Every user I speak to about hosting is concerned about the security of their applications and their critical data.
This post discusses 5 methods to secure hosted IBM i applications and data.
1) IBM i Secure Foundation
The IBM i operating system is proprietary and unique in its design. I have attached a summary of the IBM i Secure Foundation from a very helpful website:
http://www-03.ibm.com/systems/power/software/i/security/integrity.html
Quite simply, unlike other operating systems, IBM i limits what can be done at various levels of the system. This means that only approved objects (or program commands) can execute in the hardware, the firmware (the programmable devices on the motherboard and attach features), the proprietary kernel (the “traffic cop” that handles I/O requests from the software) and the operating system.
Simply put, a hacker that attempts to break into the IBM i system must have specific knowledge of key commands of the IBM i version- and PTF- levels. To be sure, the IBM i architecture is a closely guarded secret. That IBM i is over 16 billion lines of code renders it virtually impossible to break. To date, there are no documented cases of any IBM i compromises.
2) User Profile and Password
For any person to access critical data running on IBM i, the user needs an approved User Profile and Password. Your Systems Administrator manages the User Profile, not Cloud400.
The User Profile also defines what applications a user may access and what data the user may access. A user can be locked out of applications. A user may also be locked out from accessing or updating data.
Good security starts with protecting the User Profile and Passwords. The User Profile with the highest level of security should be a closely guarded secret within an organization with limits as to who may use it.
3) Encrypt Data At Rest
Security can be improved by encrypting critical data stored in your application. This data is called “data at rest.” This is an extra security measure should an unauthorized person ever break into the IBM i without User Profile and Password, your data is unreadable through encryption.
4) Private IP Address
Cloud400 uses private IP addresses. Unless someone knows your private IP address, they don’t know where to look. While this seems a “low-tech” solution, it is still very effective as the “bad guys” cannot easily find you or your data.
5) VPN Encryption
Virtual Private Network (VPN) is the most common way our clients connect to Cloud400. The VPN is encrypted. While you and Cloud400 connect over the Internet, the connection is private and encrypted so your critical data cannot be intercepted and “cracked.” The VPN encryption algorithm would take a super-computer using “brute force” 80 billion years to crack the code.
Share your thoughts about this post.
Leave a Reply