There’s no doubt that cybersecurity has become the #1 challenge faced by IT departments today. And, with more and more companies moving workloads to the cloud, there are some real questions about what cloud computing security issues and challenges can be expected.
Which cloud security challenges and risks an enterprise will face, and how they can be effectively dealt with, will depend partly on the platform being used. So let’s take a specific example, looking at IBM i cloud hosting solutions.
Trends Among IBM i Professionals
A recent survey of IT professionals in the IBM i space indicates growing concerns with diverse security challenges. Importantly, these concerns do not signal defects in the platform—see below—but rather a growing awareness of broader security issues and increasingly shared responsibility for security.
The survey, conducted every year by data management company Syncsort , asks these professionals to list their top challenges, strategies, technologies, and best practices regarding platform security. In their most recent survey, more than a third of respondents listed “Security” as one of the top five priorities for IT in the coming year.
In fact, security out-ranked disaster recovery, application upgrades, and data governance as a top IT concern.
But is security more of a concern, or less, when moving to the cloud? And what are the security challenges for cloud computing, specifically? Here is the breakdown of the percentage of survey respondents listing each of the following concerns as one of their top 3 security-related challenges:
26% Adoption of cloud services
25% Growing complexity of regulations
23% Data becoming increasingly distributed
20% Securing data from new internal/external sources
17% Insufficient IT security staffing
Security becomes even more of a priority in multi-cloud environments . IBM’s own Institute for Business Value found, in a separate study, that 57 percent of all multicloud managers surveyed worry about security and compliance.
In other words, concerns about security and the cloud go hand in hand, and they’re being made more challenging by a more complex regulatory environment, the sheer volume of data being created from multiple sources, and the growing IT skills gap.
Addressing the Broader Cloud Security Challenges and Risks in IBM i
IBM’s cloud solutions provide a robust group of security services and features that can be used to secure the environment, and the apps and data that reside there.
Here’s just a short list of some of these services and features:
- A rich set of integrity controls, preventing applications from accessing control blocks and data that, based on security rules, they shouldn’t be allowed to access.
- Cloud Hyper Protect Crypto Service, designed to provide encryption key management with a dedicated cloud hardware security module (HSM).
- Data Shield, which encapsulates critical objects and data in ”enclaves” and enforces stringent object-specific access rules. Data processed in an enclave is visible only to the application and not visible to the OS or any entities not authorized by the application.
- Machine interface (MI) object-based architecture, which builds in things like security checks and locking from the beginning.
- NAT and IP Packet Filtering, giving enterprises full control over who can access the system and who cannot, based on their IP address.
- Frequent system checking to detect and restore programs that might have been altered.
- A simple, unified dashboard with built-in monitoring capabilities so that you can keep on top of system security in real-time .
IBM i Security Levels
IBM is also well known for a well-documented series of security levels, allowing each organization to determine the exact degree of security and protection needed.
One great feature about the levels approach is that it protects equally against external threats and less nefarious internal tampering. While we tend to think of security challenges as coming from malicious hackers or unscrupulous competitors, there is also a great deal of risk around accidents and mistakes by authorized users. IBM i’s security features also guard against these.
The levels of security are:
Level 10: No security protection (not recommended)
Level 20: Password security
Users who need to access the system must have a password and user ID that the system recognizes. These are created and managed by the sys admin. Once a user has access, they have the freedom to access all tools and data.
Level 30: Password and resource security
Users still need a recognized password and user ID but no longer have automatic access to everything on the system. The sys admin defines what they can and cannot access, based on explicit security policies.
Level 40: Integrity protection
As level 30, but with added integrity protection functions, such as the validation of parameters for interfaces to the operating system. These help protect the system (and the objects on it) from tampering by experienced system users. For example, user-written programs cannot directly access the internal control blocks. Level 40 is the default security level for every new installation and is the recommended security level for most installations.
Level 50: Advanced integrity protection
Advanced integrity protection includes further restrictions, such as the restriction of message-handling between system state programs and user state programs. Users only have access to data on the system, not information about the system itself. Level 50 is the recommended level of security for most businesses, because it offers the highest level of security currently possible.
Choosing a Provider to Minimize Cloud Security Challenges and Risks
Again, every cloud platform approaches security a little differently. Coordinating security efforts between clouds in a multi-cloud environment can be even more challenging. This is why it is important to have a partner, like Connectria, that is platform agnostic and can guide you through the process of securing and integrating your cloud environments.
That said, there are still plenty of reasons why you should move your IBM i infrastructure to the cloud. You can get started by speaking with one of our IBM i experts.