As more and more enterprises migrate their data and apps to the cloud, they do so to reap the benefits inherent in assigning the task of managing the infrastructure that is required to support critical application and data to Cloud Service Providers, from cost savings and reduced management to 24/7 around-the-clock support. Yet security is always top-of-mind among IT managers looking to protect their critical data. In an age when phishing expeditions and ransomware attacks pose very serious threats, the cloud has emerged as a safer haven for companies to run their applications and protect their data. In fact, IBM i systems in the cloud are quickly becoming the preferred option for security minded professionals over internally managed on-premise security programs, which heightens vulnerabilities to intrusion and other physical security concerns.
With security the top priority, we’ve put together a helpful list of security functions and features to explore when considering contracting with a vendor for IBM i cloud hosting. We hope you find this checklist helpful as you consider an IBM i systems contractor.
Cloud Data Center Security Setups for IBM i:
Where your IBM i system is hosted makes the world of difference. Regulators, insurance companies and everyone with a vested interest in the data environment stipulate that servers reside in a secure environment with controlled access, fire prevention and suppression, and adequate cooling. Cloud vendors go beyond these requirements, hosting power systems in hardened concurrently maintainable and fault tolerant (Tier 3) data center environments. Not all cloud data centers meet these requirements. In addition, cloud data centers should feature: redundant power (free from voltage fluctuation); at least two redundant telecommunications lines from separate providers; redundant network equipment that includes switches, routers, edge servers are firewalls; IBM i backup and recovery systems featuring structured daily, weekly, monthly and yearly backup with retention capabilities that match your preferred retention standards; and Disaster Recovery (DR), High availability (HA), and Disaster Recovery as a Service (DRaaS). These are all essential components of a fully qualified, functional IBM i hosting vendor.
Network Infrastructure Security for IBM i:
Ensuring that the network and Internet security structure in which IBM i cloud servers operate is of paramount importance in selecting an IBM i contractor. It’s essential to make sure that the network infrastructure under consideration includes complete edge security from managed firewalls and virtual private networks (VPNs) to intrusion detection and prevention systems and penetration testing services. It should also feature zero-trust network access, 24/7 IBM i monitoring capabilities, infrastructure patching and upgrade schedules, as well as scheduled IBM Power System and IBM i upgrades. These are all critical components in selecting a qualified vendor.
IBM i System Access Security:
Security is all about ensuring IBM i access by the appropriate parties for the right data, and blocking unauthorized access. The right vendor can help in configuring your servers to be more secure than an on-premises configuration. Access security features should include: Enabling IBM i security journaling (QAUDJRN) for auditing and forensic analysis, which collects security event entries; setting up IBM i security in the cloud, where customers can choose whether they want to configure and monitor security themselves, or have their vendor manage, respond to and report on security issues; and enabling multifactor authentication (MFA), to ensure that users provide two or more verification factors in order to access IBM i resources.
IBM i Data Security:
How cloud vendors protect your IBM i data is essential in ensuring flawless security of your critical stored information. They can achieve this in a variety of ways ranging from encryption at rest and in transit data, to access monitoring and management solutions to detect unplanned interruption to an IT service. Other ways to ensure IBM i data security include utilizing Artificial Intelligence (AI) and Machine Learning (ML) to detect anomalies in their network, as well as relying on the vendor’s security policies and procedures to allay any fears about the vendor not being able to secure your valuable data in the IBM i network.
Cloud Provider Security Services for IBM i:
Cloud Service Provides should also provide additional services to secure their clients’ IBM i systems. These services often include: providing IBM i security and risk assessments and corrective mitigation actions; providing recommended security best practices, security standards, implementing security upgrades, and assist in hardening your IBM i system; providing security monitoring and management tools to manage and report on your IBM i services; and providing a Security Operations Center (SOC) — essentially a security command post to monitor the entire environment for security events for every organization it services.
Malware Protection for Your IBM i:
IBM i security providers should assist with protecting your IBM i cloud-based integrated file system folders and files from intrusion, including malware, viruses and ransomware attacks. While IBM i operating systems and native IBM i libraries can’t be infected by viruses, malware, or ransomware, the IBM i integrated file system (IFS) stores stream files, and those files can be infected. The right cloud vendor can help you implement an effective IFS protection program. You should make sure that every PC or server that has connectivity to the IBM i is secure, current with patches and running approved anti-malware applications with
the ability to detect and stop any attacks.
Now more than ever, in today’s challenging security environment, it’s important to work with an IBM i vendor who is up to date with the latest security solutions and strategies to protect your valuable data and applications. Contact CloudFirst. to discuss your needs for IBM i security expertise and let a representative show you how you can seamlessly move your data and applications to the cloud for optimal security, maximum efficiency, and peace of mind.