As more organisations consider moving their IBM i systems to the cloud, a common concern has emerged: that their systems will be less secure than they are on-premises. One of the key concerns is secure access – keeping unauthorised users out of your IBM i and maintaining control over what authorised users can do once they're logged in.

Cloud vendors can help control IBM i access from your corporate network to your cloud-based IBM i servers in the following ways:

Advising and configuring IBM i system security – Cloud vendors can assist in configuring your IBM i servers to be more secure than they are in an on-premises environment. A cloud vendor can provide or assist in setting up the following security features.

Enabling IBM i security journaling (QAUDJRN) for auditing and forensic analysis – QAUDJRN collects security event entries. Security events can be analysed and reported on locally on your IBM i. Security journal entries can also be exported to and analysed by a Security Information and Event Management (SIEM) system inside your corporate network or hosted in the cloud environment.

Setting up IBM i security in the cloud – Customers can choose whether they want to configure and monitor their IBM i security themselves or have their cloud vendor manage, respond to and report on IBM i security issues. Vendors can set up and monitor IBM i security for their customers, including system security, password security and control, and exit point security for access control, such as limiting FTP, data transfer and sign-on access.

Enabling multi-factor authentication (MFA) – Cloud vendors can help enable and maintain MFA to ensure that users provide two or more verification factors to access cloud-based IBM i resources.

Authorising corporate locations to access the IBM i cloud servers – Vendors can configure site-to-site IPSEC VPN connections so that all devices on your corporate subnets are authorised to securely reach your cloud-based systems. This connectivity can extend to all locations inside your organisational network.

Application, device, browser and client-based terminal access to cloud-based i servers – After authorising your corporate network to access cloud IBM i systems, all devices in your internal network will be able to access your i servers, including:

  • Terminal emulation users running IBM i Access Client Solutions or other emulation software
  • Web browser access
  • Stand-alone terminals, printers, scanners, copiers and IoT devices
  • User device application access for retrieving IBM i data on desktop and mobile devices, using protocols such as ODBC, OLE DB, JDBC and FTP

Single sign-on enablement for network users – Cloud vendors can advise and help users configure single sign-on access to their IBM i systems, consolidating the number of passwords that users must remember and using their network password to access IBM i resources.

Controlling IBM i access for work-from-home (WFH) users and other remote users – With the recent rise in WFH usage, cloud access providers can help secure remote access in several ways, including:

  • Providing VPN access to IBM i systems for virtual desktop (VD) users – The entire VD hosting environment can be connected to your cloud-based IBM i server environment. This setup allows remote users to sign into a virtual desktop and access their i-based resources just as they would from inside the corporate network. They can take advantage of all the same IBM i access and security capabilities that internal network users enjoy.
  • VPN access for individual users – WFH users not using virtual desktops can securely log in to their IBM i network using standard SSL VPN software. Once inside the secured cloud environment, they can access all IBM i resources as an extension of their remote location.

Is your organisation ready to move your IBM i servers to the cloud? CloudFirst has been assisting businesses, government, education and healthcare organisations in the migration process for years, reducing CAPEX while enabling the highest level of security to protect their data. Contact us today for your free IBM i security assessment.