A new security paradigm for the cloud, PowerSC defines your known "good" system rather than  try to defend against a known "bad" threat.

Written by Chris Smith

With the proliferation of virtual systems and internal cloud environments, all aspects of system administration have become more complex and challenging. As expected, this includes managing IBM Power Systems security on each of the virtual servers you create, any one of which can present new threat vulnerabilities.

Most companies tend to look at security compliance as an event and think that if they can make it through an audit just one time, they will be OK.

Written by John Vanderwall

Editor's Note: This article is an extract of the white paper "The Hidden Cost of Compliance" available for free download from the MC White Paper Center.

I found myself in an interesting conversation with a friend of mine recently. He's in IT management for a division of a large storage area network (SAN) provider. When I asked about his job, he quickly lamented that he didn't like his job at the moment because he was too often caught up doing "busy" work and wasn't able to take on projects that would have the potential to affect his company's bottom line.

Protecting sensitive personal data is mandated by a host of laws and standards. But what's the best method? There's the rub.

Written by John Ghrist

Of Social Security numbers (SSNs), credit card numbers, health records, and financial information, which is the most sensitive data? The good news is that there's no wrong answer. They're all "the most sensitive," depending on context and your line of business. The bad news is that protecting any of these types of information is both required and potentially expensive whether you succeed or fail to keep them secret—the latter of course being far worse.

Here are some recommendations for managing users on IBM Power Systems when time is of the essence.

Written by Martin Norman

Editor's Note: This article is an extract of the white paper "Five Shortcuts to Sensible Operational Security" available free from the MC White Paper Center.

The last 10 years have seen drastic changes in the importance and relevance of security and audit issues. I am sure we all recall at least one incident in which a software or hardware product had been rebadged or maybe just remarketed for whatever that year's hot security subject was. Many vendors were claiming to provide the only path to total compliance with the security standards of the day, and if you did not buy their products, you would find yourself in jail.

This technology isn't "bleeding edge" anymore. Now, it's solving real business problems.

Written by Pat Botz

It may surprise you to learn that IBM i shops are beginning to exploit biometric authentication. But it's true. Even though many people still believe that biometric authentication is "bleeding edge" technology, your compatriots in the IBM i world are successfully implementing it.

The recent breach of the Sony PlayStation Network calls into question the security and reporting practices of cloud vendors and suggests greater diligence in reviewing their service-level agreements.

Written by Carol Woodbury

Editor's Note: This article introduces the Webcast "Coffee with Carol: Security and the Cloud—Blue Skies or Major Storm" available for free download from the MC Webcast Center.

Is the cloud a security storm waiting to unleash its fury or sunny skies that will make you relax and relinquish all of your security cares? The recent breach of the Sony PlayStation Network created headlines, and when the dust settled, it turned out to be the second-largest online data breach in U.S. history. The fact that the attack on Sony was launched from a "public cloud" brings into question the security policies and reporting of cloud vendors.

In a PCI DSS audit, all systems, applications, and processes that have access to credit card information—whether encrypted or unencrypted—are considered in scope.

Written by Liaison Technologies (formerly nuBridges, Inc.)

Editor's Note: This article is an extract of the white paper Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data available free from the MC White Paper Center.

Enterprises are seeking ways to simplify and reduce the scope of the Payment Card Industry's Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organizations. By reducing the scope, these enterprises can dramatically lower the cost and anxiety of PCI DSS compliance and significantly increase the chance of audit success.

It may take a bit of investigation to determine exactly what authorities programmers require, but they rarely need all-encompassing special authorities.

Written by Carol Woodbury

Editor's Note: This article is an extract of the white paper "What Authorities Do Programmers Really Need?" available free from the  MC White Paper Center.

Laws and regulations require that users be given only enough authority to do the tasks associated with their jobs. In addition, auditors require IT departments to reduce the number of "powerful" users on the system. As a result, the programming staff comes under scrutiny. Why? Because they have often been given lots of power in the past. In i5/OS terms, that means programmers have been given the *ALLOBJ special authority. The question I am often asked is, "What authorities do programmers need to do their jobs?" Unfortunately, the answer is, "That depends." This article looks at how you can determine the answer to this question for your environment and also explains what authorities programmers do not need.