clients with evidence of their ongoing compliance, in real-time.”
What is Cybersecurity Posture Assurance?
Cybersecurity Posture refers to the strength of an organisations cybersecurity. It is not about the individual elements such as tools, processes, audits or policies, but what they deliver as a whole to your entire IT infrastructure.
For companies that work in regulated industries, it is a significant challenge. Companies often face multiple compliance requirements. Some of those overlap and are contradictory. It makes creating and enforcing security controls complicated.
Spanugo ASAP provides continuous automated verification of security controls against policies. It supports all elements of on-premises and cloud environments from applications to operating systems. It also supports the security policies for physical components such as switches, firewalls and servers.
Importantly, and one of the likely reasons that IBM has acquired the product, it has built-in support for several compliance regulations. That includes PCI, HIPAA, NIST and CIS which come with the product. ASAP can also be extended to support other regulations as they are introduced. Spanugo’s ASAP also delivers a range of audit reports that can prove the cybersecurity posture of an organisation.
Last year, IBM introduced its financial services cloud. This acquisition will provide a set of controls around which financial services companies can secure their complete IT environment.
Enterprise Times: What does this mean
As organisations continue to move away from controlled on-premises environments, they struggle with cybersecurity controls. The IT landscape now includes multiple platforms such as on-premises and multi-cloud. It creates an increased risk of gaps in security controls. Add new technologies such as containers and automation along with increasing compliance requirements, and the risk of a mismatch or misconfiguration increase.
By acquiring Spanugo, IBM is providing customers with an automated solution to bring all their security controls into a single place. The compliance awareness of ASAP and its automation capabilities will appeal to many of IBM’s multinational clients. It will allow them to create consistency across all their platforms and reduce the risk of regulatory failure.