A new security paradigm for the cloud, PowerSC defines your known "good" system rather than  try to defend against a known "bad" threat.

Written by Chris Smith

With the proliferation of virtual systems and internal cloud environments, all aspects of system administration have become more complex and challenging. As expected, this includes managing IBM Power Systems security on each of the virtual servers you create, any one of which can present new threat vulnerabilities.

Most companies tend to look at security compliance as an event and think that if they can make it through an audit just one time, they will be OK.

Written by John Vanderwall

Editor's Note: This article is an extract of the white paper "The Hidden Cost of Compliance" available for free download from the MC White Paper Center.

I found myself in an interesting conversation with a friend of mine recently. He's in IT management for a division of a large storage area network (SAN) provider. When I asked about his job, he quickly lamented that he didn't like his job at the moment because he was too often caught up doing "busy" work and wasn't able to take on projects that would have the potential to affect his company's bottom line.

The recent breach of the Sony PlayStation Network calls into question the security and reporting practices of cloud vendors and suggests greater diligence in reviewing their service-level agreements.

Written by Carol Woodbury

Editor's Note: This article introduces the Webcast "Coffee with Carol: Security and the Cloud—Blue Skies or Major Storm" available for free download from the MC Webcast Center.

Is the cloud a security storm waiting to unleash its fury or sunny skies that will make you relax and relinquish all of your security cares? The recent breach of the Sony PlayStation Network created headlines, and when the dust settled, it turned out to be the second-largest online data breach in U.S. history. The fact that the attack on Sony was launched from a "public cloud" brings into question the security policies and reporting of cloud vendors.

In a PCI DSS audit, all systems, applications, and processes that have access to credit card information—whether encrypted or unencrypted—are considered in scope.

Written by Liaison Technologies (formerly nuBridges, Inc.)

Editor's Note: This article is an extract of the white paper Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data available free from the MC White Paper Center.

Enterprises are seeking ways to simplify and reduce the scope of the Payment Card Industry's Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organizations. By reducing the scope, these enterprises can dramatically lower the cost and anxiety of PCI DSS compliance and significantly increase the chance of audit success.

System administrators and programmers are feeling the pinch of numerous regulations that are interfering with how they do their jobs.

Written by Carol Woodbury

Editor's Note: This article is an extract of the white paper "You Don't Trust Me Anymore!"  available free from the MC White Paper Center. 

This may be the cry of your teenagers as you impose earlier curfews and restrictions on where they can roam. But usually, they've done something to deserve the curbs you're trying to place on their behavior. Unfortunately, the cry I often hear is coming from administrators and programmers as restrictions are being placed on their actions and the functions they are allowed to perform on the system. The difference between these folks and your teenagers is that they haven't done anything to "deserve" the restrictions. And that's their complaint: "What have I done? I've never stolen from the company and never will. Why are you taking away my ability to perform my job?"

Applications that help IBM i managers monitor security events, support audits, and comply with regulations and standards continue to be vital.

Written by John Ghrist

The corporate audit for assuring that your enterprise is adhering to laws and regulations governing information protection has gotten to be as routine as filing your annual corporate taxes. The critical questions have changed from "how will we deal with this?" to "how can we streamline this unavoidable necessity?" and "what's new in laws and standards that we have to watch out for?"

KST Software gives users a free taste of its security solution that can monitor individual files—as well as users.

Written by Chris Smith

Perhaps I'm overly materialistic, but if there is one word I like over all others, it's "free." For the next three months, IBM i users in certain markets can download and activate KST Software's DataTrigger security program at no charge.

KST is an Israeli company that has a unique take on security: it uses IBM's trigger technology to monitor changes to the database and notify the administrator or security officer through an alert. The technique hasn't gained widespread use largely because of the overhead that triggers place on system resources. With IBM's newer high-performance processors, however, such work is of little consequence nowadays, according to KST.

When data goes "wrong," it's time to mount a strategy.

Written by Thomas M. Stockwell

Where is the truth in numbers? Who is responsible when data discrepancy occurs? How can upper management be certain that what they see reflected in their reports accurately represents the truth of what is found in any particular manufacturing process, inventory shelf, sales achievement, or future projection?

These questions are particularly important as organizations use business intelligence (BI) applications to pull together the data generated by separate software packages into a global picture of the enterprise as a whole. And until these questions are addressed through data governance, no one can vouch that the numbers they are using represent a picture of the reality that your management can believe.