|2014 State of IBM i Security Study|
|Security - IBM i (OS/400, i5/OS)|
|Written by PowerTech Group, Inc.|
|Monday, 09 June 2014 00:00|
You sleep soundly, knowing your business's data is protected by IBM i servers. Besides, who would attack your company when major corporations such as Neiman Marcus and Target have vulnerable data?
But then it happens. The data you rely on for day-to-day operations is deleted or corrupted. Or private customer information is stolen, destroying the trust that took years to build.
Maybe cybercriminals targeted your company at random. Maybe an angry former employee wanted revenge. When the damage is done, you won't ask who or why. You'll ask, "Can my business recover?"
System administrators and IT managers rely on Power Systems servers running IBM i because of their well-deserved reputation for impenetrable security. But the data from the 2014 State of IBM i Security Study shows improper configuration settings chip away at the level of security provided by IBM i.
When cybersecurity threats include criminals around the world as well as your own employees, relying on default security settings endangers your business's future. Although some businesses have the financial and personnel resources to survive a cyberattack, many others do not.
Because tools to access data on IBM i servers are widely available on the Internet, IBM allows administrators to monitor and restrict network access through exit programs. Few have implemented such measures. This unmonitored network access, combined with overly powerful users and lax system auditing, leaves your server vulnerable to internal and external threats.
The State of IBM i Security Study is designed to help executives, IT managers, system administrators, and auditors understand the full extent of IBM i security exposures and how to correct them effectively and economically.
Why This Study Is Important
Last year marked the 25th birthday of the AS/400, as well as the 10th anniversary of the State of IBM i Security Study. From the AS/400 to iSeries, System i, and finally Power Systems running IBM i, PowerTech has followed the evolution and provided invaluable security insight from more than 1,900 servers worldwide. The results from the 2014 study, and the universal nature of IBM i vulnerabilities, lead us to conclude that if you have IBM i systems in your data center, your organization might suffer from similar internal control deficiencies.
What This Study Means for You
Your IBM i server likely runs your mission-critical business applications—and has been for 20 years or more—but the staff that set up server security is long gone.
To complicate things, the integrated nature of many IBM i security controls has caused confusion over who is responsible for the configuration—IBM, the customer, or the application provider. As such, many systems operate with default settings due to lack of ownership.
You know an IBM i audit is long overdue, but you're too busy grappling with:
• Knowledge gaps
• Overextended staff
• Lean IT budgets
Because Windows and UNIX platforms tend to require more resources to secure them, it's much easier to let IBM i security projects take a back seat.
Consequently, as threats loom ever greater, the administration of IBM i security controls has lapsed and guards are down.
Here's the good news: the weaknesses identified through our assessments and documented in this study are caused by poor or missing configurations that can—and should—be corrected.
This study shows you the most common and dangerous IBM i security exposures; outlines best practices for improvement; and explains how these relate to compliance legislation, industry regulations, and IT guidelines and standards.
|Last Updated on Friday, 06 June 2014 14:11|