Businesses make the decision to migrate their systems to the cloud for numerous reasons. Housing data and apps on the cloud allows them to streamline their operations, it enhances efficiencies, and it takes the burden off of IT teams who monitor systems on-site. Transitioning to the cloud also keeps business costs down.
Securing IBM i when migrating to the Cloud, has yet to be among the most important reasons businesses opt for cloud services. Cloud services can protect data from infiltration, and with systems stored offsite, it keeps data protected in the event of a natural or man-made disaster
For a myriad of reasons, the cloud just makes sense. Once businesses acknowledge all the positive aspects of cloud services, it’s easy to embrace it.
Now that you’ve made the important decision to migrate your IBM i systems to the cloud, it’s time to prepare your business for the actual transition. In migrating IBM i systems to the cloud, there are a variety of considerations to keep in mind prior to, during and after the move takes place.
Not surprisingly, security is a crucial aspect of making the transition to the cloud. Keeping your systems safe is among the highest priorities in gravitating to cloud; CloudFirst works with each client every step of the way to outline what’s needed from all parties — and to ensure that the migration process proceeds seamlessly, efficiently, and securely.
Understanding the security requirements needed to make a smooth transition to cloud services
First and foremost, it’s important for security planning to make sure that all company stakeholders are on board and in sync prior to making the transition to the cloud.
This means that the Chief Security Officer, or CSO/CISO, and the entire security team need to understand and confirm that the project will meet all company security requirements.
These requirements should be clearly spelled out as the organizations data and application programs migrate to CloudFirst Cloud Services.
It’s also essential to ascertain what security requirements will be needed to make a smooth transition to cloud services. Since every business is different, chances are there are a number of security-related configurations, set-ups and approvals that must be prepared and configured as you adopt new cloud-based services.
Your company Security Team and Compliance office should be engaged to ensure that your CloudFirst cloud offerings meet these security criteria.
Virtual Private Networks (VPNs) are commonly used to provide secured access for users, business locations. As you prepare to migrate your systems to cloud services, it’s important to ascertain whether your IBM i will require any individual SSL or site-to-site IPSEC VPN connections that will need to be configured prior to migration.
Also prior to migration, determine whether you will need any Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificates to be installed and used on your cloud IBM i.
Inventory your SSL/TLS or other security certificates at this point, noting the Certificate Authority they were obtained from, expiration dates, and any other relevant information.
PUBLIC FACING IP ADDRESSES
This is also the time to determine whether any of your IBM i servers need public IP addresses. Do you have requirements for a separate network (DMZ) or Front-End servers? Inventory what public IP addresses are currently in use, what systems need them, and what ports need to be opened to access those IP addresses. New public addresses will need to be assigned and will require DNS configuration changes.
IBM i EXIT POINTS AND EXIT PROGRAMS
Exit points and exit programs provide additional access, processing and connection security for IBM i functions and programs. For example, exit point programs may be written to determine whether a user should be able to access FTP, whether a user can access the system using ODBC, or to provide additional sign-on restrictions. CloudFirst can assist with Exit Point configurations to enhance system security as part of the ezSecurity solution options and assist with a strategy for testing these system changes.
IBM i SECURITY PRODUCTS
Is your business using any IBM I licensed or third-party security products to control server access? Inform CloudFirst about which, if any, security products are used on your IBM i, and what functionality they provide. If you are not running any security products, CloudFirst will include this functionality as part of the ezHost/ezSecurity solution.
IBM i MFA
Additional security can also be provided using authentication techniques such as two-factor authentication (2FA) or multi-factor authentication (MFA). Let your provider know now whether you have an active MFA implementation, or if you are interested in implementing one.
LEGAL, GOVERNMENT, REGULATORY, AND AUDIT COMPLIANCE
Will your CloudFirst IBM i servers be covered under any existing legal, government, or regulatory compliance or frameworks such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standard (DSS), General Data Protection Regulations (GDPR) or any other compliance requirements? Some laws and regulations will require certain IBM i or network configurations.
Please work with your company’s audit and compliance officers to determine if there are security and assessment guidelines that must be followed your new IBM i Cloud Services.
Is your company currently using IBM or third-party software to encrypt system data, data fields, and/or system backups? Please review packages that are using IBM i-based encryption services, as encryption may have an impact on your migration and needs to be planned for carefully. Some cloud service providers like CloudFirst also offer Encryption at Rest standard with all hosting packages.
SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) CAPABILITIES
Are your firm’s IBM i servers running any software that interfaces with SIEM systems for enterprise-wide monitoring and reporting? If so, what IP address or DNS name is the software interfacing with, as new firewall configurations may be needed to continue SIEM integration?
OTHER COMPANION SERVERS AND SERVICES
It’s also important at this time to inventory whatever Internet services and servers that your IBM i systems are attaching to, as you will need to test these connections after implementation.
CLIENT HARDWARE SECURITY DEVICES
You should also determine whether there are any unique client devices required for the Cloud environment, such as firewalls, SD-WAN devices, load balancers or other client equipment, that will need to be implemented before the IBM i is fully migrated to the cloud and the system goes live.
As mentioned, securing IBM i when migrating to the cloud is among the top reasons why companies migrate their IBM i systems to a qualified cloud provider. Talk to a CloudFirst representative about the benefits of migrating your IBM i systems to the cloud, and how CloudFirst will work closely with your team to ensure the secure transfer of data and apps, while assuring a smooth and seamless transition to CloudFirst Cloud Services.