Network

Keep your cloud safe with IBM network security services

Share this post:

Contrary to its name, the cloud isn’t always a soft and fluffy place. There can be many points of entry or attack for malicious activity, and no two clients’ needs are the same for security. Industry-specific compliance requirements, business productivity, and company reputation are all driving factors compounding the need for the implementation of physical and software-defined security solutions.

When it comes to securing your network, there’s no such thing as a one-size-fits-all approach. As organizations increasingly leverage critical data and applications in the cloud, you might stop and wonder which security option best suits your needs of your network.

Here’s an introduction to some of our security options to help you make informed decisions when securing your network.

Controlled access

First and foremost, the enforcement of network security to preserve confidentiality and availability is equally as important as the option you choose. IBM Cloud data center personnel follow strictly-controlled identity and access management policies and are aligned with industry and country requirements. IBM maintains—under stringent third-party review—audit reports for compliance certificates tailored to suit your industry needs. IBM Cloud data centers and server exposure to outside threats is further minimized by our redundant, triple-network architecture. As an added-benefit, our 24/7/365 worldwide support team brings enterprise-class security to protect your cloud environment.

That said, security is a shared responsibility between a cloud service provider and consumer. While cloud service providers do their best to secure their infrastructure, offerings, and data centers, consumers must proactively ensure the safety of their workloads in cloud by engaging the right controls, tools, and services which enforce security. As a cloud service provider, we take pride in offering you a wide range of network security offerings, giving you granular control over security services across our global private network.

Instance-level protection

Our network security options at the instance-level are cost-effective, flexible, and can be provisioned on-the-fly. IBM offers instance-level network protection in the form of operating systems, multi-tenant hardware firewalls, and security groups.

Multi-tenant (shared) firewalls protect individual servers ranging from 10Mbps to 2000Mbps throughput and are provisioned on demand for improved control over inbound traffic. They offer additional management flexibility through the Control Portal and API.

Security compliance requirements for clients such as financial services companies (payment card industry or PCI) may require additional firewall layers between each tier of your cloud network. To deploy multi-tier networks in your cloud, security groups are a valuable option for reduced complexity and enhanced, granular control, while leveraging a cloud-native topology. With security groups, currently in beta, you can leverage a built-in firewall for your virtual servers at no added cost.

To try the security groups beta experience, sign up on our website.

Network-level protection

Network-level firewalls are ideal for the enterprise IT administrator to protect against outside threats. This class of network security devices give you greater control over your network protection. They can all be deployed as high-availability (HA) options.

Dedicated hardware firewalls

Dedicated hardware firewalls are managed devices that protect ingress traffic on any or all servers on a single, public VLAN. Firewall rules are applied on a per-IP or a per-subnet basis for ingress traffic.

Virtual Router Appliance

Virtual Router Appliance provides a software-defined virtual router, firewall, and VPN for both IPv4 and IPv6 networks. Customers configure and manage both public and private networks for ingress and egress protection.

FortiGate Security Appliance

FortiGate Security Appliance (FSA) is an enterprise-class, single-tenant device managed by the customer. It protects inbound and outbound traffic on any or all servers on a single, public VLAN. In addition to an anti-virus protection add-on feature, an Intrusion Prevention System (IPS) add-on scans network traffic and blocks malware attacks as a result. FSA is managed via GUI or API, and can also be configured for web filtering, for application-level protection.

Offering Management, IBM Cloud network

More Network stories
May 6, 2019

Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains

IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.

Continue reading

April 11, 2019

How to Automate TLS Certificate Rotation to Avoid Outages

In this post, we'll share how you can make sure you have end-to-end protection for data in transit without running into any TLS certificate expiry issues.

Continue reading

April 9, 2019

Track Your Cloud Activities Using IBM Cloud Activity Tracker with LogDNA

With IBM Cloud Activity Tracker with LogDNA, you can improve the security monitoring of your application by setting alerts for user access patterns and gain greater trackability for how your Cloud Service and Cloud Account is being used, configured, and accessed.

Continue reading