As more corporations consider moving their IBM i systems to the cloud, a common concern has emerged: that their systems will be less secure than they are on-premises. One of key concerns is secure access—keeping unauthorized users out of your IBM i and maintaining control over what authorized users can do once they’re logged in.
Cloud vendors can help control IBM i access from your corporate network to your cloud-based IBM i servers in the following ways:
Advising and configuring IBM i system security—Cloud vendors can assist in configuring your IBM i servers to be more secure than they are in an on-premises environment. A cloud vendor can provide or assist in setting up the following security features.
- Enabling IBM i security journaling (QAUDJRN) for auditing and forensic analysis—QAUDJRN collects security event entries. Security events can be analyzed and reported on locally on your IBM i. Security journal entries can also be exported to and analyzed by a security information and event management (SIEM) system inside your corporate network or hosted in the cloud environment.
- Setting up IBM i security in the cloud—Customers can choose whether they want to configure and monitor their IBM i security themselves or have their cloud vendor manage, respond to, and report on IBM i security issues. Vendors can setup and monitor IBM i security for their customers, including system security, password security and control, and exit point security for access control, such as limiting FTP, data transfer, and sign-on access.
- Enabling multi-factor authentication (MFA)—Cloud vendors can help enable and maintain MFA to ensure that users provide two or more verification factors to access cloud-based IBM i resources.
Authorizing corporate locations to access the IBM i cloud servers—Vendors can configure site-to-site IPSEC VPN connections so that all devices on your corporate subnets are authorized to securely reach your cloud-based systems. This connectivity can extend to all locations inside your organizational network.
Application, device, browser, and client-based terminal access to cloud-based i servers—After authorizing your corporate network to access cloud IBM i systems, all devices in your internal network will be able to access your i servers, including:
- Terminal emulation users running IBM i access client solutions or other emulation software
- Web-browser access
- Stand-alone terminals, printers, scanners, copiers, and IoT devices
- User device application access for retrieving IBM i data on desktop and mobile devices, using protocols such as ODBC, OLE DB, JDBC, FTP, etc.
Single sign-on enablement for network users—Cloud vendors can advise and help users configure single sign-on access to their IBM i systems, consolidating the number of passwords that users must remember and utilizing the user’s network password to access their IBM i resources.
Controlling IBM i access for work from home (WFH) users and other remote users—With the recent rise in WFH usage, cloud access providers can help secure remote access in several different ways, including:
- Providing VPN access to IBM i systems for virtual desktop (VD) users—The entire VD hosting environment can be connected to your cloud-based IBM i server environment. This setup allows remote users to sign into a virtual desktop and access their i-based resources the same way they would sign in from inside the corporate network. They can take advantage of all the same IBM i access and security capabilities that internal network users enjoy.
- VPN access for individual users—WFH users not using virtual desktops can securely log in to their IBM i network using standard SSL VPN software. Once inside the secured cloud environment, they can access all IBM i resources as an extension of their remote location.
Is your organization ready to move your IBM i servers to the cloud? CloudFirst has been assisting business, government, education and healthcare industries in the migration process for years, reducing capex while enabling the highest level of security to protect their data. Contact us today for your free IBM i security assessment.
