As you consider taking your IBM i to the cloud, cybersecurity will no doubt top your list of concerns. And for good reason. It’s important to remember that the cloud is essentially a euphemism. Your sensitive data is being sent to someone else’s server, and that server has a physical location somewhere.
Just like on-prem cybersecurity, IBM i cloud security can be divided into two parts:
- Regulatory restrictions
- Securing your cloud server
In this article, we help you get a handle on critical IBM i cloud security considerations as you plan for the future of your data center.
Regulatory Restrictions
Fortunately, cloud providers now allow you to choose a preferred region where you want your cloud workload to reside. But regulatory restrictions vary greatly from country to country. If your business and applications involve data that flows in and out of different countries and their associated borders, you need to be aware of three things:
- Data residency
- Data sovereignty
- Data localization
When looking to deploy your IBM i application in the cloud, it’s important to carefully consider all three before choosing your region.
What Is Data Residency?
Data residency relates to where a business specifies that their data is stored. This is in reference to a physical, geographical location usually for regulatory or policy reasons. Data residency is commonly associated with tax laws, where it may be more advantageous to store data in one country instead of another.
When looking to take advantage of data residency, you will need to satisfy the regulatory body that a large portion of your business—including data processing—takes place in the designated country. You may also be dictated to regarding the infrastructure you must use to remain compliant and to receive the financial benefits.
What Is Data Sovereignty?
Data sovereignty includes the elements of data residency. However, it is further extended in that the stored data is subject to the country’s laws where it resides.
An individual is likely to have different degrees of control over their data privacy depending on the physical location of the server that holds that data. With data sovereignty, where the data is alters what the local government can and can’t do.
What Is Data Localization?
Data localization simply means that any data created within a specific country or border stays there. Once again, this can vary hugely from country to country.
Securing Your Cloud Server
When moving to the cloud, what you are really doing is buying or renting space on someone else’s server. And that server has just as many—if not more—security needs than a server in your own data center.
Where to Start with IBM i Cloud Security
Before you decide to move your IBM i application to the cloud, it’s a good idea to understand how secure your IBM i environment is today. By far, the most effective method is to use the free IBM i Security Scan from HelpSystems. We encourage you to run a scan to establish a baseline before you undertake any migration. With the scan results in hand, you will be able to determine how secure your IBM i is, and what you need to implement to keep it that way in the cloud.
Seek Outside Help from Security Experts
It’s true that the journey to the cloud can introduce a degree of complication. Some instances will require specialized skills and you are right to have concerns about security. But know that you are not alone.
If you run into any challenges or roadblocks, lean on cybersecurity services professionals or your cloud provider. They will most likely have worked with other clients who have been in your same situation and yet successfully moved IBM i workloads to the cloud. You will not be the first to do this.
Many of us have grown used to being able to touch and see our Power Systems server, so moving it to the cloud provider requires a major mental shift, even though we are cognizant of the benefits. But we know you’ll feel a lot better about the move with the right security controls in place.
