2014 State of IBM i Security Study PDF Print E-mail
Security - IBM i (OS/400, i5/OS)
Written by PowerTech Group, Inc.   
Monday, 09 June 2014 00:00

Support MC Press - Visit Our Sponsors

Forums Sponsor



Search Sponsor



This article introduces the white paper 2014 State of IBM i Security Study available free from the MC White Paper Center.



You sleep soundly, knowing your business's data is protected by IBM i servers. Besides, who would attack your company when major corporations such as Neiman Marcus and Target have vulnerable data?


But then it happens. The data you rely on for day-to-day operations is deleted or corrupted. Or private customer information is stolen, destroying the trust that took years to build.


Maybe cybercriminals targeted your company at random. Maybe an angry former employee wanted revenge. When the damage is done, you won't ask who or why. You'll ask, "Can my business recover?"


System administrators and IT managers rely on Power Systems servers running IBM i because of their well-deserved reputation for impenetrable security. But the data from the 2014 State of IBM i Security Study shows improper configuration settings chip away at the level of security provided by IBM i.


When cybersecurity threats include criminals around the world as well as your own employees, relying on default security settings endangers your business's future. Although some businesses have the financial and personnel resources to survive a cyberattack, many others do not.


Because tools to access data on IBM i servers are widely available on the Internet, IBM allows administrators to monitor and restrict network access through exit programs. Few have implemented such measures. This unmonitored network access, combined with overly powerful users and lax system auditing, leaves your server vulnerable to internal and external threats.


The State of IBM i Security Study is designed to help executives, IT managers, system administrators, and auditors understand the full extent of IBM i security exposures and how to correct them effectively and economically.

Why This Study Is Important

Last year marked the 25th birthday of the AS/400, as well as the 10th anniversary of the State of IBM i Security Study. From the AS/400 to iSeries, System i, and finally Power Systems running IBM i, PowerTech has followed the evolution and provided invaluable security insight from more than 1,900 servers worldwide. The results from the 2014 study, and the universal nature of IBM i vulnerabilities, lead us to conclude that if you have IBM i systems in your data center, your organization might suffer from similar internal control deficiencies.

What This Study Means for You

Your IBM i server likely runs your mission-critical business applications—and has been for 20 years or more—but the staff that set up server security is long gone.


To complicate things, the integrated nature of many IBM i security controls has caused confusion over who is responsible for the configuration—IBM, the customer, or the application provider. As such, many systems operate with default settings due to lack of ownership.


You know an IBM i audit is long overdue, but you're too busy grappling with:

• Knowledge gaps

• Overextended staff

• Lean IT budgets


Because Windows and UNIX platforms tend to require more resources to secure them, it's much easier to let IBM i security projects take a back seat.


Consequently, as threats loom ever greater, the administration of IBM i security controls has lapsed and guards are down.


Here's the good news: the weaknesses identified through our assessments and documented in this study are caused by poor or missing configurations that can—and should—be corrected.


This study shows you the most common and dangerous IBM i security exposures; outlines best practices for improvement; and explains how these relate to compliance legislation, industry regula­tions, and IT guidelines and standards.

PowerTech Group, Inc.
About the Author:

PowerTech provides security software solutions for access control, vulnerability assessment, and compliance management on IBM AS/400 (System i) servers. The award- winning, ServerProven security solutions deliver ongoing protection and peace of mind. As an IBM Advanced Business Partner with over 1,000 customers worldwide, PowerTech leads the industry in raising awareness of IBM AS/400 security issues and solutions through auditor training, by hosting the iNSIGHT security and compliance conference each year and by publishing the annual security study: The State of IBM AS/400 (System i) Security. Seattle, WA-based PowerTech Group was founded by security experts in 1996.

To find out more about PowerTech Group, Inc. and its products see their listings in the MC Showcase Buyer's Guide.  


Last Updated on Friday, 06 June 2014 14:11
User Rating: / 0