40Cloud addresses these security challenges and more, providing an end-to-end
security solution for IBM’s cloud infrastructure.
This inclusive solution, delivered in a SaaS model, encrypts VPN links to
interconnect all your IBM Cloud locations with each other and to your company’s
40Cloud’s automation enables DevOps teams and IT administrators to fully
orchestrate network security policies throughout cloud-based software development,
production and ongoing administration assignments.
The Gateways are the enforcement point of Access Control Policies and define the only entry-points to your IBM Cloud deployment. The Gateways are software routers that are self-installed, usually one per IBM Cloud private VLAN.
Each Gateway is installed on a dedicated virtual server and they can be interconnected in a mesh of VPN links to other Gateways and to on-premise firewall devices. All employees, remote users and partners who access your cloud servers will connect to the Gateways using standard VPN technology, and will have their identity authenticated and their authorization profiles enforced.
Web Admin Console
The 40Cloud Web Admin Console enables configuration and monitoring all aspects of cloud security. Using the intuitive UI it’s easy to monitor network connectivity status, system events and alarms.
In addition, System Administrators, Security and/or DevOps teams can utilize the Web Admin Console to configure firewall policies, user roles and access rules, as well as build the static VPN connectivity.
How It Works
IBM USE CASES
The 40Cloud solution encrypts your company’s data in-motion on every hop
and automates network security policies to control access to your company’s resources.
Secure Business Continuity
40Cloud’s single and dual Gateway High Availability (HA) setups enhance IBM Cloud’s resilience and assurance of business continuity. 40Cloud’s High Availability solution provides fast and automatic recovery should network, tunnel and Gateway outages occur.
Scalable Software Defined Security
With 40Cloud’s streamlined and simplified network security solution, software-defined security can be easily incorporated within DevOps and production environments, enabling maximum agility for new projects. 40Cloud’s northbound REST APIs enable automated configuration and orchestration of firewall and identity-based access policies as well as dynamically controlling the network topology.
40Cloud’s solution securely connects multiple private subnets on one or several data-centers (e.g. in a mesh setup) together with remote enterprise sites. In addition, 40Cloud unifies global firewall policies and relevant security settings into a single, coherent network-wide security policy.
Identity-based Network Access
Authorization profiles are enforced on all remote VPN users by means of central, identity-based Access Rights policies (i.e., who can access what). These policies enable you to centrally control back-end access to your entire IBM Cloud deployment, so that no one gains access unless they are authenticated. In addition, these policies can be integrated with existing (on-premise or cloud-based) identity-based authentication and authorization systems, such as Active Directory (AD), LDAP or RADIUS.
40Cloud delivers a dynamic security solution that scales as your organization adds users, data traffic, devices and geographic locations. The solution secures your data in transit, allowing you to build on IBM Cloud’s virtually always-available data, applications and server environments.
The SaaS-based solution provides the flexibility for you to scale as required, with a variety of plans to fit your specific requirements. Since in-house security expertise is hardly required, reduced operating costs are another welcome benefit of 40Cloud’s simplified and automated network security solution.
All networking and access related security tasks are automated with APIs that offer automation of security and network configurations. Centralized management streamlines security policy management across your entire deployment.
40Cloud’s intuitive UI provides full visibility of the cloud deployments. The notification and logging mechanisms add real time alert and forensic capabilities, so that System Administrators are able to better control and monitor their secure cloud network. All security configurations are performed using policies, requiring minimal manual intervention.