The purpose of this blog is to clarify terms and conditions of cloud hosting agreements, and the differences hosting IBM i vs other platforms. Clarity is essential to a good hosting experience.
Disclaimer: iSeries and AS400 are server brand names. IBM i an operating system, like OS400. I use these terms interchangeably to help researchers more easily find what they are looking for on the web.
Let me begin with I believe agreements that clearly explain each party’s responsibilities and expectations are fundamental to ensure a good hosting experience for both the client and the hosting provider.
Further, both parties want clear understanding of security and service level support.
Even so, we encounter prospective hosting clients that have limited understanding of hosting IBM i applications. Consequently, the prospective client wants hosting agreement terms and conditions that makes sense for Windows, UNIX, or Linux that are not applicable to IBM i.
Most recently, I have been working with a multinational enterprise that requires hosting providers to satisfy corporate hosting and security conditions.
First, they require the hosting provider to have anti-virus, anti-malware software that runs on the hosting providers servers. Makes sense for Windows. Does not make much sense for IBM i.
Second, they want the hosting provider’s server to encrypt data at rest. Makes sense for Windows. This makes NO SENSE for us when this client’s applications is at IBM V6.1 and has no data at rest encryption now. Further, from my current point of view, IBM i data at rest should be handled by the user with special programming skills to encrypt key fields within specific records to ensure best performance.
Third, the legal team insists on robust disaster recovery for the hosting environment. While this a reasonable request for the production application software, this does not make economic sense to the customer’s stakeholders for the test environments.
Last, the customer’s proposed amendments make the hosting provider responsible for any data breach or hack. This makes no sense to me because I believe it is the user’s responsibility to properly secure their IBM i environment. This is done with appropriate credentials using user name and profile within the application. As a hosting provider, we offer Infrastructure as a Service. We have NO expertise with the user applications so we are in no position to determine the proper user credentials.
Over the years, from what I have seen, read and heard, IBM i is vulnerable to bad players that have gained access to user name and profile. Most commonly these cases involved disgruntled employees or technical contractors with bad intent. I have read of one case where a hacker accessed a web server via an open port connected to a server running IBM i. The IBM i user’s credentials were accessible on this PC web server. As a result, the hacker was able to access the IBM i.
So what is a reasonable solution in such cases?
It is actually very simple.
The customer needs to have an IBM i liaison to work with the hosting provider and customer’s legal and security team. The customer’s IBM i liaison can educate the legal and security team on the IBM i characteristics so the hosting agreement language can be crafted to satisfy the customer as well as the hosting provider.
When we have had such a liaison, we have had wonderful results.
However, for those prospective clients that are unwilling to understand the unique IBM i characteristics, it is very easy to walk away.
To be candid, if a prospective client is unwilling to understand some fundamental differences between IBM i vs Windows, as a hosting provider we will have a much more difficult time satisfying this customer as time goes on.
Conclusion: Hosting agreements are essential. Security and service level support are significant and must be clear. Best results are achieved when the customer has an IBM i liaison working with their legal and security team and the hosting provider. The legal and security team need someone on their side to explain how the IBM i is different to have the proper context to craft workable hosting agreement amendments.
Interested in IBM i Cloud Hosting for your operation?
Email me at blosey@source-data.com or call me at 714-593-0387.
Leave a Reply