More companies than ever are moving their IBM i systems to the cloud, and for good reason. There’s mounting proof that cloud-based IBM i systems can run as securely or even more securely than when hosted on-premises in a corporate data center. The key, though, is having the right cloud provider that can walk you through the process, from planning to migration to management.
When choosing a managed cloud service provider, it’s important to make sure it offers the following services to ensure your IBM i is secure in the cloud:
IBM i security and risk assessments and corrective actions
A provider should perform a security risk assessment over your IBM i configuration, produce detailed reports on identified risks, and provide recommendations for addressing vulnerabilities.
Best security practices, standards, and upgrades
Using a security and compliance manager, vendors work with the client to configure and measure system security against recognized best security practices. Many vendors offer IBM i hardening services to reduce vulnerabilities and security risks, eliminate attack vectors, and shrink attack surfaces.
Security monitoring and management tools
Many cloud vendors provide toolsets for managing and controlling system security. Tools also include reporting to produce audit reports for compliance.
Security Operations Center (SOC)
An SOC is the cloud vendor’s organized security command post. It continuously monitors an organization’s security posture to protect, detect, analyze, and respond to cybersecurity incidents. The SOC inventories its cloud devices and security tools, performs continuous proactive monitoring, executes threat responses, performs recovery and remediation activities, performs root cause analysis, logs incidents, and creates compliance reports.
Malware Protection
The IBM i operating system and native IBM i libraries cannot be infected by viruses, malware, or ransomware. However, the IBM i integrated file system (IFS) does store stream files, which can be infected. IFS infection happens when client devices such as Windows PCs map a network drive to an IFS stream file folder. If the PC is infected, it can infect mapped stream file folders on the IFS. Malware can corrupt stored IFS data, cause IBM i applications using stream files to malfunction, and spread the infection to other Windows PCs that map network drives to the IFS.
A cloud vendor can help you design and implement an effective IFS protection system. It is possible to add a layer of protection to the IFS using IBM-provided utilities, open-source software, or other anti-malware software. However, to provide the best level of protection, you need to ensure that every PC or server that has connectivity to the IBM i is secure, up to date on patches, and running approved AV/anti-malware applications with the capability to detect and stop the latest attacks.
PARTNER WITH CLOUDFIRST
It’s beneficial to bring in a trusted partner with experience and expertise in cloud security, who can objectively look at your IBM i operating system and Power System hardware and assess your risks. CloudFirst is an experienced consultant that can identify the risks associated with IBM i and help set up an ongoing management strategy that is highly secure and highly effective.
