September 5, 2017 | Written by: Jillian F Tempelmeyer and Neetu Jain
Categorized: Network | Security
Share this post:
Contrary to its name, the cloud isn’t always a soft and fluffy place. There can be many points of entry or attack for malicious activity, and no two clients’ needs are the same for security. Industry-specific compliance requirements, business productivity, and company reputation are all driving factors compounding the need for the implementation of physical and software-defined security solutions.
When it comes to securing your network, there’s no such thing as a one-size-fits-all approach. As organizations increasingly leverage critical data and applications in the cloud, you might stop and wonder which security option best suits your needs of your network.
Here’s an introduction to some of our security options to help you make informed decisions when securing your network.
First and foremost, the enforcement of network security to preserve confidentiality and availability is equally as important as the option you choose. IBM Cloud data center personnel follow strictly-controlled identity and access management policies and are aligned with industry and country requirements. IBM maintains—under stringent third-party review—audit reports for compliance certificates tailored to suit your industry needs. IBM Cloud data centers and server exposure to outside threats is further minimized by our redundant, triple-network architecture. As an added-benefit, our 24/7/365 worldwide support team brings enterprise-class security to protect your cloud environment.
That said, security is a shared responsibility between a cloud service provider and consumer. While cloud service providers do their best to secure their infrastructure, offerings, and data centers, consumers must proactively ensure the safety of their workloads in cloud by engaging the right controls, tools, and services which enforce security. As a cloud service provider, we take pride in offering you a wide range of network security offerings, giving you granular control over security services across our global private network.
Our network security options at the instance-level are cost-effective, flexible, and can be provisioned on-the-fly. IBM offers instance-level network protection in the form of operating systems, multi-tenant hardware firewalls, and security groups.
Multi-tenant (shared) firewalls protect individual servers ranging from 10Mbps to 2000Mbps throughput and are provisioned on demand for improved control over inbound traffic. They offer additional management flexibility through the Control Portal and API.
Security compliance requirements for clients such as financial services companies (payment card industry or PCI) may require additional firewall layers between each tier of your cloud network. To deploy multi-tier networks in your cloud, security groups are a valuable option for reduced complexity and enhanced, granular control, while leveraging a cloud-native topology. With security groups, currently in beta, you can leverage a built-in firewall for your virtual servers at no added cost.
To try the security groups beta experience, sign up on our website.
Network-level firewalls are ideal for the enterprise IT administrator to protect against outside threats. This class of network security devices give you greater control over your network protection. They can all be deployed as high-availability (HA) options.
Dedicated hardware firewalls
Dedicated hardware firewalls are managed devices that protect ingress traffic on any or all servers on a single, public VLAN. Firewall rules are applied on a per-IP or a per-subnet basis for ingress traffic.
Virtual Router Appliance
Virtual Router Appliance provides a software-defined virtual router, firewall, and VPN for both IPv4 and IPv6 networks. Customers configure and manage both public and private networks for ingress and egress protection.
FortiGate Security Appliance
FortiGate Security Appliance (FSA) is an enterprise-class, single-tenant device managed by the customer. It protects inbound and outbound traffic on any or all servers on a single, public VLAN. In addition to an anti-virus protection add-on feature, an Intrusion Prevention System (IPS) add-on scans network traffic and blocks malware attacks as a result. FSA is managed via GUI or API, and can also be configured for web filtering, for application-level protection.
Learn more about our network security options